You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by el...@apache.org on 2016/08/16 09:16:19 UTC
[1/2] mina git commit: Added some filter to avoid AGNL request that
could cause some code execution on the server
Repository: mina
Updated Branches:
refs/heads/2.0 5be12d6b6 -> 9896a4657
Added some filter to avoid AGNL request that could cause some code execution on the server
Project: http://git-wip-us.apache.org/repos/asf/mina/repo
Commit: http://git-wip-us.apache.org/repos/asf/mina/commit/7e7b97f1
Tree: http://git-wip-us.apache.org/repos/asf/mina/tree/7e7b97f1
Diff: http://git-wip-us.apache.org/repos/asf/mina/diff/7e7b97f1
Branch: refs/heads/2.0
Commit: 7e7b97f18fe61961a7cdf88731790cdc8554607f
Parents: 5be12d6
Author: Emmanuel L�charny <el...@symas.com>
Authored: Tue Aug 16 11:15:43 2016 +0200
Committer: Emmanuel L�charny <el...@symas.com>
Committed: Tue Aug 16 11:15:43 2016 +0200
----------------------------------------------------------------------
.../mina/integration/ognl/IoSessionFinder.java | 29 ++++++++++++++++++++
1 file changed, 29 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mina/blob/7e7b97f1/mina-integration-ognl/src/main/java/org/apache/mina/integration/ognl/IoSessionFinder.java
----------------------------------------------------------------------
diff --git a/mina-integration-ognl/src/main/java/org/apache/mina/integration/ognl/IoSessionFinder.java b/mina-integration-ognl/src/main/java/org/apache/mina/integration/ognl/IoSessionFinder.java
index f361e42..28fd9c3 100644
--- a/mina-integration-ognl/src/main/java/org/apache/mina/integration/ognl/IoSessionFinder.java
+++ b/mina-integration-ognl/src/main/java/org/apache/mina/integration/ognl/IoSessionFinder.java
@@ -56,6 +56,35 @@ public class IoSessionFinder {
throw new IllegalArgumentException("query is empty.");
}
+ // Only accept queries like [a-zA-Z_$ ]+ (== | < | > | <= | >=) [a-zA-Z\-$\.0-9 ]+
+ int comp = -1;
+
+ for (int i=0; i<query.length();i++) {
+ char c = query.charAt(i);
+
+ if ((c == '=') || (c == '<') || (c == '>') || (c == '!')) {
+ comp = i;
+ } else if ( !Character.isJavaIdentifierPart(c) && (c != ' ')) {
+ throw new IllegalArgumentException("Invalid query.");
+ } else {
+ if ( comp > 0) {
+ break;
+ }
+ }
+ }
+
+ if (comp<=0) {
+ throw new IllegalArgumentException("Invalid query.");
+ }
+
+ for (int i=comp+1; i<query.length();i++) {
+ char c = query.charAt(i);
+
+ if (!Character.isJavaIdentifierPart(c) && (c != ' ') && (c != '"') && (c != '\'')) {
+ throw new IllegalArgumentException("Invalid query.");
+ }
+ }
+
this.query = query;
try {
[2/2] mina git commit: Make Java 7 the target
Posted by el...@apache.org.
Make Java 7 the target
Project: http://git-wip-us.apache.org/repos/asf/mina/repo
Commit: http://git-wip-us.apache.org/repos/asf/mina/commit/9896a465
Tree: http://git-wip-us.apache.org/repos/asf/mina/tree/9896a465
Diff: http://git-wip-us.apache.org/repos/asf/mina/diff/9896a465
Branch: refs/heads/2.0
Commit: 9896a4657fcc6261451bd0910aa8ac7b79b6f793
Parents: 7e7b97f
Author: Emmanuel L�charny <el...@symas.com>
Authored: Tue Aug 16 11:16:03 2016 +0200
Committer: Emmanuel L�charny <el...@symas.com>
Committed: Tue Aug 16 11:16:03 2016 +0200
----------------------------------------------------------------------
pom.xml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mina/blob/9896a465/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 82c9f1f..9aef8e9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -457,8 +457,8 @@
<artifactId>maven-compiler-plugin</artifactId>
<version>${version.compiler.plugin}</version>
<configuration>
- <source>1.5</source>
- <target>1.5</target>
+ <source>1.7</source>
+ <target>1.7</target>
<optimize>true</optimize>
<showDeprecations>true</showDeprecations>
<encoding>ISO-8859-1</encoding>
@@ -760,8 +760,8 @@
<version>${version.compiler.plugin}</version>
<configuration>
<encoding>UTF-8</encoding>
- <source>1.5</source>
- <target>1.5</target>
+ <source>1.7</source>
+ <target>1.7</target>
<debug>true</debug>
<optimize>true</optimize>
<showDeprecations>true</showDeprecations>