You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@olingo.apache.org by mi...@apache.org on 2016/08/30 19:00:27 UTC
olingo-odata2 git commit: [OLINGO-1016] Fix allowed characters in
batch header names
Repository: olingo-odata2
Updated Branches:
refs/heads/master 8b6b25733 -> 0689384db
[OLINGO-1016] Fix allowed characters in batch header names
Project: http://git-wip-us.apache.org/repos/asf/olingo-odata2/repo
Commit: http://git-wip-us.apache.org/repos/asf/olingo-odata2/commit/0689384d
Tree: http://git-wip-us.apache.org/repos/asf/olingo-odata2/tree/0689384d
Diff: http://git-wip-us.apache.org/repos/asf/olingo-odata2/diff/0689384d
Branch: refs/heads/master
Commit: 0689384db6f11f888faf09d150adb60e654eb6e4
Parents: 8b6b257
Author: mibo <mi...@apache.org>
Authored: Tue Aug 30 20:58:46 2016 +0200
Committer: mibo <mi...@apache.org>
Committed: Tue Aug 30 20:58:46 2016 +0200
----------------------------------------------------------------------
.../odata2/core/batch/v2/BatchParserCommon.java | 37 ++++++++++++++------
.../core/batch/v2/BatchParserCommonTest.java | 29 ++++++++++++---
2 files changed, 51 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/olingo-odata2/blob/0689384d/odata2-lib/odata-core/src/main/java/org/apache/olingo/odata2/core/batch/v2/BatchParserCommon.java
----------------------------------------------------------------------
diff --git a/odata2-lib/odata-core/src/main/java/org/apache/olingo/odata2/core/batch/v2/BatchParserCommon.java b/odata2-lib/odata-core/src/main/java/org/apache/olingo/odata2/core/batch/v2/BatchParserCommon.java
index 47b169c..76b44ce 100644
--- a/odata2-lib/odata-core/src/main/java/org/apache/olingo/odata2/core/batch/v2/BatchParserCommon.java
+++ b/odata2-lib/odata-core/src/main/java/org/apache/olingo/odata2/core/batch/v2/BatchParserCommon.java
@@ -42,15 +42,32 @@ public class BatchParserCommon {
private static final Pattern PATTERN_LAST_CRLF = Pattern.compile("(.*)(\r\n){1}( *)", Pattern.DOTALL);
- private static final String REG_EX_BOUNDARY =
- "([a-zA-Z0-9_\\-\\.'\\+]{1,70})|\"([a-zA-Z0-9_\\-\\.'\\+\\s\\" +
- "(\\),/:=\\?]{1,69}[a-zA-Z0-9_\\-\\.'\\+\\(\\),/:=\\?])\""; // See RFC 2046
-
- public static final Pattern PATTERN_MULTIPART_MIXED = Pattern
- .compile("multipart/mixed(.*)", Pattern.CASE_INSENSITIVE);
- final static String REG_EX_APPLICATION_HTTP = "application/http";
- public static final Pattern PATTERN_HEADER_LINE = Pattern.compile("([a-zA-Z\\-]+):\\s?(.*)\\s*");
- public static final Pattern PATTERN_CONTENT_TYPE_APPLICATION_HTTP = Pattern.compile(REG_EX_APPLICATION_HTTP,
+ // Multipart boundaries are defined in RFC 2046:
+ // boundary := 0*69<bchars> bcharsnospace
+ // bchars := bcharsnospace / " "
+ // bcharsnospace := DIGIT / ALPHA / "'" / "(" / ")" / "+" / "_" / "," / "-" / "." / "/" / ":" / "=" / "?"
+ // The first alternative is for the case that only characters are used that don't need quoting.
+ private static final Pattern PATTERN_BOUNDARY = Pattern.compile(
+ "((?:\\w|[-.'+]){1,70})|"
+ + "\"((?:\\w|[-.'+(),/:=?]|\\s){0,69}(?:\\w|[-.'+(),/:=?]))\"");
+
+ // HTTP header fields are defined in RFC 7230:
+ // header-field = field-name ":" OWS field-value OWS
+ // field-name = token
+ // field-value = *( field-content / obs-fold )
+ // field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ]
+ // field-vchar = VCHAR / obs-text
+ // obs-fold = CRLF 1*( SP / HTAB )
+ // token = 1*tchar
+ // tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
+ // / DIGIT / ALPHA
+ // For the field-name the specification is followed strictly,
+ // but for the field-value the pattern currently accepts more than specified.
