Skip to main content
aboutsummaryrefslogtreecommitdiffstats
path: root/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleInstallUpdateTests.java
diff options
context:
space:
mode:
Diffstat (limited to 'bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleInstallUpdateTests.java')
-rw-r--r--bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleInstallUpdateTests.java70
1 files changed, 65 insertions, 5 deletions
diff --git a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleInstallUpdateTests.java b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleInstallUpdateTests.java
index 029f856a6..3faadc65d 100644
--- a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleInstallUpdateTests.java
+++ b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleInstallUpdateTests.java
@@ -1,5 +1,5 @@
/*******************************************************************************
- * Copyright (c) 2009, 2016 IBM Corporation and others.
+ * Copyright (c) 2009, 2018 IBM Corporation and others.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
@@ -10,13 +10,28 @@
*******************************************************************************/
package org.eclipse.osgi.tests.bundles;
-import java.io.*;
-import java.net.*;
-import java.util.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.net.URLEncoder;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
import junit.framework.Test;
import junit.framework.TestSuite;
+import org.eclipse.osgi.service.urlconversion.URLConverter;
import org.eclipse.osgi.tests.OSGiTestsActivator;
-import org.osgi.framework.*;
+import org.osgi.framework.Bundle;
+import org.osgi.framework.BundleException;
+import org.osgi.framework.Constants;
+import org.osgi.framework.InvalidSyntaxException;
+import org.osgi.framework.ServiceRegistration;
import org.osgi.framework.hooks.bundle.CollisionHook;
public class BundleInstallUpdateTests extends AbstractBundleTests {
@@ -367,4 +382,49 @@ public class BundleInstallUpdateTests extends AbstractBundleTests {
is = encodedURL.openStream();
is.close();
}
+
+ public void testEscapeZipRoot() throws IOException, BundleException, InvalidSyntaxException, URISyntaxException {
+ String entry1 = "../../escapedZipRoot1.txt";
+ String entry2 = "dir1/../../../escapedZipRoot2.txt";
+ String cp1 = "../../cp.jar";
+ File bundlesDirectory = OSGiTestsActivator.getContext().getDataFile(getName());
+ bundlesDirectory.mkdirs();
+ Map<String, String> headers = new HashMap<String, String>();
+ headers.put(Constants.BUNDLE_MANIFESTVERSION, "2");
+ headers.put(Constants.BUNDLE_SYMBOLICNAME, getName());
+ headers.put(Constants.BUNDLE_CLASSPATH, "., ../../cp.jar");
+ Map<String, String> entries = new HashMap<>();
+ entries.put(entry1, "value");
+ entries.put(entry2, "value");
+ entries.put(cp1, "value");
+
+ File testBundleJarFile = SystemBundleTests.createBundle(bundlesDirectory, getName(), headers, entries);
+ Bundle testBundle = getContext().installBundle(getName(), new FileInputStream(testBundleJarFile));
+ testBundle.start();
+ try {
+ testBundle.loadClass("does.not.exist.Test");
+ } catch (ClassNotFoundException e) {
+ // expected
+ }
+ URLConverter bundleURLConverter = getContext().getService(getContext().getServiceReferences(URLConverter.class, "(protocol=bundleentry)").iterator().next());
+
+ URL dir1 = bundleURLConverter.toFileURL(testBundle.getEntry("dir1/"));
+ File dir1File = new File(dir1.toExternalForm().substring(5));
+
+ File dir1EscapedFile2 = new File(dir1File, entry2.substring("dir1".length()));
+ assertFalse("File escaped zip root: " + dir1EscapedFile2.getCanonicalPath(), dir1EscapedFile2.exists());
+
+ URL root = bundleURLConverter.toFileURL(testBundle.getEntry("/"));
+ File rootFile = new File(root.toExternalForm().substring(5));
+
+ File rootEscapedFile1 = new File(rootFile, entry1);
+ assertFalse("File escaped zip root: " + rootEscapedFile1.getCanonicalPath(), rootEscapedFile1.exists());
+
+ File rootEscapedFile2 = new File(rootFile, entry2);
+ assertFalse("File escaped zip root: " + rootEscapedFile2.getCanonicalPath(), rootEscapedFile2.exists());
+
+ File rootEscapedFile3 = new File(rootFile, cp1);
+ assertFalse("File escaped zip root: " + rootEscapedFile3.getCanonicalPath(), rootEscapedFile3.exists());
+
+ }
}

Back to the top