diff options
Diffstat (limited to 'security-utils/src')
5 files changed, 9 insertions, 7 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/policy/GlobPattern.java b/security-utils/src/main/java/com/yahoo/security/tls/policy/GlobPattern.java index 30d4186f8a5..46a38a77844 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/policy/GlobPattern.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/policy/GlobPattern.java @@ -15,10 +15,10 @@ class GlobPattern { private final char[] boundaries; private final Pattern regexPattern; - GlobPattern(String pattern, char[] boundaries) { + GlobPattern(String pattern, char[] boundaries, boolean enableSingleCharWildcard) { this.pattern = pattern; this.boundaries = boundaries; - this.regexPattern = toRegexPattern(pattern, boundaries); + this.regexPattern = toRegexPattern(pattern, boundaries, enableSingleCharWildcard); } boolean matches(String value) { return regexPattern.matcher(value).matches(); } @@ -27,12 +27,12 @@ class GlobPattern { Pattern regexPattern() { return regexPattern; } char[] boundaries() { return boundaries; } - private static Pattern toRegexPattern(String pattern, char[] boundaries) { + private static Pattern toRegexPattern(String pattern, char[] boundaries, boolean enableSingleCharWildcard) { StringBuilder builder = new StringBuilder("^"); StringBuilder precedingCharactersToQuote = new StringBuilder(); char[] chars = pattern.toCharArray(); for (char c : chars) { - if (c == '?' || c == '*') { + if ((enableSingleCharWildcard && c == '?') || c == '*') { builder.append(quotePrecedingLiteralsAndReset(precedingCharactersToQuote)); // Note: we explicitly stop matching at a separator boundary. // This is to make matching less vulnerable to dirty tricks (e.g dot as boundary for hostnames). diff --git a/security-utils/src/main/java/com/yahoo/security/tls/policy/HostGlobPattern.java b/security-utils/src/main/java/com/yahoo/security/tls/policy/HostGlobPattern.java index d59052a48ef..cb9ba13cae4 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/policy/HostGlobPattern.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/policy/HostGlobPattern.java @@ -11,7 +11,7 @@ class HostGlobPattern implements RequiredPeerCredential.Pattern { private final GlobPattern globPattern; HostGlobPattern(String pattern) { - this.globPattern = new GlobPattern(pattern, new char[] {'.'}); + this.globPattern = new GlobPattern(pattern, new char[] {'.'}, true); } @Override diff --git a/security-utils/src/main/java/com/yahoo/security/tls/policy/UriGlobPattern.java b/security-utils/src/main/java/com/yahoo/security/tls/policy/UriGlobPattern.java index 006ca83a403..b2cc0688bb9 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/policy/UriGlobPattern.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/policy/UriGlobPattern.java @@ -13,7 +13,7 @@ class UriGlobPattern implements RequiredPeerCredential.Pattern { private final GlobPattern globPattern; UriGlobPattern(String globPattern) { - this.globPattern = new GlobPattern(globPattern, new char[] {'/'}); + this.globPattern = new GlobPattern(globPattern, new char[] {'/'}, false); } @Override public String asString() { return globPattern.asString(); } diff --git a/security-utils/src/test/java/com/yahoo/security/tls/policy/GlobPatternTest.java b/security-utils/src/test/java/com/yahoo/security/tls/policy/GlobPatternTest.java index b7f4b6b9c46..4350aa2b0a9 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/policy/GlobPatternTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/policy/GlobPatternTest.java @@ -100,7 +100,7 @@ class GlobPatternTest { } private static GlobPattern globPattern(String pattern, String boundaries) { - return new GlobPattern(pattern, boundaries.toCharArray()); + return new GlobPattern(pattern, boundaries.toCharArray(), true); } } diff --git a/security-utils/src/test/java/com/yahoo/security/tls/policy/UriGlobPatternTest.java b/security-utils/src/test/java/com/yahoo/security/tls/policy/UriGlobPatternTest.java index d598fbe1b84..c60c782da14 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/policy/UriGlobPatternTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/policy/UriGlobPatternTest.java @@ -20,6 +20,8 @@ class UriGlobPatternTest { assertMatches("scheme://*/segment1/segment2", "scheme://hostname/segment1/segment2"); assertMatches("scheme://*.name/", "scheme://host.name/"); assertNotMatches("scheme://*", "scheme://hostname/"); + assertMatches("scheme://hostname/mypath?query=value", "scheme://hostname/mypath?query=value"); + assertNotMatches("scheme://hostname/?", "scheme://hostname/p"); } private void assertMatches(String pattern, String value) { |