You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2020/02/17 18:36:26 UTC

[cxf] 01/02: Cxf 8208 - Handle exceptions when looking up swagger ui resources (#637)

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit ef22e75d168654144d15426153f5c8891a2b1f7b
Author: Nate Chadwick <na...@gmail.com>
AuthorDate: Mon Feb 17 12:40:59 2020 -0500

    Cxf 8208 - Handle exceptions when looking up swagger ui resources (#637)
    
    * Fix condition where swaggerui resource would fail requests with special
    characters. add test CXF-8208
    
    * CXF-8208 add junit, fix exception handler
    
    * Specify IllegalArgumentException
    
    * Remove try catch - add expected.
    
    * Update SwaggerUiResourceLocator.java
    
    Removed unneeded import.
    
    * Update SwaggerUIResourceLocatorTest.java
    
    Co-authored-by: Colm O hEigeartaigh <co...@users.noreply.github.com>
    (cherry picked from commit 2a6b7327c584b6394a795c26c9cb7897900dcf63)
    (cherry picked from commit 97c854bbe30a77b4925704f59b187158054296bf)
---
 rt/rs/description-swagger-ui/pom.xml               |  5 +++
 .../jaxrs/swagger/ui/SwaggerUiResourceLocator.java |  8 +++-
 .../swagger/ui/SwaggerUIResourceLocatorTest.java   | 43 ++++++++++++++++++++++
 3 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/rt/rs/description-swagger-ui/pom.xml b/rt/rs/description-swagger-ui/pom.xml
index 464153c..ed5fea9a 100644
--- a/rt/rs/description-swagger-ui/pom.xml
+++ b/rt/rs/description-swagger-ui/pom.xml
@@ -51,5 +51,10 @@
             <scope>provided</scope>
             <optional>true</optional>
         </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 </project>
diff --git a/rt/rs/description-swagger-ui/src/main/java/org/apache/cxf/jaxrs/swagger/ui/SwaggerUiResourceLocator.java b/rt/rs/description-swagger-ui/src/main/java/org/apache/cxf/jaxrs/swagger/ui/SwaggerUiResourceLocator.java
index 45da62d..6c396dd 100644
--- a/rt/rs/description-swagger-ui/src/main/java/org/apache/cxf/jaxrs/swagger/ui/SwaggerUiResourceLocator.java
+++ b/rt/rs/description-swagger-ui/src/main/java/org/apache/cxf/jaxrs/swagger/ui/SwaggerUiResourceLocator.java
@@ -50,8 +50,14 @@ public class SwaggerUiResourceLocator {
         if (resourcePath.startsWith("/")) {
             resourcePath = resourcePath.substring(1);
         }
+        URL ret;
 
-        return URI.create(swaggerUiRoot + resourcePath).toURL();
+        try {
+            ret = URI.create(swaggerUiRoot + resourcePath).toURL();
+        } catch (IllegalArgumentException ex) {
+            throw new MalformedURLException(ex.getMessage());
+        }
+        return ret;
     }
 
     /**
diff --git a/rt/rs/description-swagger-ui/src/test/java/org/apache/cxf/jaxrs/swagger/ui/SwaggerUIResourceLocatorTest.java b/rt/rs/description-swagger-ui/src/test/java/org/apache/cxf/jaxrs/swagger/ui/SwaggerUIResourceLocatorTest.java
new file mode 100644
index 0000000..198127e
--- /dev/null
+++ b/rt/rs/description-swagger-ui/src/test/java/org/apache/cxf/jaxrs/swagger/ui/SwaggerUIResourceLocatorTest.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.jaxrs.swagger.ui;
+
+import java.net.MalformedURLException;
+
+import org.junit.Test;
+
+
+
+public class SwaggerUIResourceLocatorTest {
+
+    @Test(expected = MalformedURLException.class)
+    public void testLocateWithBadCharactersInUrl() throws MalformedURLException {
+        String url =
+                "jar:file:/Volumes/bigdrive/test157/jetty/base/webapps/"
+                + "Rhythmyx/WEB-INF/lib/swagger-ui-2.2.10-1.jar!/META-INF/resources/"
+                + "webjars/swagger-ui/2.2.10-1/assets/by-path//Assets/uploads/"
+                + "Screen Shot 2020-02-05 at 10.50.53 AM.png";
+
+        SwaggerUiResourceLocator locator = new SwaggerUiResourceLocator("/");
+
+        locator.locate(url);
+        
+    }
+}