You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2018/11/23 17:04:43 UTC
[openmeetings] branch master updated: [OPENMEETINGS-1867] string
conversions are more safe
This is an automated email from the ASF dual-hosted git repository.
solomax pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openmeetings.git
The following commit(s) were added to refs/heads/master by this push:
new f3b0c0b [OPENMEETINGS-1867] string conversions are more safe
f3b0c0b is described below
commit f3b0c0ba0c153ac5ce5f04c88d516e1aff628748
Author: Maxim Solodovnik <so...@gmail.com>
AuthorDate: Sat Nov 24 00:00:27 2018 +0700
[OPENMEETINGS-1867] string conversions are more safe
---
.../openmeetings/core/converter/BaseConverter.java | 3 ++-
.../openmeetings/core/ldap/LdapLoginManager.java | 5 ++--
.../core/util/StrongPasswordValidator.java | 9 ++++---
.../apache/openmeetings/db/util/LocaleHelper.java | 2 +-
.../org/apache/openmeetings/util/OmFileHelper.java | 3 ++-
.../org/apache/openmeetings/util/StoredFile.java | 3 ++-
.../web/common/GroupChoiceProvider.java | 5 ++--
pom.xml | 31 ++++++++++++++++++++++
8 files changed, 49 insertions(+), 12 deletions(-)
diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/converter/BaseConverter.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/converter/BaseConverter.java
index 63fedec..12a8428 100644
--- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/converter/BaseConverter.java
+++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/converter/BaseConverter.java
@@ -38,6 +38,7 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
+import java.util.Locale;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -60,7 +61,7 @@ import org.springframework.beans.factory.annotation.Autowired;
public abstract class BaseConverter {
private static final Logger log = LoggerFactory.getLogger(BaseConverter.class);
private static final Pattern p = Pattern.compile("\\d{2,5}(x)\\d{2,5}");
- public static final String EXEC_EXT = System.getProperty("os.name").toUpperCase().indexOf("WINDOWS") < 0 ? "" : ".exe";
+ public static final String EXEC_EXT = System.getProperty("os.name").toUpperCase(Locale.ROOT).indexOf("WINDOWS") < 0 ? "" : ".exe";
private static final int MINUTE_MULTIPLIER = 60 * 1000;
public static final int TIME_TO_WAIT_FOR_FRAME = 15 * MINUTE_MULTIPLIER;
diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/ldap/LdapLoginManager.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/ldap/LdapLoginManager.java
index d028127..7dc81a5 100644
--- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/ldap/LdapLoginManager.java
+++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/ldap/LdapLoginManager.java
@@ -31,6 +31,7 @@ import java.io.IOException;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.List;
+import java.util.Locale;
import java.util.Map;
import java.util.Properties;
@@ -177,7 +178,7 @@ public class LdapLoginManager {
User u = null;
try (LdapWorker w = new LdapWorker(domainId)) {
- String login = w.options.useLowerCase ? _login.toLowerCase() : _login;
+ String login = w.options.useLowerCase ? _login.toLowerCase(Locale.ROOT) : _login;
boolean authenticated = true;
Dn userDn = null;
@@ -352,7 +353,7 @@ public class LdapLoginManager {
login = login + "@" + ldapCfg.getDomain();
}
if (options.useLowerCase) {
- login = login.toLowerCase();
+ login = login.toLowerCase(Locale.ROOT);
}
u.setLogin(login);
u.setShowContactDataToContacts(true);
diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/StrongPasswordValidator.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/StrongPasswordValidator.java
index 70db4d8..ec40471 100644
--- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/StrongPasswordValidator.java
+++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/StrongPasswordValidator.java
@@ -20,6 +20,7 @@ package org.apache.openmeetings.core.util;
import static org.apache.openmeetings.util.OpenmeetingsVariables.getMinPasswdLength;
+import java.util.Locale;
import java.util.Map;
import org.apache.openmeetings.db.dao.label.LabelDao;
@@ -56,11 +57,11 @@ public class StrongPasswordValidator implements IValidator<String> {
}
private static boolean noUpperCase(String password) {
- return password == null || password.equals(password.toLowerCase());
+ return password == null || password.equals(password.toLowerCase(Locale.ROOT));
}
private static boolean noLowerCase(String password) {
- return password == null || password.equals(password.toUpperCase());
+ return password == null || password.equals(password.toUpperCase(Locale.ROOT));
}
private static boolean badLength(String password) {
@@ -72,8 +73,8 @@ public class StrongPasswordValidator implements IValidator<String> {
return false;
}
for (int i = 0; i < word.length() - 3; ++i) {
- String substr = word.toLowerCase().substring(i, i + 3);
- if (password.toLowerCase().indexOf(substr) > -1) {
+ String substr = word.toLowerCase(Locale.ROOT).substring(i, i + 3);
+ if (password.toLowerCase(Locale.ROOT).indexOf(substr) > -1) {
return true;
}
}
diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/db/util/LocaleHelper.java b/openmeetings-db/src/main/java/org/apache/openmeetings/db/util/LocaleHelper.java
index 9998cd5..e641246 100644
--- a/openmeetings-db/src/main/java/org/apache/openmeetings/db/util/LocaleHelper.java
+++ b/openmeetings-db/src/main/java/org/apache/openmeetings/db/util/LocaleHelper.java
@@ -49,7 +49,7 @@ public class LocaleHelper {
public static String validateCountry(String _code) {
List<String> list = getCountries();
Set<String> countries = new HashSet<>(list);
- String code = _code == null ? "" : _code.toUpperCase();
+ String code = _code == null ? "" : _code.toUpperCase(Locale.ROOT);
if (!countries.contains(code)) {
String newCountry = list.get(0);
log.warn("Invalid country found: {}, will be replaced with: {}", code, newCountry);
diff --git a/openmeetings-util/src/main/java/org/apache/openmeetings/util/OmFileHelper.java b/openmeetings-util/src/main/java/org/apache/openmeetings/util/OmFileHelper.java
index 74d0acf..fee3d02 100644
--- a/openmeetings-util/src/main/java/org/apache/openmeetings/util/OmFileHelper.java
+++ b/openmeetings-util/src/main/java/org/apache/openmeetings/util/OmFileHelper.java
@@ -27,6 +27,7 @@ import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.text.DecimalFormat;
+import java.util.Locale;
import java.util.Properties;
import org.apache.openmeetings.util.ConnectionProperties.DbType;
@@ -368,6 +369,6 @@ public class OmFileHelper {
public static String getFileExt(String name) {
int dotidx = name.lastIndexOf('.');
- return dotidx < 0 ? "" : name.substring(dotidx + 1).toLowerCase();
+ return dotidx < 0 ? "" : name.substring(dotidx + 1).toLowerCase(Locale.ROOT);
}
}
diff --git a/openmeetings-util/src/main/java/org/apache/openmeetings/util/StoredFile.java b/openmeetings-util/src/main/java/org/apache/openmeetings/util/StoredFile.java
index 1962543..68ba782 100644
--- a/openmeetings-util/src/main/java/org/apache/openmeetings/util/StoredFile.java
