You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2018/11/23 17:04:43 UTC

[openmeetings] branch master updated: [OPENMEETINGS-1867] string conversions are more safe

This is an automated email from the ASF dual-hosted git repository.

solomax pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openmeetings.git


The following commit(s) were added to refs/heads/master by this push:
     new f3b0c0b  [OPENMEETINGS-1867] string conversions are more safe
f3b0c0b is described below

commit f3b0c0ba0c153ac5ce5f04c88d516e1aff628748
Author: Maxim Solodovnik <so...@gmail.com>
AuthorDate: Sat Nov 24 00:00:27 2018 +0700

    [OPENMEETINGS-1867] string conversions are more safe
---
 .../openmeetings/core/converter/BaseConverter.java |  3 ++-
 .../openmeetings/core/ldap/LdapLoginManager.java   |  5 ++--
 .../core/util/StrongPasswordValidator.java         |  9 ++++---
 .../apache/openmeetings/db/util/LocaleHelper.java  |  2 +-
 .../org/apache/openmeetings/util/OmFileHelper.java |  3 ++-
 .../org/apache/openmeetings/util/StoredFile.java   |  3 ++-
 .../web/common/GroupChoiceProvider.java            |  5 ++--
 pom.xml                                            | 31 ++++++++++++++++++++++
 8 files changed, 49 insertions(+), 12 deletions(-)

diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/converter/BaseConverter.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/converter/BaseConverter.java
index 63fedec..12a8428 100644
--- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/converter/BaseConverter.java
+++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/converter/BaseConverter.java
@@ -38,6 +38,7 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
+import java.util.Locale;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -60,7 +61,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 public abstract class BaseConverter {
 	private static final Logger log = LoggerFactory.getLogger(BaseConverter.class);
 	private static final Pattern p = Pattern.compile("\\d{2,5}(x)\\d{2,5}");
-	public static final String EXEC_EXT = System.getProperty("os.name").toUpperCase().indexOf("WINDOWS") < 0 ? "" : ".exe";
+	public static final String EXEC_EXT = System.getProperty("os.name").toUpperCase(Locale.ROOT).indexOf("WINDOWS") < 0 ? "" : ".exe";
 	private static final int MINUTE_MULTIPLIER = 60 * 1000;
 	public static final int TIME_TO_WAIT_FOR_FRAME = 15 * MINUTE_MULTIPLIER;
 
diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/ldap/LdapLoginManager.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/ldap/LdapLoginManager.java
index d028127..7dc81a5 100644
--- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/ldap/LdapLoginManager.java
+++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/ldap/LdapLoginManager.java
@@ -31,6 +31,7 @@ import java.io.IOException;
 import java.util.AbstractMap;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Properties;
 
@@ -177,7 +178,7 @@ public class LdapLoginManager {
 
 		User u = null;
 		try (LdapWorker w = new LdapWorker(domainId)) {
-			String login = w.options.useLowerCase ? _login.toLowerCase() : _login;
+			String login = w.options.useLowerCase ? _login.toLowerCase(Locale.ROOT) : _login;
 
 			boolean authenticated = true;
 			Dn userDn = null;
@@ -352,7 +353,7 @@ public class LdapLoginManager {
 					login = login + "@" + ldapCfg.getDomain();
 				}
 				if (options.useLowerCase) {
-					login = login.toLowerCase();
+					login = login.toLowerCase(Locale.ROOT);
 				}
 				u.setLogin(login);
 				u.setShowContactDataToContacts(true);
diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/StrongPasswordValidator.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/StrongPasswordValidator.java
index 70db4d8..ec40471 100644
--- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/StrongPasswordValidator.java
+++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/StrongPasswordValidator.java
@@ -20,6 +20,7 @@ package org.apache.openmeetings.core.util;
 
 import static org.apache.openmeetings.util.OpenmeetingsVariables.getMinPasswdLength;
 
+import java.util.Locale;
 import java.util.Map;
 
 import org.apache.openmeetings.db.dao.label.LabelDao;
@@ -56,11 +57,11 @@ public class StrongPasswordValidator implements IValidator<String> {
 	}
 
 	private static boolean noUpperCase(String password) {
-		return password == null || password.equals(password.toLowerCase());
+		return password == null || password.equals(password.toLowerCase(Locale.ROOT));
 	}
 
 	private static boolean noLowerCase(String password) {
-		return password == null || password.equals(password.toUpperCase());
+		return password == null || password.equals(password.toUpperCase(Locale.ROOT));
 	}
 
 	private static boolean badLength(String password) {
@@ -72,8 +73,8 @@ public class StrongPasswordValidator implements IValidator<String> {
 			return false;
 		}
 		for (int i = 0; i < word.length() - 3; ++i) {
-			String substr = word.toLowerCase().substring(i, i + 3);
-			if (password.toLowerCase().indexOf(substr) > -1) {
+			String substr = word.toLowerCase(Locale.ROOT).substring(i, i + 3);
+			if (password.toLowerCase(Locale.ROOT).indexOf(substr) > -1) {
 				return true;
 			}
 		}
diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/db/util/LocaleHelper.java b/openmeetings-db/src/main/java/org/apache/openmeetings/db/util/LocaleHelper.java
index 9998cd5..e641246 100644
--- a/openmeetings-db/src/main/java/org/apache/openmeetings/db/util/LocaleHelper.java
+++ b/openmeetings-db/src/main/java/org/apache/openmeetings/db/util/LocaleHelper.java
@@ -49,7 +49,7 @@ public class LocaleHelper {
 	public static String validateCountry(String _code) {
 		List<String> list = getCountries();
 		Set<String> countries = new HashSet<>(list);
-		String code = _code == null ? "" : _code.toUpperCase();
+		String code = _code == null ? "" : _code.toUpperCase(Locale.ROOT);
 		if (!countries.contains(code)) {
 			String newCountry = list.get(0);
 			log.warn("Invalid country found: {}, will be replaced with: {}", code, newCountry);
diff --git a/openmeetings-util/src/main/java/org/apache/openmeetings/util/OmFileHelper.java b/openmeetings-util/src/main/java/org/apache/openmeetings/util/OmFileHelper.java
index 74d0acf..fee3d02 100644
--- a/openmeetings-util/src/main/java/org/apache/openmeetings/util/OmFileHelper.java
+++ b/openmeetings-util/src/main/java/org/apache/openmeetings/util/OmFileHelper.java
@@ -27,6 +27,7 @@ import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.Reader;
 import java.text.DecimalFormat;
+import java.util.Locale;
 import java.util.Properties;
 
 import org.apache.openmeetings.util.ConnectionProperties.DbType;
@@ -368,6 +369,6 @@ public class OmFileHelper {
 
 	public static String getFileExt(String name) {
 		int dotidx = name.lastIndexOf('.');
-		return dotidx < 0 ? "" : name.substring(dotidx + 1).toLowerCase();
+		return dotidx < 0 ? "" : name.substring(dotidx + 1).toLowerCase(Locale.ROOT);
 	}
 }
diff --git a/openmeetings-util/src/main/java/org/apache/openmeetings/util/StoredFile.java b/openmeetings-util/src/main/java/org/apache/openmeetings/util/StoredFile.java
index 1962543..68ba782 100644
--- a/openmeetings-util/src/main/java/org/apache/openmeetings/util/StoredFile.java
+++ b/openmeetings-util/src/main/java/org/apache/openmeetings/util/StoredFile.java
@@ -31,6 +31,7 @@ import java.io.InputStream;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.LinkedHashSet;
+import java.util.Locale;
 import java.util.Set;
 
