diff options
author | Martin Polden <mpolden@mpolden.no> | 2022-03-29 15:52:40 +0200 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2022-03-29 16:25:06 +0200 |
commit | 5cea7bd3497bdb30bdbebebc0685d93249765d89 (patch) | |
tree | fe68b0405bcc22a53d32503886756ae2d554e3c4 /container-core/src/test/java/com/yahoo/restapi/PathTest.java | |
parent | ae39d47bce33f33a5854c44fc3c264787ecfd1bd (diff) |
Disallow relative paths and specs
Diffstat (limited to 'container-core/src/test/java/com/yahoo/restapi/PathTest.java')
-rw-r--r-- | container-core/src/test/java/com/yahoo/restapi/PathTest.java | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/container-core/src/test/java/com/yahoo/restapi/PathTest.java b/container-core/src/test/java/com/yahoo/restapi/PathTest.java index 0deb27ae0f2..5cbf80ff2ad 100644 --- a/container-core/src/test/java/com/yahoo/restapi/PathTest.java +++ b/container-core/src/test/java/com/yahoo/restapi/PathTest.java @@ -8,6 +8,7 @@ import java.net.URI; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.fail; /** * @author bratseth @@ -64,8 +65,8 @@ public class PathTest { @Test public void testUrlEncodedPath() { assertTrue(new Path(URI.create("/a/%62/c")).matches("/a/b/c")); - assertTrue(new Path(URI.create("/a/%2e%2e/c")).matches("/a/../c")); assertFalse(new Path(URI.create("/a/b%2fc")).matches("/a/b/c")); + assertFalse(new Path(URI.create("/foo")).matches("/foo/bar/%2e%2e")); Path path = new Path(URI.create("/%61/%2f/%63")); assertTrue(path.matches("/a/{slash}/{c}")); @@ -73,4 +74,29 @@ public class PathTest { assertEquals("c", path.get("c")); } + @Test + public void testInvalidPaths() { + assertInvalid(URI.create("/foo/../bar")); + assertInvalid(URI.create("/foo/%2e%2e/bar")); + assertInvalidPathSpec(URI.create("/foo/bar"), "/foo/bar/.."); + assertInvalidPathSpec(URI.create("/foo/bar"), "/foo/../bar"); + } + + private void assertInvalid(URI uri) { + try { + new Path(uri); + fail("Expected exception"); + } catch (IllegalArgumentException ignored) { + } + } + + private void assertInvalidPathSpec(URI uri, String pathSpec) { + try { + Path path = new Path(uri); + path.matches(pathSpec); + fail("Expected exception"); + } catch (IllegalArgumentException ignored) { + } + } + } |