Loading src/main/java/it/inaf/oats/vospace/URIUtils.java +59 −37 Original line number Diff line number Diff line Loading @@ -9,6 +9,7 @@ import it.inaf.oats.vospace.exception.InvalidURIException; import java.net.URI; import java.net.URISyntaxException; import java.util.regex.Pattern; import net.ivoa.xml.vospace.v2.Node; public class URIUtils { Loading @@ -17,6 +18,23 @@ public class URIUtils { private static final Pattern FORBIDDEN_CHARS = Pattern.compile("[\\x00\\x08\\x0B\\x0C\\x0E-\\x1F" + Pattern.quote("<>?\":\\|'`*") + "]"); private static final String SCHEME = "vos"; public static String returnURIFromVosPath(String vosPath, String authority) throws URISyntaxException { URI uri = new URI( SCHEME, authority, vosPath, null, null ); return uri.toASCIIString(); } public static String returnVosPathFromNodeURI(Node myNode, String authority) { return returnVosPathFromNodeURI(myNode.getUri(), authority); } // This method validates the URI too public static String returnVosPathFromNodeURI(String nodeURI, String authority) { Loading @@ -26,33 +44,37 @@ public class URIUtils { URI uri = new URI(nodeURI); // Check scheme if(!uri.isAbsolute() || uri.isOpaque() || !uri.getRawSchemeSpecificPart().startsWith("//") || !uri.getScheme().equalsIgnoreCase(SCHEME)) if (!uri.isAbsolute() || uri.isOpaque() || !uri.getRawSchemeSpecificPart().startsWith("//") || !uri.getScheme().equalsIgnoreCase(SCHEME)) { throw new InvalidURIException(nodeURI); } // Check authority if(!uri.getAuthority().replace("~", "!").equals(authority)) if (!uri.getAuthority().replace("~", "!").equals(authority)) { throw new InvalidURIException(nodeURI); } // Check path String rawPath = uri.getRawPath(); // Check if raw Path is null or contains percent encoded slashes or multiple // separators if(rawPath == null || rawPath.contains("//") || rawPath.contains("%2F") || rawPath.contains("%2f")) if (rawPath == null || rawPath.contains("//") || rawPath.contains("%2F") || rawPath.contains("%2f")) { throw new InvalidURIException(nodeURI); } resultPath = uri.getPath(); if(resultPath.isBlank() || FORBIDDEN_CHARS.matcher(resultPath).find() || (!resultPath.equals("/") && resultPath.endsWith("/"))) if (resultPath.isBlank() || FORBIDDEN_CHARS.matcher(resultPath).find() || (!resultPath.equals("/") && resultPath.endsWith("/"))) { throw new InvalidURIException(nodeURI); } } catch (URISyntaxException e) { throw new InvalidURIException(nodeURI); Loading src/main/java/it/inaf/oats/vospace/persistence/NodeDAO.java +27 −16 Original line number Diff line number Diff line Loading @@ -10,6 +10,7 @@ import it.inaf.oats.vospace.URIUtils; import it.inaf.oats.vospace.datamodel.NodeProperties; import it.inaf.oats.vospace.datamodel.NodeUtils; import it.inaf.oats.vospace.exception.InternalFaultException; import java.net.URISyntaxException; import java.sql.Array; import net.ivoa.xml.vospace.v2.Node; import java.sql.PreparedStatement; Loading Loading @@ -58,7 +59,7 @@ public class NodeDAO { public void createNode(Node myNode, String jobId) { String nodeVosPath = URIUtils.returnVosPathFromNodeURI(myNode.getUri(), authority); String nodeVosPath = URIUtils.returnVosPathFromNodeURI(myNode, authority); List<NodePaths> paths = getNodePathsFromDB(nodeVosPath); Loading Loading @@ -144,7 +145,7 @@ public class NodeDAO { */ public Node setNode(Node newNode, boolean recursive) { String vosPath = NodeUtils.getVosPath(newNode); String vosPath = URIUtils.returnVosPathFromNodeURI(newNode, authority); if (recursive) { updatePermissionsRecursively(newNode, vosPath); Loading Loading @@ -454,7 +455,17 @@ public class NodeDAO { } private String getUri(String path) { return "vos://" + authority + path; // Percent encode path String result = null; try { result = URIUtils.returnURIFromVosPath(path, authority); } catch (URISyntaxException e) { throw new InternalFaultException("unable to percent encode URI from authority and path: " + authority + " , " + path); } return result; } private NodePaths getPathsFromResultSet(ResultSet rs) throws SQLException { Loading src/test/java/it/inaf/oats/vospace/URIUtilsTest.java +14 −3 Original line number Diff line number Diff line Loading @@ -6,6 +6,7 @@ package it.inaf.oats.vospace; import it.inaf.oats.vospace.exception.InvalidURIException; import java.net.URISyntaxException; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertThrows; import org.junit.jupiter.api.Test; Loading Loading @@ -69,9 +70,19 @@ public class URIUtilsTest { assertEquals("/", URIUtils.returnVosPathFromNodeURI(test9, authority)); } @Test public void testReturnURIFromVosPath() throws URISyntaxException { String test1 = URIUtils.returnURIFromVosPath("/", authority); assertEquals("vos://"+authority+"/", test1); String test2 = URIUtils.returnURIFromVosPath("/test1/test2", authority); assertEquals("vos://"+authority+"/test1/test2", test2); String test3 = URIUtils.returnURIFromVosPath("/test1/te# !?st2", authority); assertEquals("vos://"+authority+"/test1/te%23%20!%3Fst2", test3); } Loading Loading