+ protected static final Pattern PATTERN_HEADER_LINE = Pattern.compile("((?:\\w|[!#$%\\&'*+\\-.^`|~])+):\\s?(.*)\\s*");
+
+ public static final Pattern PATTERN_MULTIPART_MIXED = Pattern.compile("multipart/mixed(.*)",
+ Pattern.CASE_INSENSITIVE);
+ public static final Pattern PATTERN_CONTENT_TYPE_APPLICATION_HTTP = Pattern.compile("application/http",
Pattern.CASE_INSENSITIVE);
public static final Pattern PATTERN_RELATIVE_URI = Pattern.compile("([^/][^?]*)(\\?.*)?");
@@ -226,7 +243,7 @@ public class BatchParserCommon {
final String[] attrValue = pair.split("=");
if (attrValue.length == 2 && "boundary".equals(attrValue[0].trim().toLowerCase(Locale.ENGLISH))) {
- if (attrValue[1].matches(REG_EX_BOUNDARY)) {
+ if (PATTERN_BOUNDARY.matcher(attrValue[1]).matches()) {
return trimQuota(attrValue[1].trim());
} else {
throw new BatchException(BatchException.INVALID_BOUNDARY.addContent(line));
http://git-wip-us.apache.org/repos/asf/olingo-odata2/blob/0689384d/odata2-lib/odata-core/src/test/java/org/apache/olingo/odata2/core/batch/v2/BatchParserCommonTest.java
----------------------------------------------------------------------
diff --git a/odata2-lib/odata-core/src/test/java/org/apache/olingo/odata2/core/batch/v2/BatchParserCommonTest.java b/odata2-lib/odata-core/src/test/java/org/apache/olingo/odata2/core/batch/v2/BatchParserCommonTest.java
index 95d7dc5..dc5b63c 100644
--- a/odata2-lib/odata-core/src/test/java/org/apache/olingo/odata2/core/batch/v2/BatchParserCommonTest.java
+++ b/odata2-lib/odata-core/src/test/java/org/apache/olingo/odata2/core/batch/v2/BatchParserCommonTest.java
@@ -18,7 +18,9 @@
******************************************************************************/
package org.apache.olingo.odata2.core.batch.v2;
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
import java.util.ArrayList;
import java.util.List;
@@ -26,9 +28,6 @@ import java.util.List;
import org.apache.olingo.odata2.api.batch.BatchException;
import org.apache.olingo.odata2.api.commons.HttpHeaders;
import org.apache.olingo.odata2.core.batch.BatchHelper;
-import org.apache.olingo.odata2.core.batch.v2.BatchParserCommon;
-import org.apache.olingo.odata2.core.batch.v2.Header;
-import org.apache.olingo.odata2.core.batch.v2.Line;
import org.junit.Test;
public class BatchParserCommonTest {
@@ -169,7 +168,27 @@ public class BatchParserCommonTest {
assertNotNull(acceptLanguageHeader);
assertEquals(3, acceptLanguageHeader.size());
}
-
+
+ @Test
+ public void headersWithSpecialNames() throws Exception {
+ final Header header = BatchParserCommon.consumeHeaders(toLineList(new String[] {
+ "Test0123456789: 42" + CRLF,
+ "a_b: c/d" + CRLF,
+ "!#$%&'*+-.^_`|~: weird" + CRLF }));
+ assertNotNull(header);
+ assertEquals("42", header.getHeader("Test0123456789"));
+ assertEquals("c/d", header.getHeader("a_b"));
+ assertEquals("weird", header.getHeader("!#$%&'*+-.^_`|~"));
+ }
+
+ @Test
+ public void headerWithWrongName() throws Exception {
+ final Header header = BatchParserCommon.consumeHeaders(toLineList(new String[] {
+ "a,b: c/d" + CRLF }));
+ assertNotNull(header);
+ assertNull(header.getHeader("a,b"));
+ }
+
@Test
public void testRemoveEndingCRLF() {
String line = "Test\r\n";