You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tapestry.apache.org by th...@apache.org on 2021/03/09 12:16:21 UTC

[tapestry-5] branch 5.6.x updated (78696d9 -> 010ef5c)

This is an automated email from the ASF dual-hosted git repository.

thiagohp pushed a change to branch 5.6.x
in repository https://gitbox.apache.org/repos/asf/tapestry-5.git.


    from 78696d9  TAP5-2664: adding unit test code
     new 213c4f9  TAP5-2665: Disallow requests for folders in the classpath by default
     new 010ef5c  Adding a bit of code to try to understand a test failure

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../assets/ClasspathAssetRequestHandler.java       | 12 +++-
 .../org/apache/tapestry5/modules/AssetsModule.java | 80 ++++++++++++++++++++--
 .../integration/appfolder/AppFolderTests.groovy    |  3 +
 3 files changed, 88 insertions(+), 7 deletions(-)

[tapestry-5] 01/02: TAP5-2665: Disallow requests for folders in the classpath by default

Posted by th...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

thiagohp pushed a commit to branch 5.6.x
in repository https://gitbox.apache.org/repos/asf/tapestry-5.git

commit 213c4f9e228ab834c801d048b82e7610cbb00786
Author: Thiago H. de Paula Figueiredo <th...@arsmachina.com.br>
AuthorDate: Tue Mar 9 08:42:30 2021 -0300

    TAP5-2665: Disallow requests for folders in the classpath by default
---
 .../assets/ClasspathAssetRequestHandler.java       | 12 +++-
 .../org/apache/tapestry5/modules/AssetsModule.java | 80 ++++++++++++++++++++--
 2 files changed, 85 insertions(+), 7 deletions(-)

diff --git a/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ClasspathAssetRequestHandler.java b/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ClasspathAssetRequestHandler.java
index ea92e26..6e59f89 100644
--- a/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ClasspathAssetRequestHandler.java
+++ b/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ClasspathAssetRequestHandler.java
@@ -22,6 +22,8 @@ import org.apache.tapestry5.services.ClasspathAssetProtectionRule;
 import org.apache.tapestry5.services.Request;
 import org.apache.tapestry5.services.Response;
 import org.apache.tapestry5.services.assets.AssetRequestHandler;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import java.io.IOException;
 
@@ -33,6 +35,9 @@ import java.io.IOException;
  */
 public class ClasspathAssetRequestHandler implements AssetRequestHandler
 {
+    
+    private final static Logger LOGGER = LoggerFactory.getLogger(ClasspathAssetRequestHandler.class);
+    
     private final ResourceStreamer streamer;
 
     private final AssetSource assetSource;
@@ -56,8 +61,13 @@ public class ClasspathAssetRequestHandler implements AssetRequestHandler
         ChecksumPath path = new ChecksumPath(streamer, baseFolder, extraPath);
         
