Bug 328975 - [Webapp] Possible security issue with JSP code exposure.R36x_v20110210

author: Thomas Watson 2010-11-01 17:46:25 +0000
committer: Thomas Watson 2010-11-01 17:46:25 +0000
commit: 50bdbc2c18bd697082cfdb2f545981b471c9b0e6 (patch)
tree: b3079b7092e246208748d2803db5d10b473ac9c1 /bundles
parent: 31bac297d1a539cfe243981d10572ea3c1dcb2e3 (diff)
download: rt.equinox.framework-50bdbc2c18bd697082cfdb2f545981b471c9b0e6.tar.gz
rt.equinox.framework-50bdbc2c18bd697082cfdb2f545981b471c9b0e6.tar.xz
rt.equinox.framework-50bdbc2c18bd697082cfdb2f545981b471c9b0e6.zip
4 files changed, 133 insertions, 3 deletions
diff --git a/bundles/org.eclipse.osgi.tests/META-INF/MANIFEST.MF b/bundles/org.eclipse.osgi.tests/META-INF/MANIFEST.MF
index 67a59c2fd..fda155968 100644
--- a/bundles/org.eclipse.osgi.tests/META-INF/MANIFEST.MF
+++ b/bundles/org.eclipse.osgi.tests/META-INF/MANIFEST.MF
@@ -2,7 +2,7 @@ Manifest-Version: 1.0
 Bundle-ManifestVersion: 2
 Bundle-Name: Core OSGi Tests
 Bundle-SymbolicName: org.eclipse.osgi.tests;singleton:=true
-Bundle-Version: 3.6.0
+Bundle-Version: 3.6.2
 Bundle-ClassPath: osgitests.jar
 Bundle-Vendor: Eclipse.org
 Bundle-Localization: plugin
diff --git a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleResourceTests.java b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleResourceTests.java
new file mode 100644
index 000000000..8d844ecbb
--- /dev/null
+++ b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleResourceTests.java
@@ -0,0 +1,86 @@
+/*******************************************************************************
+ * Copyright (c) 2010 IBM Corporation and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ *     IBM Corporation - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.osgi.tests.bundles;
+
+import java.util.Enumeration;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+import org.eclipse.core.tests.harness.CoreTest;
+import org.eclipse.osgi.tests.OSGiTestsActivator;
+import org.osgi.framework.*;
+
+public class BundleResourceTests extends CoreTest {
+	private BundleInstaller installer;
+
+	protected void setUp() throws Exception {
+		try {
+			installer = new BundleInstaller(OSGiTestsActivator.TEST_FILES_ROOT + "resourcetests/bundles", OSGiTestsActivator.getContext()); //$NON-NLS-1$
+		} catch (InvalidSyntaxException e) {
+			fail("Failed to create bundle installer", e); //$NON-NLS-1$
+		}
+	}
+
+	protected void tearDown() throws Exception {
+		installer.shutdown();
+	}
+
+	public static Test suite() {
+		return new TestSuite(BundleResourceTests.class);
+	}
+
+	public void testBug328795() throws BundleException {
+		Bundle bundle = installer.installBundle("test"); //$NON-NLS-1$
+		checkEntries(bundle, "notFound\\", 0); // this results in invalid syntax exception which is logged because of trailing escape
+		checkEntries(bundle, "notFound\\\\", 0); // test escaped escape "notFound\"
+		checkEntries(bundle, "notFound(", 0); // test unescaped trailing (
+		checkEntries(bundle, "notFound\\(", 0); // test escaped trailing (
+		checkEntries(bundle, "notFound)", 0); // test unescaped trailing )
+		checkEntries(bundle, "notFound\\)", 0); // test escaped trailing )
+		checkEntries(bundle, "notFound*", 0); // test trailing unescaped *
+		checkEntries(bundle, "notFound\\*", 0); // test trailing escaped *
+		checkEntries(bundle, "paren(.txt", 1); // test unescaped ( -> should find one
+		checkEntries(bundle, "paren\\(.txt", 1); // test escaped ( -> should find one
+		checkEntries(bundle, "paren\\\\(.txt", 0); // test escaped escape before unescaped ( -> should find none; looks for paren\(.txt file
+		checkEntries(bundle, "paren).txt", 1); // test unescaped ) -> should find one
+		checkEntries(bundle, "paren\\).txt", 1); // test escaped ) -> should find one
+		checkEntries(bundle, "paren\\\\).txt", 0); // test escaped escape before unescaped ) -> should find none; looks for paren\).txt file
+		checkEntries(bundle, "paren(", 1); // test unescaped trailing ( -> should find one
+		checkEntries(bundle, "paren\\(", 1); // test escaped trailing ( -> should find one
+		checkEntries(bundle, "paren\\\\(", 0); // test escaped escape before ( -> should find none; looks for paren\(
+		checkEntries(bundle, "paren)", 1); // test unescaped trailing ( -> should find one
+		checkEntries(bundle, "paren\\)", 1); // test escaped trailing ( -> should find one
+		checkEntries(bundle, "paren\\\\)", 0); // test escaped escape before ) -> should find none; looks for paren\)
+		checkEntries(bundle, "paren*", 4); // test trailing wild cards
+		checkEntries(bundle, "paren*.txt", 2); // test middle wild cards
+		checkEntries(bundle, "paren\\*", 0); // test escaped wild card -> should find none; looks for paren*
+		checkEntries(bundle, "paren\\\\*", 0); // test escaped escape before wild card -> should find none; looks for paren\*