+++ b/openmeetings-util/src/main/java/org/apache/openmeetings/util/StoredFile.java
@@ -31,6 +31,7 @@ import java.io.InputStream;
import java.util.Arrays;
import java.util.HashSet;
import java.util.LinkedHashSet;
+import java.util.Locale;
import java.util.Set;
import org.apache.tika.config.TikaConfig;
@@ -110,7 +111,7 @@ public class StoredFile {
ext = getFileExt(_name);
} else {
name = _name;
- ext = _ext.toLowerCase();
+ ext = _ext.toLowerCase(Locale.ROOT);
}
Metadata md = new Metadata();
md.add(RESOURCE_NAME_KEY, String.format(FILE_NAME_FMT, name, ext));
diff --git a/openmeetings-web/src/main/java/org/apache/openmeetings/web/common/GroupChoiceProvider.java b/openmeetings-web/src/main/java/org/apache/openmeetings/web/common/GroupChoiceProvider.java
index c082792..bd8bcaa 100644
--- a/openmeetings-web/src/main/java/org/apache/openmeetings/web/common/GroupChoiceProvider.java
+++ b/openmeetings-web/src/main/java/org/apache/openmeetings/web/common/GroupChoiceProvider.java
@@ -23,6 +23,7 @@ import static org.apache.openmeetings.web.app.WebSession.getUserId;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
+import java.util.Locale;
import org.apache.openmeetings.db.dao.user.GroupDao;
import org.apache.openmeetings.db.dao.user.UserDao;
@@ -47,14 +48,14 @@ public class GroupChoiceProvider extends ChoiceProvider<Group> {
if (WebSession.getRights().contains(User.Right.Admin)) {
List<Group> groups = groupDao.get(0, Integer.MAX_VALUE);
for (Group g : groups) {
- if (Strings.isEmpty(term) || g.getName().toLowerCase().contains(term.toLowerCase())) {
+ if (Strings.isEmpty(term) || g.getName().toLowerCase(Locale.ROOT).contains(term.toLowerCase(Locale.ROOT))) {
response.add(g);
}
}
} else {
User u = userDao.get(getUserId());
for (GroupUser ou : u.getGroupUsers()) {
- if (Strings.isEmpty(term) || ou.getGroup().getName().toLowerCase().contains(term.toLowerCase())) {
+ if (Strings.isEmpty(term) || ou.getGroup().getName().toLowerCase(Locale.ROOT).contains(term.toLowerCase(Locale.ROOT))) {
response.add(ou.getGroup());
}
}
diff --git a/pom.xml b/pom.xml
index 29b0e3c..b96e0de 100644
--- a/pom.xml
+++ b/pom.xml
@@ -70,6 +70,7 @@
<maven-jarsigner-plugin.version>3.0.0</maven-jarsigner-plugin.version>
<sonar-maven-plugin.version>3.5.0.1254</sonar-maven-plugin.version>
<jacoco-maven-plugin.versoin>0.8.2</jacoco-maven-plugin.versoin>
+ <forbiddenapis.version>2.6</forbiddenapis.version>
<!-- dependency versions -->
<junit.version>4.12</junit.version>
<wicket.version>8.2.0</wicket.version>
@@ -740,6 +741,19 @@
</execution>
</executions>
</plugin>
+ <plugin>
+ <groupId>de.thetaphi</groupId>
+ <artifactId>forbiddenapis</artifactId>
+ <executions>
+ <execution>
+ <id>forbiddenapis</id>
+ <goals>
+ <goal>check</goal>
+ <goal>testCheck</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
<pluginManagement>
<plugins>
@@ -933,6 +947,23 @@
<append>true</append>
</configuration>
</plugin>
+ <plugin>
+ <groupId>de.thetaphi</groupId>
+ <artifactId>forbiddenapis</artifactId>
+ <version>${forbiddenapis.version}</version>
+ <configuration>
+ <failOnUnsupportedJava>false</failOnUnsupportedJava>
+ <signatures><![CDATA[
+ @defaultMessage Specify Locale.ROOT to ensure locale insensitive conversion
+ java.lang.String#toLowerCase()
+ java.lang.String#toUpperCase()
+ ]]></signatures>
+ <bundledSignatures>
+ <bundledSignature>jdk-deprecated</bundledSignature>
+ <bundledSignature>jdk-non-portable</bundledSignature>
+ </bundledSignatures>
+ </configuration>
+ </plugin>
</plugins>
</pluginManagement>
</build>