         final boolean handled;
-        if (classpathAssetProtectionRule.block(path.resourcePath)) 
+        if (classpathAssetProtectionRule.block(path.resourcePath) && !path.resourcePath.equals(ChecksumPath.NON_EXISTING_RESOURCE)) 
         {
+            if (LOGGER.isWarnEnabled()) 
+            {
+                LOGGER.warn("Blocked request for classpath asset '" + path.resourcePath + 
+                        "'. Contribute a new ClasspathAssetProtectionRule if you need this asset to be publicly accessible.");
+            }
             handled = false;
         }
         else
diff --git a/tapestry-core/src/main/java/org/apache/tapestry5/modules/AssetsModule.java b/tapestry-core/src/main/java/org/apache/tapestry5/modules/AssetsModule.java
index 8175500..44e5907 100644
--- a/tapestry-core/src/main/java/org/apache/tapestry5/modules/AssetsModule.java
+++ b/tapestry-core/src/main/java/org/apache/tapestry5/modules/AssetsModule.java
@@ -18,16 +18,71 @@ import java.util.Map;
 import org.apache.tapestry5.SymbolConstants;
 import org.apache.tapestry5.internal.AssetConstants;
 import org.apache.tapestry5.internal.InternalConstants;
-import org.apache.tapestry5.internal.services.*;
-import org.apache.tapestry5.internal.services.assets.*;
+import org.apache.tapestry5.internal.services.AssetSourceImpl;
+import org.apache.tapestry5.internal.services.ClasspathAssetAliasManagerImpl;
+import org.apache.tapestry5.internal.services.ClasspathAssetFactory;
+import org.apache.tapestry5.internal.services.ContextAssetFactory;
+import org.apache.tapestry5.internal.services.ExternalUrlAssetFactory;
+import org.apache.tapestry5.internal.services.IdentityAssetPathConverter;
+import org.apache.tapestry5.internal.services.RequestConstants;
+import org.apache.tapestry5.internal.services.ResourceStreamer;
+import org.apache.tapestry5.internal.services.assets.AssetChecksumGeneratorImpl;
+import org.apache.tapestry5.internal.services.assets.AssetPathConstructorImpl;
+import org.apache.tapestry5.internal.services.assets.CSSURLRewriter;
+import org.apache.tapestry5.internal.services.assets.ClasspathAssetRequestHandler;
+import org.apache.tapestry5.internal.services.assets.CompressionAnalyzerImpl;
+import org.apache.tapestry5.internal.services.assets.ContentTypeAnalyzerImpl;
+import org.apache.tapestry5.internal.services.assets.ContextAssetRequestHandler;
+import org.apache.tapestry5.internal.services.assets.JavaScriptStackAssembler;
+import org.apache.tapestry5.internal.services.assets.JavaScriptStackAssemblerImpl;
+import org.apache.tapestry5.internal.services.assets.JavaScriptStackMinimizeDisabler;
+import org.apache.tapestry5.internal.services.assets.MasterResourceMinimizer;
+import org.apache.tapestry5.internal.services.assets.ResourceChangeTracker;
+import org.apache.tapestry5.internal.services.assets.ResourceChangeTrackerImpl;
+import org.apache.tapestry5.internal.services.assets.SRSCachingInterceptor;
+import org.apache.tapestry5.internal.services.assets.SRSCompressedCachingInterceptor;
+import org.apache.tapestry5.internal.services.assets.SRSCompressingInterceptor;
+import org.apache.tapestry5.internal.services.assets.SRSMinimizingInterceptor;
+import org.apache.tapestry5.internal.services.assets.StackAssetRequestHandler;
+import org.apache.tapestry5.internal.services.assets.StreamableResourceSourceImpl;
+import org.apache.tapestry5.internal.services.assets.UTF8ForTextAssets;
 import org.apache.tapestry5.internal.services.messages.ClientLocalizationMessageResource;
-import org.apache.tapestry5.ioc.*;
-import org.apache.tapestry5.ioc.annotations.*;
+import org.apache.tapestry5.ioc.MappedConfiguration;
+import org.apache.tapestry5.ioc.OperationTracker;
+import org.apache.tapestry5.ioc.OrderedConfiguration;
+import org.apache.tapestry5.ioc.Resource;
+import org.apache.tapestry5.ioc.ServiceBinder;
+import org.apache.tapestry5.ioc.annotations.Autobuild;
+import org.apache.tapestry5.ioc.annotations.Contribute;
+import org.apache.tapestry5.ioc.annotations.Decorate;
+import org.apache.tapestry5.ioc.annotations.Marker;
+import org.apache.tapestry5.ioc.annotations.Order;
+import org.apache.tapestry5.ioc.annotations.Primary;
+import org.apache.tapestry5.ioc.annotations.Symbol;
 import org.apache.tapestry5.ioc.services.ChainBuilder;
 import org.apache.tapestry5.ioc.services.FactoryDefaults;
 import org.apache.tapestry5.ioc.services.SymbolProvider;
-import org.apache.tapestry5.services.*;
-import org.apache.tapestry5.services.assets.*;
+import org.apache.tapestry5.services.ApplicationGlobals;
+import org.apache.tapestry5.services.AssetFactory;
+import org.apache.tapestry5.services.AssetPathConverter;
+import org.apache.tapestry5.services.AssetRequestDispatcher;
+import org.apache.tapestry5.services.AssetSource;
+import org.apache.tapestry5.services.ClasspathAssetAliasManager;
+import org.apache.tapestry5.services.ClasspathAssetProtectionRule;
+import org.apache.tapestry5.services.ClasspathProvider;
+import org.apache.tapestry5.services.ComponentClassResolver;
+import org.apache.tapestry5.services.ContextProvider;
+import org.apache.tapestry5.services.Core;
+import org.apache.tapestry5.services.Dispatcher;
+import org.apache.tapestry5.services.Request;
+import org.apache.tapestry5.services.ResponseCompressionAnalyzer;
+import org.apache.tapestry5.services.assets.AssetChecksumGenerator;
+import org.apache.tapestry5.services.assets.AssetPathConstructor;
+import org.apache.tapestry5.services.assets.AssetRequestHandler;
+import org.apache.tapestry5.services.assets.CompressionAnalyzer;
+import org.apache.tapestry5.services.assets.ContentTypeAnalyzer;
+import org.apache.tapestry5.services.assets.ResourceMinimizer;
+import org.apache.tapestry5.services.assets.StreamableResourceSource;
 import org.apache.tapestry5.services.javascript.JavaScriptStackSource;
 import org.apache.tapestry5.services.messages.ComponentMessagesSource;
 
@@ -374,6 +429,19 @@ public class AssetsModule
         configuration.add("PropertiesFile", propertiesFileRule);
         ClasspathAssetProtectionRule xmlFileRule = (s) -> s.toLowerCase().endsWith(".xml");
         configuration.add("XMLFile", xmlFileRule);
+        ClasspathAssetProtectionRule folderRule = (s) -> isFolderToBlock(s);
+        configuration.add("Folder", folderRule);
+    }
+    
+    final private static boolean isFolderToBlock(String path) 
+    {
+        path = path.replace('\\', '/');
+        final int lastIndex = path.lastIndexOf('/');
+        if (lastIndex >= 0)
+        {
+            path = path.substring(lastIndex);
+        }
+        return !path.contains(".");
     }
     
 }

[tapestry-5] 02/02: Adding a bit of code to try to understand a test failure

Posted by th...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

thiagohp pushed a commit to branch 5.6.x
in repository https://gitbox.apache.org/repos/asf/tapestry-5.git

commit 010ef5c4f614866c02112f6cdf2cb09a3b66c210
Author: Thiago H. de Paula Figueiredo <th...@arsmachina.com.br>
AuthorDate: Tue Mar 9 09:16:11 2021 -0300

    Adding a bit of code to try to understand a test failure
    
    in Jenkins,
    org.apache.tapestry5.integration.appfolder.AppFolderTests.asset_access
---
 .../org/apache/tapestry5/integration/appfolder/AppFolderTests.groovy   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tapestry-core/src/test/groovy/org/apache/tapestry5/integration/appfolder/AppFolderTests.groovy b/tapestry-core/src/test/groovy/org/apache/tapestry5/integration/appfolder/AppFolderTests.groovy
index 5014730..39a3700 100644
--- a/tapestry-core/src/test/groovy/org/apache/tapestry5/integration/appfolder/AppFolderTests.groovy
+++ b/tapestry-core/src/test/groovy/org/apache/tapestry5/integration/appfolder/AppFolderTests.groovy
@@ -57,6 +57,9 @@ class AppFolderTests extends GroovyTapestryCoreTestCase
         String assetURL = getAttribute("//img/@src")
 
         // Selenium now (sometimes?) adds unwanted port & host
+        if (assetURL == null) {
+            println("Asset URL is null. HTML: " + getHtmlSource())
+        }
         if (assetURL.startsWith("http")) {
             assetURL = new URL(assetURL).getPath()
         }