+		checkEntries(bundle, "p*r*n*", 4); // test multiple wild cards
+		checkEntries(bundle, "p*r*n*.txt", 2); // test multiple wild cards
+		checkEntries(bundle, "*)*", 2);
+		checkEntries(bundle, "*(*", 2);
+		checkEntries(bundle, "*\\)*", 2);
+		checkEntries(bundle, "*\\(*", 2);
+	}
+
+	private void checkEntries(Bundle bundle, String filePattern, int expectedNumber) {
+		Enumeration entries = bundle.findEntries("folder", filePattern, false);
+		if (expectedNumber == 0) {
+			assertNull("Expected nothing here.", entries);
+			return;
+		}
+		int i = 0;
+		while (entries.hasMoreElements()) {
+			entries.nextElement();
+			i++;
+		}
+		assertEquals("Unexpected number of entries", expectedNumber, i);
+	}
+}
diff --git a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleTests.java b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleTests.java
index e0bb723d5..ad452ef3b 100644
--- a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleTests.java
+++ b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleTests.java
@@ -16,6 +16,7 @@ import junit.framework.TestSuite;
 public class BundleTests {
 	public static Test suite() {
 		TestSuite suite = new TestSuite(BundleTests.class.getName());
+		suite.addTest(BundleResourceTests.suite());
 		suite.addTest(BundleInstallUpdateTests.suite());
 		suite.addTest(SystemBundleTests.suite());
 		suite.addTest(BundleExceptionTests.suite());
diff --git a/bundles/org.eclipse.osgi/core/framework/org/eclipse/osgi/framework/internal/core/AbstractBundle.java b/bundles/org.eclipse.osgi/core/framework/org/eclipse/osgi/framework/internal/core/AbstractBundle.java
index 1e10d791e..4e3397285 100644
--- a/bundles/org.eclipse.osgi/core/framework/org/eclipse/osgi/framework/internal/core/AbstractBundle.java
+++ b/bundles/org.eclipse.osgi/core/framework/org/eclipse/osgi/framework/internal/core/AbstractBundle.java
@@ -1383,11 +1383,14 @@ public abstract class AbstractBundle implements Bundle, Comparable, KeyedElement
 		if (filePattern != null)
 			try {
 				// create a file pattern filter with 'filename' as the key
-				patternFilter = FilterImpl.newInstance("(filename=" + filePattern + ")"); //$NON-NLS-1$ //$NON-NLS-2$
+				patternFilter = FilterImpl.newInstance("(filename=" + sanitizeFilterInput(filePattern) + ")"); //$NON-NLS-1$ //$NON-NLS-2$
 				// create a single hashtable to be shared during the recursive search
 				patternProps = new Hashtable(2);
 			} catch (InvalidSyntaxException e) {
-				// cannot happen
+				// something unexpected happened; log error and return nothing
+				Bundle b = framework.systemBundle;
+				framework.publishFrameworkEvent(FrameworkEvent.ERROR, b, e);
+				return null;
 			}
 		// find the local entries of this bundle
 		findLocalEntryPaths(path, patternFilter, patternProps, recurse, pathList);
@@ -1450,6 +1453,46 @@ public abstract class AbstractBundle implements Bundle, Comparable, KeyedElement
 		};
 	}
 
+	private String sanitizeFilterInput(String filePattern) throws InvalidSyntaxException {
+		StringBuffer buffer = null;
+		boolean foundEscape = false;
+		for (int i = 0; i < filePattern.length(); i++) {
+			char c = filePattern.charAt(i);
+			switch (c) {
+				case '\\' :
+					// we either used the escape found or found a new escape.
+					foundEscape = foundEscape ? false : true;
+					if (buffer != null)
+						buffer.append(c);
+					break;
+				case '(' :
+				case ')' :
+					if (!foundEscape) {
+						if (buffer == null) {
+							buffer = new StringBuffer(filePattern.length() + 16);
+							buffer.append(filePattern.substring(0, i));
+						}
+						// must escape with '\'
+						buffer.append('\\');
+					} else {
+						foundEscape = false; // used the escape found
+					}
+					if (buffer != null)
+						buffer.append(c);
+					break;
+				default :
+					// if we found an escape it has been used
+					foundEscape = false;
+					if (buffer != null)
+						buffer.append(c);
+					break;
+			}
+		}
+		if (foundEscape)
+			throw new InvalidSyntaxException("Trailing escape characters must be escaped.", filePattern); //$NON-NLS-1$
+		return buffer == null ? filePattern : buffer.toString();
+	}
+
 	protected void findLocalEntryPaths(String path, Filter patternFilter, Hashtable patternProps, boolean recurse, List pathList) {
 		Enumeration entryPaths = bundledata.getEntryPaths(path);
 		if (entryPaths == null)
author	Thomas Watson	2010-11-01 17:46:25 +0000
committer	Thomas Watson	2010-11-01 17:46:25 +0000
commit	50bdbc2c18bd697082cfdb2f545981b471c9b0e6 (patch)
tree	b3079b7092e246208748d2803db5d10b473ac9c1 /bundles
parent	31bac297d1a539cfe243981d10572ea3c1dcb2e3 (diff)
download	rt.equinox.framework-50bdbc2c18bd697082cfdb2f545981b471c9b0e6.tar.gz rt.equinox.framework-50bdbc2c18bd697082cfdb2f545981b471c9b0e6.tar.xz rt.equinox.framework-50bdbc2c18bd697082cfdb2f545981b471c9b0e6.zip