You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2009/04/03 23:55:27 UTC
svn commit: r761815 - in /geronimo/sandbox/djencks/framework: ./
modules/geronimo-commands/src/main/groovy/org/apache/geronimo/commands/
modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/classloader/
modules/geronimo-kernel/src/main/java...
Author: djencks
Date: Fri Apr 3 21:55:27 2009
New Revision: 761815
URL: http://svn.apache.org/viewvc?rev=761815&view=rev
Log:
Merge trunk changes r749116 through r761814
Added:
geronimo/sandbox/djencks/framework/modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/util/InputUtils.java
- copied unchanged from r761814, geronimo/server/trunk/framework/modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/util/InputUtils.java
Removed:
geronimo/sandbox/djencks/framework/modules/geronimo-plugin/src/test/resources/geronimo-plugin.xml
Modified:
geronimo/sandbox/djencks/framework/ (props changed)
geronimo/sandbox/djencks/framework/modules/geronimo-commands/src/main/groovy/org/apache/geronimo/commands/ConnectCommand.groovy
geronimo/sandbox/djencks/framework/modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/classloader/DirectoryResourceLocation.java
geronimo/sandbox/djencks/framework/modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/repository/AbstractRepository.java
geronimo/sandbox/djencks/framework/modules/geronimo-kernel/src/test/java/org/apache/geronimo/kernel/classloader/UrlResourceFinderTest.java
geronimo/sandbox/djencks/framework/modules/geronimo-plugin/src/main/java/org/apache/geronimo/system/plugin/PluginInstallerGBean.java
geronimo/sandbox/djencks/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java
Propchange: geronimo/sandbox/djencks/framework/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Apr 3 21:55:27 2009
@@ -1 +1 @@
-/geronimo/server/trunk/framework:749113
+/geronimo/server/trunk/framework:749113,749116-761814
Modified: geronimo/sandbox/djencks/framework/modules/geronimo-commands/src/main/groovy/org/apache/geronimo/commands/ConnectCommand.groovy
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/framework/modules/geronimo-commands/src/main/groovy/org/apache/geronimo/commands/ConnectCommand.groovy?rev=761815&r1=761814&r2=761815&view=diff
==============================================================================
--- geronimo/sandbox/djencks/framework/modules/geronimo-commands/src/main/groovy/org/apache/geronimo/commands/ConnectCommand.groovy (original)
+++ geronimo/sandbox/djencks/framework/modules/geronimo-commands/src/main/groovy/org/apache/geronimo/commands/ConnectCommand.groovy Fri Apr 3 21:55:27 2009
@@ -24,8 +24,7 @@
import org.apache.geronimo.gshell.command.CommandSupport
import org.apache.geronimo.deployment.cli.ServerConnection
import org.apache.geronimo.deployment.cli.ServerConnection.UsernamePasswordHandler
-import org.apache.geronimo.deployment.plugin.factories.DeploymentFactoryWithKernel
-import org.apache.geronimo.deployment.plugin.jmx.RemoteDeploymentManager
+import org.apache.geronimo.deployment.plugin.factories.BaseDeploymentFactory
import org.apache.geronimo.cli.deployer.ConnectionParamsImpl
import org.apache.geronimo.kernel.basic.BasicKernel
import org.apache.geronimo.gshell.command.annotation.Requirement
@@ -71,8 +70,7 @@
}
def kernel = new BasicKernel('gshell deployer')
- def deploymentManager = new RemoteDeploymentManager(Collections.emptySet())
- def deploymentFactory = new DeploymentFactoryWithKernel(kernel, deploymentManager)
+ def deploymentFactory = new BaseDeploymentFactory()
def connectionParams = new ConnectionParamsImpl(host: hostname, port: port, user: username, password: password, offline: false, secure: secure)
def connection = new ServerConnection(connectionParams, new GShellUserPasswordHandler(prompter), kernel, deploymentFactory)
Modified: geronimo/sandbox/djencks/framework/modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/classloader/DirectoryResourceLocation.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/framework/modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/classloader/DirectoryResourceLocation.java?rev=761815&r1=761814&r2=761815&view=diff
==============================================================================
--- geronimo/sandbox/djencks/framework/modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/classloader/DirectoryResourceLocation.java (original)
+++ geronimo/sandbox/djencks/framework/modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/classloader/DirectoryResourceLocation.java Fri Apr 3 21:55:27 2009
@@ -37,7 +37,7 @@
public ResourceHandle getResourceHandle(String resourceName) {
File file = new File(baseDir, resourceName);
- if (!file.exists()) {
+ if (!file.exists() || !isLocal(file)) {
return null;
}
@@ -49,6 +49,16 @@
}
}
+ private boolean isLocal(File file) {
+ try {
+ String base = baseDir.getCanonicalPath();
+ String relative = file.getCanonicalPath();
+ return (relative.startsWith(base));
+ } catch (IOException e) {
+ return false;
+ }
+ }
+
public Manifest getManifest() throws IOException {
if (!manifestLoaded) {
File manifestFile = new File(baseDir, "META-INF/MANIFEST.MF");
Modified: geronimo/sandbox/djencks/framework/modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/repository/AbstractRepository.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/framework/modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/repository/AbstractRepository.java?rev=761815&r1=761814&r2=761815&view=diff
==============================================================================
--- geronimo/sandbox/djencks/framework/modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/repository/AbstractRepository.java (original)
+++ geronimo/sandbox/djencks/framework/modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/repository/AbstractRepository.java Fri Apr 3 21:55:27 2009
@@ -20,6 +20,8 @@
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
@@ -29,6 +31,7 @@
import java.util.zip.ZipException;
import java.util.zip.ZipFile;
+import org.apache.geronimo.kernel.util.InputUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -68,17 +71,7 @@
public void copyToRepository(File source, Artifact destination, FileWriteMonitor monitor) throws IOException {
// ensure there are no illegal chars in destination elements
- Matcher groupMatcher = ILLEGAL_CHARS.matcher(destination.getGroupId());
- Matcher artifactMatcher = ILLEGAL_CHARS.matcher(destination.getArtifactId());
- Matcher versionMatcher = ILLEGAL_CHARS.matcher(destination.getVersion().toString());
- Matcher typeMatcher = ILLEGAL_CHARS.matcher(destination.getType());
- if (groupMatcher.find() ||
- artifactMatcher.find() ||
- versionMatcher.find() ||
- typeMatcher.find())
- {
- throw new IllegalArgumentException("Artifact "+destination+" contains illegal characters, .. ( ) < > , ; : / \\ \' \" ");
- }
+ InputUtils.validateSafeInput(new ArrayList(Arrays.asList(destination.getGroupId(), destination.getArtifactId(), destination.getVersion().toString(), destination.getType())));
if(!destination.isResolved()) {
throw new IllegalArgumentException("Artifact "+destination+" is not fully resolved");
Modified: geronimo/sandbox/djencks/framework/modules/geronimo-kernel/src/test/java/org/apache/geronimo/kernel/classloader/UrlResourceFinderTest.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/framework/modules/geronimo-kernel/src/test/java/org/apache/geronimo/kernel/classloader/UrlResourceFinderTest.java?rev=761815&r1=761814&r2=761815&view=diff
==============================================================================
--- geronimo/sandbox/djencks/framework/modules/geronimo-kernel/src/test/java/org/apache/geronimo/kernel/classloader/UrlResourceFinderTest.java (original)
+++ geronimo/sandbox/djencks/framework/modules/geronimo-kernel/src/test/java/org/apache/geronimo/kernel/classloader/UrlResourceFinderTest.java Fri Apr 3 21:55:27 2009
@@ -110,6 +110,14 @@
assertNull(resource.getManifest());
}
+ public void testDirectoryResourceScope() throws Exception {
+ URL jar = new File(BASEDIR, "src/test/data/resourceFinderTest/jar1/").toURL();
+ UrlResourceFinder resourceFinder = new UrlResourceFinder(new URL[]{jar});
+
+ ResourceHandle resource = resourceFinder.getResource("../jar2/resource");
+ assertNull(resource);
+ }
+
public void testJarResource() throws Exception {
URL jar = jarFile.toURL();
UrlResourceFinder resourceFinder = new UrlResourceFinder(new URL[]{jar});
Modified: geronimo/sandbox/djencks/framework/modules/geronimo-plugin/src/main/java/org/apache/geronimo/system/plugin/PluginInstallerGBean.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/framework/modules/geronimo-plugin/src/main/java/org/apache/geronimo/system/plugin/PluginInstallerGBean.java?rev=761815&r1=761814&r2=761815&view=diff
==============================================================================
--- geronimo/sandbox/djencks/framework/modules/geronimo-plugin/src/main/java/org/apache/geronimo/system/plugin/PluginInstallerGBean.java (original)
+++ geronimo/sandbox/djencks/framework/modules/geronimo-plugin/src/main/java/org/apache/geronimo/system/plugin/PluginInstallerGBean.java Fri Apr 3 21:55:27 2009
@@ -833,25 +833,25 @@
repos.add(defaultRepository);
}
if (!restrictToDefaultRepository) {
- List<String> repoLocations;
- List<String> defaultRepoLocations;
-
if (!instance.getSourceRepository().isEmpty()) {
- repoLocations = instance.getSourceRepository();
- for (String repoLocation : repoLocations) {
- SourceRepository repo = pluginRepositoryList.getSourceRepository(repoLocation);
- repos.add(repo);
- }
+ addRepos(repos, instance.getSourceRepository());
}
//always add the default repository location no matter if the plugin instance contains source-repository.
- defaultRepoLocations = pluginsToInstall.getDefaultRepository();
- for (String defaultRepoLocation : defaultRepoLocations) {
- SourceRepository repo = pluginRepositoryList.getSourceRepository(defaultRepoLocation);
+ addRepos(repos, pluginsToInstall.getDefaultRepository());
+ }
+ return repos;
+ }
+
+ private void addRepos(List<SourceRepository> repos, List<String> repoLocations) {
+ for (String repoLocation : repoLocations) {
+ try {
+ SourceRepository repo = pluginRepositoryList.getSourceRepository(repoLocation);
repos.add(repo);
+ } catch (IllegalStateException e) {
+ log.warn("Invalid repository: " + repoLocation, e);
}
}
- return repos;
}
/**
Modified: geronimo/sandbox/djencks/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java?rev=761815&r1=761814&r2=761815&view=diff
==============================================================================
--- geronimo/sandbox/djencks/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java (original)
+++ geronimo/sandbox/djencks/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java Fri Apr 3 21:55:27 2009
@@ -55,6 +55,7 @@
import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.gbean.GBeanLifecycle;
import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.kernel.util.InputUtils;
import org.apache.geronimo.management.geronimo.KeyIsLocked;
import org.apache.geronimo.management.geronimo.KeystoreException;
import org.apache.geronimo.management.geronimo.KeystoreInstance;
@@ -364,6 +365,10 @@
}
public KeystoreInstance createKeystore(String name, char[] password, String keystoreType) throws KeystoreException {
+
+ // ensure there are no illegal chars in DB name
+ InputUtils.validateSafeInput(name);
+
File test = new File(directory, name);
if(test.exists()) {
throw new IllegalArgumentException("Keystore already exists "+test.getAbsolutePath()+"!");