You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by km...@apache.org on 2015/10/29 21:19:36 UTC
knox git commit: KNOX-616: XmlUrlRewriteStreamFilter unscapes escaped
special characters
Repository: knox
Updated Branches:
refs/heads/master d98f8dd5f -> 8005afe13
KNOX-616: XmlUrlRewriteStreamFilter unscapes escaped special characters
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/8005afe1
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/8005afe1
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/8005afe1
Branch: refs/heads/master
Commit: 8005afe13790480ae3e590fef643a69901c548f6
Parents: d98f8dd
Author: Kevin Minder <ke...@hortonworks.com>
Authored: Thu Oct 29 16:19:22 2015 -0400
Committer: Kevin Minder <ke...@hortonworks.com>
Committed: Thu Oct 29 16:19:22 2015 -0400
----------------------------------------------------------------------
CHANGES | 1 +
gateway-provider-rewrite/pom.xml | 4 ++
.../rewrite/impl/xml/XmlFilterReader.java | 7 +++-
.../rewrite/impl/json/JsonFilterReaderTest.java | 18 ++++++++-
.../rewrite/impl/json/NoopJsonFilterReader.java | 39 ++++++++++++++++++++
.../rewrite/impl/xml/XmlFilterReaderTest.java | 33 +++++++++++++++++
pom.xml | 2 +-
7 files changed, 101 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/8005afe1/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index ba40223..65ddf39 100644
--- a/CHANGES
+++ b/CHANGES
@@ -28,6 +28,7 @@ Release Notes - Apache Knox - Version 0.7.0
* [KNOX-601] - Knox test failures on windows
* [KNOX-603] - Coverity: Potential resource leak in BaseKeystoreService.createKeystore
* [KNOX-614] - Incorrect URI template expansion with {**} query params #fragments
+ * [KNOX-616] - XmlUrlRewriteStreamFilter unscapes escaped special characters
------------------------------------------------------------------------------
Release Notes - Apache Knox - Version 0.6.0
http://git-wip-us.apache.org/repos/asf/knox/blob/8005afe1/gateway-provider-rewrite/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite/pom.xml b/gateway-provider-rewrite/pom.xml
index d76a157..51a362e 100644
--- a/gateway-provider-rewrite/pom.xml
+++ b/gateway-provider-rewrite/pom.xml
@@ -74,6 +74,10 @@
<artifactId>commons-io</artifactId>
</dependency>
<dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-lang3</artifactId>
+ </dependency>
+ <dependency>
<groupId>net.htmlparser.jericho</groupId>
<artifactId>jericho-html</artifactId>
</dependency>
http://git-wip-us.apache.org/repos/asf/knox/blob/8005afe1/gateway-provider-rewrite/src/main/java/org/apache/hadoop/gateway/filter/rewrite/impl/xml/XmlFilterReader.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite/src/main/java/org/apache/hadoop/gateway/filter/rewrite/impl/xml/XmlFilterReader.java b/gateway-provider-rewrite/src/main/java/org/apache/hadoop/gateway/filter/rewrite/impl/xml/XmlFilterReader.java
index 7d2a27b..2fbed1f 100644
--- a/gateway-provider-rewrite/src/main/java/org/apache/hadoop/gateway/filter/rewrite/impl/xml/XmlFilterReader.java
+++ b/gateway-provider-rewrite/src/main/java/org/apache/hadoop/gateway/filter/rewrite/impl/xml/XmlFilterReader.java
@@ -17,6 +17,7 @@
*/
package org.apache.hadoop.gateway.filter.rewrite.impl.xml;
+import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteFilterApplyDescriptor;
import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteFilterBufferDescriptor;
import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteFilterContentDescriptor;
@@ -34,6 +35,7 @@ import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.Text;
+import javax.xml.XMLConstants;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
@@ -98,6 +100,9 @@ public abstract class XmlFilterReader extends Reader {
document = null;
stack = new Stack<Level>();
factory = XMLInputFactory.newFactory();
+ factory.setProperty( XMLConstants.ACCESS_EXTERNAL_DTD, "false" );
+ factory.setProperty( XMLConstants.ACCESS_EXTERNAL_SCHEMA, "false" );
+ factory.setProperty( "javax.xml.stream.isReplacingEntityReferences", Boolean.FALSE );
parser = factory.createXMLEventReader( reader );
}
@@ -512,7 +517,7 @@ public abstract class XmlFilterReader extends Reader {
}
}
}
- writer.write( value );
+ writer.write( StringEscapeUtils.escapeXml( value ) );
}
}
http://git-wip-us.apache.org/repos/asf/knox/blob/8005afe1/gateway-provider-rewrite/src/test/java/org/apache/hadoop/gateway/filter/rewrite/impl/json/JsonFilterReaderTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite/src/test/java/org/apache/hadoop/gateway/filter/rewrite/impl/json/JsonFilterReaderTest.java b/gateway-provider-rewrite/src/test/java/org/apache/hadoop/gateway/filter/rewrite/impl/json/JsonFilterReaderTest.java
index f88f092..064b09a 100644
--- a/gateway-provider-rewrite/src/test/java/org/apache/hadoop/gateway/filter/rewrite/impl/json/JsonFilterReaderTest.java
+++ b/gateway-provider-rewrite/src/test/java/org/apache/hadoop/gateway/filter/rewrite/impl/json/JsonFilterReaderTest.java