src/main/java/it/inaf/oats/vospace/URIUtils.java +59 −37 Original line number Diff line number Diff line Loading @@ -9,6 +9,7 @@ import it.inaf.oats.vospace.exception.InvalidURIException; import java.net.URI; import java.net.URISyntaxException; import java.util.regex.Pattern; import net.ivoa.xml.vospace.v2.Node; public class URIUtils { Loading @@ -17,6 +18,23 @@ public class URIUtils { private static final Pattern FORBIDDEN_CHARS = Pattern.compile("[\\x00\\x08\\x0B\\x0C\\x0E-\\x1F" + Pattern.quote("<>?\":\\|'`*") + "]"); private static final String SCHEME = "vos"; public static String returnURIFromVosPath(String vosPath, String authority) throws URISyntaxException { URI uri = new URI( SCHEME, authority, vosPath, null, null ); return uri.toASCIIString(); } public static String returnVosPathFromNodeURI(Node myNode, String authority) { return returnVosPathFromNodeURI(myNode.getUri(), authority); } // This method validates the URI too public static String returnVosPathFromNodeURI(String nodeURI, String authority) { Loading @@ -26,33 +44,37 @@ public class URIUtils { URI uri = new URI(nodeURI); // Check scheme if(!uri.isAbsolute() || uri.isOpaque() || !uri.getRawSchemeSpecificPart().startsWith("//") || !uri.getScheme().equalsIgnoreCase(SCHEME)) if (!uri.isAbsolute() || uri.isOpaque() || !uri.getRawSchemeSpecificPart().startsWith("//") || !uri.getScheme().equalsIgnoreCase(SCHEME)) { throw new InvalidURIException(nodeURI); } // Check authority if(!uri.getAuthority().replace("~", "!").equals(authority)) if (!uri.getAuthority().replace("~", "!").equals(authority)) { throw new InvalidURIException(nodeURI); } // Check path String rawPath = uri.getRawPath(); // Check if raw Path is null or contains percent encoded slashes or multiple // separators if(rawPath == null || rawPath.contains("//") || rawPath.contains("%2F") || rawPath.contains("%2f")) if (rawPath == null || rawPath.contains("//") || rawPath.contains("%2F") || rawPath.contains("%2f")) { throw new InvalidURIException(nodeURI); } resultPath = uri.getPath(); if(resultPath.isBlank() || FORBIDDEN_CHARS.matcher(resultPath).find() || (!resultPath.equals("/") && resultPath.endsWith("/"))) if (resultPath.isBlank() || FORBIDDEN_CHARS.matcher(resultPath).find() || (!resultPath.equals("/") && resultPath.endsWith("/"))) { throw new InvalidURIException(nodeURI); } } catch (URISyntaxException e) { throw new InvalidURIException(nodeURI); Loading
src/main/java/it/inaf/oats/vospace/persistence/NodeDAO.java +27 −16 Original line number Diff line number Diff line Loading @@ -10,6 +10,7 @@ import it.inaf.oats.vospace.URIUtils; import it.inaf.oats.vospace.datamodel.NodeProperties; import it.inaf.oats.vospace.datamodel.NodeUtils; import it.inaf.oats.vospace.exception.InternalFaultException; import java.net.URISyntaxException; import java.sql.Array; import net.ivoa.xml.vospace.v2.Node; import java.sql.PreparedStatement; Loading Loading @@ -58,7 +59,7 @@ public class NodeDAO { public void createNode(Node myNode, String jobId) { String nodeVosPath = URIUtils.returnVosPathFromNodeURI(myNode.getUri(), authority); String nodeVosPath = URIUtils.returnVosPathFromNodeURI(myNode, authority); List<NodePaths> paths = getNodePathsFromDB(nodeVosPath); Loading Loading @@ -144,7 +145,7 @@ public class NodeDAO { */ public Node setNode(Node newNode, boolean recursive) { String vosPath = NodeUtils.getVosPath(newNode); String vosPath = URIUtils.returnVosPathFromNodeURI(newNode, authority); if (recursive) { updatePermissionsRecursively(newNode, vosPath); Loading Loading @@ -454,7 +455,17 @@ public class NodeDAO { } private String getUri(String path) { return "vos://" + authority + path; // Percent encode path String result = null; try { result = URIUtils.returnURIFromVosPath(path, authority); } catch (URISyntaxException e) { throw new InternalFaultException("unable to percent encode URI from authority and path: " + authority + " , " + path); } return result; } private NodePaths getPathsFromResultSet(ResultSet rs) throws SQLException { Loading
src/test/java/it/inaf/oats/vospace/URIUtilsTest.java +14 −3 Original line number Diff line number Diff line Loading @@ -6,6 +6,7 @@ package it.inaf.oats.vospace; import it.inaf.oats.vospace.exception.InvalidURIException; import java.net.URISyntaxException; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertThrows; import org.junit.jupiter.api.Test; Loading Loading @@ -69,9 +70,19 @@ public class URIUtilsTest { assertEquals("/", URIUtils.returnVosPathFromNodeURI(test9, authority)); } @Test public void testReturnURIFromVosPath() throws URISyntaxException { String test1 = URIUtils.returnURIFromVosPath("/", authority); assertEquals("vos://"+authority+"/", test1); String test2 = URIUtils.returnURIFromVosPath("/test1/test2", authority); assertEquals("vos://"+authority+"/test1/test2", test2); String test3 = URIUtils.returnURIFromVosPath("/test1/te# !?st2", authority); assertEquals("vos://"+authority+"/test1/te%23%20!%3Fst2", test3); } Loading
