Merge branch 'master' into twatson/container

Conflicts:
	bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/storage/bundlefile/DirBundleFile.java
	bundles/org.eclipse.osgi/defaultAdaptor/src/org/eclipse/osgi/internal/baseadaptor/BaseStorage.java
	bundles/org.eclipse.osgi/eclipseAdaptor/src/org/eclipse/core/runtime/internal/adaptor/EclipseLazyStarter.java

6 files changed, 135 insertions, 16 deletions

diff --git a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleResourceTests.java b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleResourceTests.java
index b97c1a0fb..12f9751ea 100644
--- a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleResourceTests.java
+++ b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleResourceTests.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2010, 2011 IBM Corporation and others.
+ * Copyright (c) 2010, 2013 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
@@ -15,6 +15,7 @@ import java.util.Enumeration;
 import junit.framework.Test;
 import junit.framework.TestSuite;
 import org.eclipse.core.tests.harness.CoreTest;
+import org.eclipse.osgi.service.environment.EnvironmentInfo;
 import org.eclipse.osgi.tests.OSGiTestsActivator;
 import org.osgi.framework.*;
 
@@ -65,6 +66,30 @@ public class BundleResourceTests extends CoreTest {
 		assertNotNull("Did not find resource!", paths);
 	}
 
+	public void testBug395274() throws Exception {
+		ServiceReference<EnvironmentInfo> infoRef = OSGiTestsActivator.getContext().getServiceReference(EnvironmentInfo.class);
+		EnvironmentInfo info = OSGiTestsActivator.getContext().getService(infoRef);
+		String original = info.setProperty("osgi.strictBundleEntryPath", "true");
+		try {
+			Bundle bundle = installer.installBundle("test"); //$NON-NLS-1$
+			URL path = bundle.getEntry("META-INF./MANIFEST.MF");
+			assertNull("found resource!", path);
+			path = bundle.getEntry("META-INF/MANIFEST.MF");
+			assertNotNull("Did not find resource!", path);
+			path = bundle.getEntry("folder/file1.TXT");
+			assertNull("found resource!", path);
+			path = bundle.getEntry("folder/file1.txt");
+			assertNotNull("Did not find resource!", path);
+			checkEntries(bundle, "/./file1.txt", 1);
+			checkEntries(bundle, "//file1.txt", 1);
+			checkEntries(bundle, "/", 1);
+			checkEntries(bundle, "/.", 1);
+		} finally {
+			info.setProperty("osgi.strictBundleEntryPath", original);
+			OSGiTestsActivator.getContext().ungetService(infoRef);
+		}
+	}
+
 	public void testBug328795() throws BundleException {
 		Bundle bundle = installer.installBundle("test"); //$NON-NLS-1$
 		checkEntries(bundle, "notFound\\", 0); // this results in invalid syntax exception which is logged because of trailing escape
diff --git a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/framework/EquinoxConfiguration.java b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/framework/EquinoxConfiguration.java
index 3b69ae97c..e0a7580ea 100644
--- a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/framework/EquinoxConfiguration.java
+++ b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/framework/EquinoxConfiguration.java
@@ -178,6 +178,8 @@ public class EquinoxConfiguration implements EnvironmentInfo {
 	public static final String PROP_FORCED_RESTART = "osgi.forcedRestart"; //$NON-NLS-1$
 	public static final String PROP_IGNORE_USER_CONFIGURATION = "eclipse.ignoreUserConfiguration"; //$NON-NLS-1$
 
+	public static final String PROPERTY_STRICT_BUNDLE_ENTRY_PATH = "osgi.strictBundleEntryPath";//$NON-NLS-1$
+
 	private final static Collection<String> populateInitConfig = Arrays.asList(PROP_OSGI_ARCH, PROP_OSGI_OS, PROP_OSGI_WS, PROP_OSGI_NL, FRAMEWORK_OS_NAME, FRAMEWORK_OS_VERSION, FRAMEWORK_PROCESSOR, FRAMEWORK_LANGUAGE);
 
 	EquinoxConfiguration(Map<String, ?> initialConfiguration, HookRegistry hookRegistry) {
@@ -459,6 +461,9 @@ public class EquinoxConfiguration implements EnvironmentInfo {
 
 	@Override
 	public String setProperty(String key, String value) {
+		if (value == null) {
+			return clearConfiguration(key);
+		}
 		return setConfiguration(key, value);
 	}
 
diff --git a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedBundleHook.java b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedBundleHook.java
index f2b89af1c..31cd94279 100644
--- a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedBundleHook.java
+++ b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedBundleHook.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2006, 2010 IBM Corporation and others.
+ * Copyright (c) 2006, 2013 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
@@ -202,7 +202,7 @@ public class SignedBundleHook implements ActivatorHookFactory, BundleFileWrapper
 			throw new IllegalArgumentException("null content"); //$NON-NLS-1$
 		BundleFile contentBundleFile;
 		if (content.isDirectory())
-			contentBundleFile = new DirBundleFile(content);
+			contentBundleFile = new DirBundleFile(content, false);
 		else
 			contentBundleFile = new ZipBundleFile(content, null, null, container.getConfiguration().getDebug());
 		SignedBundleFile result = new SignedBundleFile(null, VERIFY_ALL, this);
diff --git a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/storage/Storage.java b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/storage/Storage.java
index 6677fc623..7ea25440d 100644
--- a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/storage/Storage.java
+++ b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/storage/Storage.java
@@ -784,7 +784,8 @@ public class Storage {
 		BundleFile result;
 		try {
 			if (isDirectory) {
-				result = new DirBundleFile(content);
+				boolean strictPath = Boolean.parseBoolean(equinoxContainer.getConfiguration().getConfiguration(EquinoxConfiguration.PROPERTY_STRICT_BUNDLE_ENTRY_PATH, Boolean.FALSE.toString()));
+				result = new DirBundleFile(content, strictPath);
 			} else {
 				result = new ZipBundleFile(content, generation, mruList, getConfiguration().getDebug());
 			}
diff --git a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/storage/bundlefile/DirBundleFile.java b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/storage/bundlefile/DirBundleFile.java
index baaffb1d3..da8c15109 100644
--- a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/storage/bundlefile/DirBundleFile.java
+++ b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/storage/bundlefile/DirBundleFile.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2005, 2012 IBM Corporation and others.
+ * Copyright (c) 2005, 2013 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
@@ -24,33 +24,83 @@ import org.eclipse.osgi.util.NLS;
  */
 public class DirBundleFile extends BundleFile {
 
+	private static final String POINTER_SAME_DIRECTORY_1 = "/.";//$NON-NLS-1$
+	private static final String POINTER_SAME_DIRECTORY_2 = "//";//$NON-NLS-1$
+	private static final String POINTER_UPPER_DIRECTORY = "..";//$NON-NLS-1$
+
+	private final boolean enableStrictBundleEntryPath;
+
 	/**
 	 * Constructs a DirBundleFile
 	 * @param basefile the base file
 	 * @throws IOException
 	 */
-	public DirBundleFile(File basefile) throws IOException {
-		super(basefile);
+	public DirBundleFile(File basefile, boolean enableStrictBundleEntryPath) throws IOException {
+		super(getBaseFile(basefile, enableStrictBundleEntryPath));
 		if (!BundleFile.secureAction.exists(basefile) || !BundleFile.secureAction.isDirectory(basefile)) {
 			throw new IOException(NLS.bind(StorageMsg.ADAPTOR_DIRECTORY_EXCEPTION, basefile));
 		}
+		this.enableStrictBundleEntryPath = enableStrictBundleEntryPath;
+	}
+
+	private static File getBaseFile(File basefile, boolean enableStrictBundleEntryPath) throws IOException {
+		return enableStrictBundleEntryPath ? secureAction.getCanonicalFile(basefile) : basefile;
 	}
 
 	public File getFile(String path, boolean nativeCode) {
-		boolean checkInBundle = path != null && path.indexOf("..") >= 0; //$NON-NLS-1$
-		File file = new File(basefile, path);
+		final boolean checkInBundle = path != null && path.indexOf(POINTER_UPPER_DIRECTORY) >= 0;
+		File file = new File(this.basefile, path);
 		if (!BundleFile.secureAction.exists(file)) {
 			return null;
 		}
-		// must do an extra check to make sure file is within the bundle (bug 320546)
-		if (checkInBundle) {
-			try {
-				if (!BundleFile.secureAction.getCanonicalPath(file).startsWith(BundleFile.secureAction.getCanonicalPath(basefile)))
+
+		if (!enableStrictBundleEntryPath) {
+			// must do an extra check to make sure file is within the bundle (bug 320546)
+			if (checkInBundle) {
+				try {
+					if (!BundleFile.secureAction.getCanonicalPath(file).startsWith(BundleFile.secureAction.getCanonicalPath(basefile)))
+						return null;
+				} catch (IOException e) {
 					return null;
-			} catch (IOException e) {
-				return null;
+				}
+			}
+			return file;
+		}
+		boolean normalize = false;
+		boolean isBundleRoot = false;
+		if (path != null) {
+			isBundleRoot = path.equals("/");//$NON-NLS-1$
+			if (!isBundleRoot) {
+				normalize = checkInBundle || path.indexOf(POINTER_SAME_DIRECTORY_1) >= 0 || path.indexOf(POINTER_SAME_DIRECTORY_2) >= 0;
 			}
 		}
+		File canonicalFile;
+		try {
+			canonicalFile = BundleFile.secureAction.getCanonicalFile(file);
+			if (!isBundleRoot) {
+				File absoluteFile = BundleFile.secureAction.getAbsoluteFile(file);
+				String canonicalPath;
+				String absolutePath;
+				if (normalize) {
+					canonicalPath = canonicalFile.toURI().getPath();
+					absolutePath = absoluteFile.toURI().normalize().getPath();
+				} else {
+					canonicalPath = canonicalFile.getPath();
+					absolutePath = absoluteFile.getPath();
+				}
+				if (!canonicalPath.equals(absolutePath)) {
+					return null;
+				}
+			}
+			// must do an extra check to make sure file is within the bundle (bug 320546)
+			if (checkInBundle) {
+				if (!canonicalFile.getPath().startsWith(basefile.getPath()))
+					return null;
+			}
+		} catch (IOException e) {
+			return null;
+		}
+
 		return file;
 	}
 
diff --git a/bundles/org.eclipse.osgi/supplement/src/org/eclipse/osgi/framework/util/SecureAction.java b/bundles/org.eclipse.osgi/supplement/src/org/eclipse/osgi/framework/util/SecureAction.java
index 562738f73..7138c36a5 100644
--- a/bundles/org.eclipse.osgi/supplement/src/org/eclipse/osgi/framework/util/SecureAction.java
+++ b/bundles/org.eclipse.osgi/supplement/src/org/eclipse/osgi/framework/util/SecureAction.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2003, 2010 IBM Corporation and others.
+ * Copyright (c) 2003, 2013 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
@@ -164,6 +164,44 @@ public class SecureAction {
 	}
 
 	/**
+	 * Returns the absolute file.  Same as calling
+	 * file.getAbsoluteFile().
+	 * @param file a file object
+	 * @return the absolute file.
+	 */
+	public File getAbsoluteFile(final File file) {
+		if (System.getSecurityManager() == null)
+			return file.getAbsoluteFile();
+		return AccessController.doPrivileged(new PrivilegedAction<File>() {
+			public File run() {
+				return file.getAbsoluteFile();
+			}
+		}, controlContext);
+	}
+
+	/**
+	 * Returns the canonical file.  Same as calling
+	 * file.getCanonicalFile().
+	 * @param file a file object
+	 * @return the canonical file.
+	 */
+	public File getCanonicalFile(final File file) throws IOException {
+		if (System.getSecurityManager() == null)
+			return file.getCanonicalFile();
+		try {
+			return AccessController.doPrivileged(new PrivilegedExceptionAction<File>() {
+				public File run() throws IOException {
+					return file.getCanonicalFile();
+				}
+			}, controlContext);
+		} catch (PrivilegedActionException e) {
+			if (e.getException() instanceof IOException)
+				throw (IOException) e.getException();
+			throw (RuntimeException) e.getException();
+		}
+	}
+
+	/**
 	 * Returns true if a file exists, otherwise false is returned.  Same as calling
 	 * file.exists().
 	 * @param file a file object