 import org.apache.tika.config.TikaConfig;
@@ -110,7 +111,7 @@ public class StoredFile {
 			ext = getFileExt(_name);
 		} else {
 			name = _name;
-			ext = _ext.toLowerCase();
+			ext = _ext.toLowerCase(Locale.ROOT);
 		}
 		Metadata md = new Metadata();
 		md.add(RESOURCE_NAME_KEY, String.format(FILE_NAME_FMT, name, ext));
diff --git a/openmeetings-web/src/main/java/org/apache/openmeetings/web/common/GroupChoiceProvider.java b/openmeetings-web/src/main/java/org/apache/openmeetings/web/common/GroupChoiceProvider.java
index c082792..bd8bcaa 100644
--- a/openmeetings-web/src/main/java/org/apache/openmeetings/web/common/GroupChoiceProvider.java
+++ b/openmeetings-web/src/main/java/org/apache/openmeetings/web/common/GroupChoiceProvider.java
@@ -23,6 +23,7 @@ import static org.apache.openmeetings.web.app.WebSession.getUserId;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
+import java.util.Locale;
 
 import org.apache.openmeetings.db.dao.user.GroupDao;
 import org.apache.openmeetings.db.dao.user.UserDao;
@@ -47,14 +48,14 @@ public class GroupChoiceProvider extends ChoiceProvider<Group> {
 		if (WebSession.getRights().contains(User.Right.Admin)) {
 			List<Group> groups = groupDao.get(0, Integer.MAX_VALUE);
 			for (Group g : groups) {
-				if (Strings.isEmpty(term) || g.getName().toLowerCase().contains(term.toLowerCase())) {
+				if (Strings.isEmpty(term) || g.getName().toLowerCase(Locale.ROOT).contains(term.toLowerCase(Locale.ROOT))) {
 					response.add(g);
 				}
 			}
 		} else {
 			User u = userDao.get(getUserId());
 			for (GroupUser ou : u.getGroupUsers()) {
-				if (Strings.isEmpty(term) || ou.getGroup().getName().toLowerCase().contains(term.toLowerCase())) {
+				if (Strings.isEmpty(term) || ou.getGroup().getName().toLowerCase(Locale.ROOT).contains(term.toLowerCase(Locale.ROOT))) {
 					response.add(ou.getGroup());
 				}
 			}
diff --git a/pom.xml b/pom.xml
index 29b0e3c..b96e0de 100644
--- a/pom.xml
+++ b/pom.xml
@@ -70,6 +70,7 @@
 		<maven-jarsigner-plugin.version>3.0.0</maven-jarsigner-plugin.version>
 		<sonar-maven-plugin.version>3.5.0.1254</sonar-maven-plugin.version>
 		<jacoco-maven-plugin.versoin>0.8.2</jacoco-maven-plugin.versoin>
+		<forbiddenapis.version>2.6</forbiddenapis.version>
 		<!-- dependency versions -->
 		<junit.version>4.12</junit.version>
 		<wicket.version>8.2.0</wicket.version>
@@ -740,6 +741,19 @@
 					</execution>
 				</executions>
 			</plugin>
+			<plugin>
+				<groupId>de.thetaphi</groupId>
+				<artifactId>forbiddenapis</artifactId>
+				<executions>
+					<execution>
+						<id>forbiddenapis</id>
+						<goals>
+							<goal>check</goal>
+							<goal>testCheck</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
 		</plugins>
  		<pluginManagement>
 			<plugins>
@@ -933,6 +947,23 @@
 						<append>true</append>
 					</configuration>
 				</plugin>
+				<plugin>
+					<groupId>de.thetaphi</groupId>
+					<artifactId>forbiddenapis</artifactId>
+					<version>${forbiddenapis.version}</version>
+					<configuration>
+						<failOnUnsupportedJava>false</failOnUnsupportedJava>
+						<signatures><![CDATA[
+							@defaultMessage Specify Locale.ROOT to ensure locale insensitive conversion
+							java.lang.String#toLowerCase()
+							java.lang.String#toUpperCase()
+						]]></signatures>
+						<bundledSignatures>
+							<bundledSignature>jdk-deprecated</bundledSignature>
+							<bundledSignature>jdk-non-portable</bundledSignature>
+						</bundledSignatures>
+					</configuration>
+				</plugin>
 			</plugins>
 		</pluginManagement>
 	</build>