Commit 3c2e7690 authored by Sonia Zorba's avatar Sonia Zorba
Browse files

Handled other special chars edge cases

parent a9ec1449
Pipeline #1011 passed with stages
in 31 seconds
......@@ -18,7 +18,7 @@ public class NodeUtils {
* characters are allowed. Front end needs to pay attention to other allowed
* characters like & and parenthesis in any case, also to avoid XSS attacks.
*/
private static final Pattern FORBIDDEN_CHARS = Pattern.compile("[\\x00\\x08\\x0B\\x0C\\x0E-\\x1F" + Pattern.quote("<>?\":\\|'*") + "]");
private static final Pattern FORBIDDEN_CHARS = Pattern.compile("[\\x00\\x08\\x0B\\x0C\\x0E-\\x1F" + Pattern.quote("<>?\":\\|/'`*") + "]");
/**
* Slash is a special character in defining REST endpoints and trying to
......@@ -54,7 +54,7 @@ public class NodeUtils {
public static String urlEncodePath(String path) {
String[] parts = path.split("/");
return String.join("/", Arrays.stream(parts)
.map(p -> URLEncoder.encode(p, StandardCharsets.UTF_8))
.map(p -> URLEncoder.encode(p, StandardCharsets.UTF_8).replace("+", "%20"))
.collect(Collectors.toList()));
}
......
......@@ -16,15 +16,15 @@ public class NodeUtilsTest {
@Test
public void testGetPathWithSpacesFromRequestURLString() {
String requestUrl = "http://localhost/vospace/nodes/a/b/c%20d%20%C3%A4.pdf";
assertEquals("/a/b/c d ä.pdf", NodeUtils.getPathFromRequestURLString(requestUrl));
String requestUrl = "http://localhost/vospace/nodes/a/b/c%20d%20%C3%A4+%2B.pdf";
assertEquals("/a/b/c d ä +.pdf", NodeUtils.getPathFromRequestURLString(requestUrl));
}
@Test
public void testEncodePathSpecialChars() {
String specialChars = "ä è#+ /other/+-ò@";
assertEquals("%C3%A4+%C3%A8%23%2B+/other/%2B-%C3%B2%40", NodeUtils.urlEncodePath(specialChars));
assertEquals("%C3%A4%20%C3%A8%23%2B%20/other/%2B-%C3%B2%40", NodeUtils.urlEncodePath(specialChars));
}
@Test
......@@ -41,6 +41,11 @@ public class NodeUtilsTest {
public void testIllegalQuotes() {
testIllegalChars("\"'.pdf");
}
@Test
public void testIllegalSlashEncoded() {
testIllegalChars("%2F.pdf");
}
private void testIllegalChars(String illegalString) {
boolean exception = false;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment