You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2014/04/08 15:43:12 UTC

[Bug 56366] New: Use case-insensitive matching in StandardJarScanner

https://issues.apache.org/bugzilla/show_bug.cgi?id=56366

            Bug ID: 56366
           Summary: Use case-insensitive matching in StandardJarScanner
           Product: Tomcat 8
           Version: 8.0.5
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: knst.kolinko@gmail.com

>From code review while working on bug 56365, the JAR scanning feature uses
case-sensitive name checks in a number of places:

a) in path.endsWith(Constants.JAR_EXT) check in StandardJarScanner#scan(..)
b) when matching file names in o.a.t.util.file.Matcher

I think it would be better to perform such checks case-insensitively.

(Does this affect QSYS.LIB on AS/400 ?)

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 56366] Use case-insensitive matching in StandardJarScanner

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=56366

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID
                 OS|                            |All

--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Section 10.5 of the Servlet spec requires that JAR files deployed as part of a
web application have an extension of '.jar'

Tomcat performs all operations relating to static files within web applicaitons
(including JAR files) in a case sensitive manner to avoid security issues
caused by mixing case sensitive and case insensitive matching even on platforms
where the file system is not case sensitive.

Note:
- The JAR file specification explicitly places no limits on the name of a JAR
file.
- File names are case sensitive on most operating systems. Windows is the major
exception.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org