@@ -318,7 +318,7 @@ public class JsonFilterReaderTest {
@Test
public void testInvalidConfigShouldThrowException() throws Exception {
- String input = "{ \"test-name\" : \"test-value\" }";
+ String input = "{\"test-name\":\"test-value\"}";
//System.out.println( "INPUT=" + input );
@@ -340,6 +340,22 @@ public class JsonFilterReaderTest {
}
}
+ @Test
+ public void testEscapeCharactersBugKnox616() throws Exception {
+ String input, output;
+ JsonFilterReader filter;
+
+ input = "{ \"test-name\" : \"\\\"\" }";
+ filter = new NoopJsonFilterReader( new StringReader( input ), null );
+ output = IOUtils.toString( filter );
+ assertThat( output, is( "{\"test-name\":\"\\\"\"}" ) );
+
+ input = "{\"test-name\":\"\\b\"}";
+ filter = new NoopJsonFilterReader( new StringReader( input ), null );
+ output = IOUtils.toString( filter );
+ assertThat( output, is( "{\"test-name\":\"\\b\"}" ) );
+ }
+
// private void dump( ObjectMapper mapper, JsonGenerator generator, JsonNode node ) throws IOException {
// mapper.writeTree( generator, node );
// System.out.println();
http://git-wip-us.apache.org/repos/asf/knox/blob/8005afe1/gateway-provider-rewrite/src/test/java/org/apache/hadoop/gateway/filter/rewrite/impl/json/NoopJsonFilterReader.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite/src/test/java/org/apache/hadoop/gateway/filter/rewrite/impl/json/NoopJsonFilterReader.java b/gateway-provider-rewrite/src/test/java/org/apache/hadoop/gateway/filter/rewrite/impl/json/NoopJsonFilterReader.java
new file mode 100644
index 0000000..b9734e1
--- /dev/null
+++ b/gateway-provider-rewrite/src/test/java/org/apache/hadoop/gateway/filter/rewrite/impl/json/NoopJsonFilterReader.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.filter.rewrite.impl.json;
+
+import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteFilterContentDescriptor;
+
+import java.io.IOException;
+import java.io.Reader;
+
+public class NoopJsonFilterReader extends JsonFilterReader {
+
+ public NoopJsonFilterReader( Reader reader, UrlRewriteFilterContentDescriptor config ) throws IOException {
+ super( reader, config );
+ }
+
+ protected String filterFieldName( String name ) {
+ return name;
+ }
+
+ protected String filterValueString( String name, String value, String rule ) {
+ return value;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/8005afe1/gateway-provider-rewrite/src/test/java/org/apache/hadoop/gateway/filter/rewrite/impl/xml/XmlFilterReaderTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite/src/test/java/org/apache/hadoop/gateway/filter/rewrite/impl/xml/XmlFilterReaderTest.java b/gateway-provider-rewrite/src/test/java/org/apache/hadoop/gateway/filter/rewrite/impl/xml/XmlFilterReaderTest.java
index 1767c49..fbe7769 100644
--- a/gateway-provider-rewrite/src/test/java/org/apache/hadoop/gateway/filter/rewrite/impl/xml/XmlFilterReaderTest.java
+++ b/gateway-provider-rewrite/src/test/java/org/apache/hadoop/gateway/filter/rewrite/impl/xml/XmlFilterReaderTest.java
@@ -906,6 +906,39 @@ public class XmlFilterReaderTest {
assertThat( the( output ), hasXPath( "/*[namespace-uri()='ns' and name()='root']/*[namespace-uri()='ns' and name()='node']/@attribute", equalTo( "attr" ) ) );
}
+ @Test
+ public void testEscapeCharactersBugKnox616() throws Exception {
+ String input, output;
+ StringReader reader;
+ XmlFilterReader filter;
+
+ // Ideally this should work but currently does not.
+ //input = "<tag/>";
+ //reader = new StringReader( input );
+ //filter = new NoopXmlFilterReader( reader, null );
+ //output = IOUtils.toString( filter );
+ //assertThat( output, containsString( "<tag/>" ) );
+
+ input = "<tag></tag>";
+ reader = new StringReader( input );
+ filter = new NoopXmlFilterReader( reader, null );
+ output = IOUtils.toString( filter );
+ assertThat( output, containsString( "<tag></tag>" ) );
+
+ input = "<tag><</tag>";
+ reader = new StringReader( input );
+ filter = new NoopXmlFilterReader( reader, null );
+ output = IOUtils.toString( filter );
+ assertThat( the( output ), hasXPath( "/tag" ) );
+ assertThat( output, containsString( "<tag><</tag>" ) );
+
+ input = "<tag>&</tag>";
+ reader = new StringReader( input );
+ filter = new NoopXmlFilterReader( reader, null );
+ output = IOUtils.toString( filter );
+ assertThat( output, containsString( "<tag>&</tag>" ) );
+ }
+
private class TestXmlFilterReader extends XmlFilterReader {
protected TestXmlFilterReader( Reader reader, UrlRewriteFilterContentDescriptor contentConfig ) throws IOException, ParserConfigurationException, XMLStreamException {
http://git-wip-us.apache.org/repos/asf/knox/blob/8005afe1/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 0921d65..31a5d27 100644
--- a/pom.xml
+++ b/pom.xml
@@ -872,7 +872,7 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
- <version>3.1</version>
+ <version>3.4</version>
</dependency>
<dependency>
<groupId>commons-cli</groupId>