You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2023/07/04 20:50:59 UTC
[tomcat] branch 10.1.x updated: Tokens should not contain or end at ')'
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 03e28e8fc2 Tokens should not contain or end at ')'
03e28e8fc2 is described below
commit 03e28e8fc29367edcca4a4f8429e762e263ddd35
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Jul 4 21:45:08 2023 +0100
Tokens should not contain or end at ')'
---
.../catalina/valves/ExtendedAccessLogValve.java | 4 +--
.../apache/catalina/valves/LocalStrings.properties | 2 ++
.../catalina/valves/TestPatternTokenizer.java | 32 ++++++++++++++++++++++
webapps/docs/changelog.xml | 4 +++
4 files changed, 39 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/valves/ExtendedAccessLogValve.java b/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
index 86c87f5bf7..c9cba36f83 100644
--- a/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
+++ b/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
@@ -412,9 +412,7 @@ public class ExtendedAccessLogValve extends AccessLogValve {
parameter = true;
return result;
case ')':
- result = buf.toString();
- buf.setLength(0);
- break;
+ throw new IOException(sm.getString("patternTokenizer.unexpectedParenthesis"));
default:
buf.append((char) c);
}
diff --git a/java/org/apache/catalina/valves/LocalStrings.properties b/java/org/apache/catalina/valves/LocalStrings.properties
index 4ceab83a78..091327fe55 100644
--- a/java/org/apache/catalina/valves/LocalStrings.properties
+++ b/java/org/apache/catalina/valves/LocalStrings.properties
@@ -128,6 +128,8 @@ http.511.reason=Network Authentication Required
jdbcAccessLogValve.close=Failed to close database
jdbcAccessLogValve.exception=Exception performing insert access entry
+patternTokenizer.unexpectedParenthesis=Unexpected ')' in pattern
+
persistentValve.acquireFailed=The request for [{0}] did not obtain the per session Semaphore as no permit was available
persistentValve.acquireInterrupted=The request for [{0}] did not obtain the per session Semaphore as it was interrupted while waiting for a permit
persistentValve.filter.failure=Unable to compile filter=[{0}]
diff --git a/test/org/apache/catalina/valves/TestPatternTokenizer.java b/test/org/apache/catalina/valves/TestPatternTokenizer.java
new file mode 100644
index 0000000000..1b19637b46
--- /dev/null
+++ b/test/org/apache/catalina/valves/TestPatternTokenizer.java
@@ -0,0 +1,32 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.valves;
+
+import java.io.IOException;
+
+import org.junit.Test;
+
+import org.apache.catalina.valves.ExtendedAccessLogValve.PatternTokenizer;
+
+public class TestPatternTokenizer {
+
+ @Test(expected = IOException.class)
+ public void doUnexpectedParenthesis() throws IOException {
+ String input = "a)aa)";
+ PatternTokenizer tokenizer = new PatternTokenizer(input);
+ tokenizer.getToken();
+ }
+}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 81c6bc07e6..dd78d44509 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -134,6 +134,10 @@
Fix potential database connection leaks in
<code>DataSourceUserDatabase</code> identified by Coverity Scan. (markt)
</fix>
+ <fix>
+ Make parsing of <code>ExtendedAccessLogValve</code> patterns more
+ robust. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org