OpenJDK / jdk / jdk
changeset 22105:09df5383d1df
8029354: URLPermission.<init> throws llegalArgumentException: Invalid characters in hostname
Reviewed-by: alanb, chegar
| author | michaelm |
|---|---|
| date | Mon, 06 Jan 2014 11:00:12 +0000 |
| parents | ff3bfe024b5f |
| children | 389380609316 |
| files | jdk/src/share/classes/java/net/URLPermission.java jdk/test/java/net/URLPermission/OpenURL.java jdk/test/java/net/URLPermission/URLPermissionTest.java |
| diffstat | 3 files changed, 104 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/jdk/src/share/classes/java/net/URLPermission.java Sun Jan 05 21:02:57 2014 -0800 +++ b/jdk/src/share/classes/java/net/URLPermission.java Mon Jan 06 11:00:12 2014 +0000 @@ -47,7 +47,7 @@ * class. * <i>authority</i> is specified as: * <pre> - * authority = hostrange [ : portrange ] + * authority = [ userinfo @ ] hostrange [ : portrange ] * portrange = portnumber | -portnumber | portnumber-[portnumber] | * * hostrange = ([*.] dnsname) | IPv4address | IPv6address * </pre> @@ -65,6 +65,9 @@ * (default 443). No default is assumed for other schemes. A wildcard may be specified * which means all ports. * <p> + * <i>userinfo</i> is optional. A userinfo component if present, is ignored when + * creating a URLPermission, and has no effect on any other methods defined by this class. + * <p> * The <i>path</i> component comprises a sequence of path segments, * separated by '/' characters. <i>path</i> may also be empty. The path is specified * in a similar way to the path in {@link java.io.FilePermission}. There are @@ -473,7 +476,12 @@ HostPortrange p; Authority(String scheme, String authority) { - p = new HostPortrange(scheme, authority); + int at = authority.indexOf('@'); + if (at == -1) { + p = new HostPortrange(scheme, authority); + } else { + p = new HostPortrange(scheme, authority.substring(at+1)); + } } boolean implies(Authority other) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/java/net/URLPermission/OpenURL.java Mon Jan 06 11:00:12 2014 +0000 @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8029354 + * @run main/othervm OpenURL + */ + +import java.net.*; +import java.io.*; + +public class OpenURL { + + public static void main (String[] args) throws Exception { + + System.setSecurityManager(new SecurityManager()); + + try { + URL url = new URL ("http://joe@127.0.0.1/a/b"); + HttpURLConnection urlc = (HttpURLConnection)url.openConnection(); + InputStream is = urlc.getInputStream(); + // error will throw exception other than SecurityException + } catch (SecurityException e) { + System.out.println("OK"); + } + } +}
--- a/jdk/test/java/net/URLPermission/URLPermissionTest.java Sun Jan 05 21:02:57 2014 -0800 +++ b/jdk/test/java/net/URLPermission/URLPermissionTest.java Mon Jan 06 11:00:12 2014 +0000 @@ -26,7 +26,7 @@ /** * @test - * @bug 8010464 8027570 8027687 + * @bug 8010464 8027570 8027687 8029354 */ public class URLPermissionTest { @@ -37,7 +37,30 @@ abstract boolean execute(); }; + // Instantiation: should succeed + static class CreateTest extends Test { + String arg; + CreateTest(String arg) { + this.arg = arg; + } + + @Override + boolean execute() { + try { + URLPermission p = new URLPermission(arg); + return true; + } catch (Exception e) { + return false; + } + } + }; + + static CreateTest createtest(String arg) { + return new CreateTest(arg); + } + // Should throw an IAE on construction + static class ExTest extends Test { String arg; ExTest(String arg) { @@ -262,6 +285,7 @@ imtest("https://www.foo.com/a/b", "https://www.foo.com:443/a/b", true), imtest("https://www.foo.com:200-500/a/b", "https://www.foo.com/a/b", true), imtest("http://www.foo.com:*/a/b", "http://www.foo.com:1-12345/a/b", true), + imtest("http://host/a/b", "http://HOST/a/b", true), // misc imtest("https:*", "http://www.foo.com", false), @@ -297,6 +321,16 @@ eqtest("http://www.foo.com/a/b", "http://www.foo.com:82/a/b", false), eqtest("https://www.foo.com/a/b", "https://www.foo.com:443/a/b", true), eqtest("https://www.foo.com/a/b", "https://www.foo.com:444/a/b", false), + eqtest("http://michael@foo.com/bar","http://michael@foo.com/bar", true), + eqtest("http://Michael@foo.com/bar","http://michael@goo.com/bar",false), + eqtest("http://michael@foo.com/bar","http://george@foo.com/bar", true), + eqtest("http://@foo.com/bar","http://foo.com/bar", true) + }; + + static Test[] createTests = { + createtest("http://user@foo.com/a/b/c"), + createtest("http://user:pass@foo.com/a/b/c"), + createtest("http://user:@foo.com/a/b/c") }; static boolean failed = false; @@ -386,6 +420,17 @@ } } + for (int i=0; i<createTests.length; i++) { + CreateTest test = (CreateTest)createTests[i]; + boolean result = test.execute(); + if (!result) { + System.out.println ("test failed: " + test.arg); + failed = true; + } else { + System.out.println ("create test " + i + " OK"); + } + } + for (int i=0; i<actionImplies.length ; i++) { ActionImpliesTest test = (ActionImpliesTest)actionImplies[i]; Exception caught = null;