Commit 3c2e7690 authored by Sonia Zorba's avatar Sonia Zorba
Browse files

Handled other special chars edge cases

parent a9ec1449
Pipeline #1011 passed with stages
in 31 seconds
...@@ -18,7 +18,7 @@ public class NodeUtils { ...@@ -18,7 +18,7 @@ public class NodeUtils {
* characters are allowed. Front end needs to pay attention to other allowed * characters are allowed. Front end needs to pay attention to other allowed
* characters like & and parenthesis in any case, also to avoid XSS attacks. * characters like & and parenthesis in any case, also to avoid XSS attacks.
*/ */
private static final Pattern FORBIDDEN_CHARS = Pattern.compile("[\\x00\\x08\\x0B\\x0C\\x0E-\\x1F" + Pattern.quote("<>?\":\\|'*") + "]"); private static final Pattern FORBIDDEN_CHARS = Pattern.compile("[\\x00\\x08\\x0B\\x0C\\x0E-\\x1F" + Pattern.quote("<>?\":\\|/'`*") + "]");
/** /**
* Slash is a special character in defining REST endpoints and trying to * Slash is a special character in defining REST endpoints and trying to
...@@ -54,7 +54,7 @@ public class NodeUtils { ...@@ -54,7 +54,7 @@ public class NodeUtils {
public static String urlEncodePath(String path) { public static String urlEncodePath(String path) {
String[] parts = path.split("/"); String[] parts = path.split("/");
return String.join("/", Arrays.stream(parts) return String.join("/", Arrays.stream(parts)
.map(p -> URLEncoder.encode(p, StandardCharsets.UTF_8)) .map(p -> URLEncoder.encode(p, StandardCharsets.UTF_8).replace("+", "%20"))
.collect(Collectors.toList())); .collect(Collectors.toList()));
} }
......
...@@ -16,15 +16,15 @@ public class NodeUtilsTest { ...@@ -16,15 +16,15 @@ public class NodeUtilsTest {
@Test @Test
public void testGetPathWithSpacesFromRequestURLString() { public void testGetPathWithSpacesFromRequestURLString() {
String requestUrl = "http://localhost/vospace/nodes/a/b/c%20d%20%C3%A4.pdf"; String requestUrl = "http://localhost/vospace/nodes/a/b/c%20d%20%C3%A4+%2B.pdf";
assertEquals("/a/b/c d ä.pdf", NodeUtils.getPathFromRequestURLString(requestUrl)); assertEquals("/a/b/c d ä +.pdf", NodeUtils.getPathFromRequestURLString(requestUrl));
} }
@Test @Test
public void testEncodePathSpecialChars() { public void testEncodePathSpecialChars() {
String specialChars = "ä è#+ /other/+-ò@"; String specialChars = "ä è#+ /other/+-ò@";
assertEquals("%C3%A4+%C3%A8%23%2B+/other/%2B-%C3%B2%40", NodeUtils.urlEncodePath(specialChars)); assertEquals("%C3%A4%20%C3%A8%23%2B%20/other/%2B-%C3%B2%40", NodeUtils.urlEncodePath(specialChars));
} }
@Test @Test
...@@ -41,6 +41,11 @@ public class NodeUtilsTest { ...@@ -41,6 +41,11 @@ public class NodeUtilsTest {
public void testIllegalQuotes() { public void testIllegalQuotes() {
testIllegalChars("\"'.pdf"); testIllegalChars("\"'.pdf");
} }
@Test
public void testIllegalSlashEncoded() {
testIllegalChars("%2F.pdf");
}
private void testIllegalChars(String illegalString) { private void testIllegalChars(String illegalString) {
boolean exception = false; boolean exception = false;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment