You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Richard Emberson (JIRA)" <ji...@apache.org> on 2011/07/04 01:33:21 UTC
[jira] [Created] (WICKET-3863) SecurePackageResourceGuard
acceptAbsolutePath pattern check loop
SecurePackageResourceGuard acceptAbsolutePath pattern check loop
-----------------------------------------------------------------
Key: WICKET-3863
URL: https://issues.apache.org/jira/browse/WICKET-3863
Project: Wicket
Issue Type: Bug
Components: wicket-core
Affects Versions: 1.5-RC5.1
Environment: all
Reporter: Richard Emberson
Priority: Minor
The following loop might want to break out if a hit (== true) is found:
// Check against the pattern
boolean hit = false;
for (SearchPattern pattern : this.pattern)
{
if ((pattern != null) && pattern.isActive())
{
if (pattern.matches(path))
{
hit = pattern.isInclude();
}
}
}
as it is, one pattern.isInclued could return true, but the next one false,
Mayby break out of loop if hit == true???
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (WICKET-3863) SecurePackageResourceGuard
acceptAbsolutePath pattern check loop
Posted by "Martin Grigorov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-3863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Grigorov resolved WICKET-3863.
-------------------------------------
Resolution: Not A Problem
According to its javadoc this is by design:
"All pattern are executed in the order they were provided. All pattern are executed to determine if access can be granted or not."
Also there is a unit test for this specific case.
> SecurePackageResourceGuard acceptAbsolutePath pattern check loop
> -----------------------------------------------------------------
>
> Key: WICKET-3863
> URL: https://issues.apache.org/jira/browse/WICKET-3863
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
> Affects Versions: 1.5-RC5.1
> Environment: all
> Reporter: Richard Emberson
> Priority: Minor
>
> The following loop might want to break out if a hit (== true) is found:
> // Check against the pattern
> boolean hit = false;
> for (SearchPattern pattern : this.pattern)
> {
> if ((pattern != null) && pattern.isActive())
> {
> if (pattern.matches(path))
> {
> hit = pattern.isInclude();
> }
> }
> }
> as it is, one pattern.isInclued could return true, but the next one false,
> Mayby break out of loop if hit == true???
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Reopened] (WICKET-3863) SecurePackageResourceGuard
acceptAbsolutePath pattern check loop
Posted by "Martin Grigorov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-3863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Grigorov reopened WICKET-3863:
-------------------------------------
Re-opening for re=evaluation.
> SecurePackageResourceGuard acceptAbsolutePath pattern check loop
> -----------------------------------------------------------------
>
> Key: WICKET-3863
> URL: https://issues.apache.org/jira/browse/WICKET-3863
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
> Affects Versions: 1.5-RC5.1
> Environment: all
> Reporter: Richard Emberson
> Priority: Minor
>
> The following loop might want to break out if a hit (== true) is found:
> // Check against the pattern
> boolean hit = false;
> for (SearchPattern pattern : this.pattern)
> {
> if ((pattern != null) && pattern.isActive())
> {
> if (pattern.matches(path))
> {
> hit = pattern.isInclude();
> }
> }
> }
> as it is, one pattern.isInclued could return true, but the next one false,
> Mayby break out of loop if hit == true???
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (WICKET-3863) SecurePackageResourceGuard
acceptAbsolutePath pattern check loop
Posted by "Richard Emberson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-3863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13059429#comment-13059429 ]
Richard Emberson commented on WICKET-3863:
------------------------------------------
Then why not traverse the patterns in *reverse* order and break after the first one for whcih
pattern.matches(path) == true
setting
hit = pattern.isInclude();
for that pattern???
boolean hit = false;
for (SearchPattern pattern : this.pattern.reverse) {
if ((pattern != null) && pattern.isActive()) {
if (pattern.matches(path)) {
hit = pattern.isInclude();
break;
}
}
}
> SecurePackageResourceGuard acceptAbsolutePath pattern check loop
> -----------------------------------------------------------------
>
> Key: WICKET-3863
> URL: https://issues.apache.org/jira/browse/WICKET-3863
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
> Affects Versions: 1.5-RC5.1
> Environment: all
> Reporter: Richard Emberson
> Priority: Minor
>
> The following loop might want to break out if a hit (== true) is found:
> // Check against the pattern
> boolean hit = false;
> for (SearchPattern pattern : this.pattern)
> {
> if ((pattern != null) && pattern.isActive())
> {
> if (pattern.matches(path))
> {
> hit = pattern.isInclude();
> }
> }
> }
> as it is, one pattern.isInclued could return true, but the next one false,
> Mayby break out of loop if hit == true???
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (WICKET-3863) SecurePackageResourceGuard
acceptAbsolutePath pattern check loop
Posted by "Martin Grigorov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-3863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Grigorov reassigned WICKET-3863:
---------------------------------------
Assignee: Martin Grigorov
> SecurePackageResourceGuard acceptAbsolutePath pattern check loop
> -----------------------------------------------------------------
>
> Key: WICKET-3863
> URL: https://issues.apache.org/jira/browse/WICKET-3863
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
> Affects Versions: 1.5-RC5.1
> Environment: all
> Reporter: Richard Emberson
> Assignee: Martin Grigorov
> Priority: Minor
> Fix For: 1.5-RC6
>
>
> The following loop might want to break out if a hit (== true) is found:
> // Check against the pattern
> boolean hit = false;
> for (SearchPattern pattern : this.pattern)
> {
> if ((pattern != null) && pattern.isActive())
> {
> if (pattern.matches(path))
> {
> hit = pattern.isInclude();
> }
> }
> }
> as it is, one pattern.isInclued could return true, but the next one false,
> Mayby break out of loop if hit == true???
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (WICKET-3863) SecurePackageResourceGuard
acceptAbsolutePath pattern check loop
Posted by "Martin Grigorov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-3863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Grigorov resolved WICKET-3863.
-------------------------------------
Resolution: Fixed
Fix Version/s: 1.5-RC6
> SecurePackageResourceGuard acceptAbsolutePath pattern check loop
> -----------------------------------------------------------------
>
> Key: WICKET-3863
> URL: https://issues.apache.org/jira/browse/WICKET-3863
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
> Affects Versions: 1.5-RC5.1
> Environment: all
> Reporter: Richard Emberson
> Assignee: Martin Grigorov
> Priority: Minor
> Fix For: 1.5-RC6
>
>
> The following loop might want to break out if a hit (== true) is found:
> // Check against the pattern
> boolean hit = false;
> for (SearchPattern pattern : this.pattern)
> {
> if ((pattern != null) && pattern.isActive())
> {
> if (pattern.matches(path))
> {
> hit = pattern.isInclude();
> }
> }
> }
> as it is, one pattern.isInclued could return true, but the next one false,
> Mayby break out of loop if hit == true???
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira