commit 6ecf1779f5a702e341c6a5fdb4bcc03ca88ff04e
author Matthieu Riou <mriou@apache.org> Tue Aug 04 18:17:56 2009 +0000
committer Matthieu Riou <mriou@apache.org> Tue Aug 04 18:17:56 2009 +0000
tree 0a8964e1d9f9312daf8e3092ad0d5e354be5d254
parent cfa59e30df3cb72ac78b9861f22556a40a84e28b

Bundle names validation.

git-svn-id: https://svn.apache.org/repos/asf/ode/branches/APACHE_ODE_1.X@800901 13f79535-47bb-0310-9956-ffa450edef68

axis2/src/main/java/org/apache/ode/axis2/service/DeploymentWebService.java

diff --git a/axis2/src/main/java/org/apache/ode/axis2/service/DeploymentWebService.java b/axis2/src/main/java/org/apache/ode/axis2/service/DeploymentWebService.java
index a0cd019..8441471 100644
--- a/axis2/src/main/java/org/apache/ode/axis2/service/DeploymentWebService.java
+++ b/axis2/src/main/java/org/apache/ode/axis2/service/DeploymentWebService.java
@@ -150,6 +150,10 @@
                     if (zip == null || packagePart == null)
                         throw new OdeFault("Your message should contain an element named 'package' with a 'zip' element"); 
 
+                    String bundleName = namePart.getText().trim();
+                    if (!validBundleName(namePart.getText()))
+                        throw new OdeFault("Invalid bundle name, only non empty alpha-numerics and _ strings are allowed.");
+
                     OMText binaryNode = (OMText) zip.getFirstOMChild();
                     if (binaryNode == null) {
                         throw new OdeFault("Empty binary node under <zip> element");
@@ -161,7 +165,7 @@
                         // it to hold on for a while.
                         _poller.hold();
 
-                        File dest = new File(_deployPath, namePart.getText() + "-" + _store.getCurrentVersion());
+                        File dest = new File(_deployPath, bundleName + "-" + _store.getCurrentVersion());
                         dest.mkdir();
                         unzip(dest, (DataHandler) binaryNode.getDataHandler());
 
@@ -199,11 +203,13 @@
                     }
                 } else if (operation.equals("undeploy")) {
                     OMElement part = messageContext.getEnvelope().getBody().getFirstElement().getFirstElement();
+                    if (part == null) throw new OdeFault("Missing bundle name in undeploy message.");
 
-                    String pkg = part.getText();
-                    if(StringUtils.isBlank(pkg)){
-                        throw new OdeFault("Empty package name received!");
+                    String pkg = part.getText().trim();
+                    if (!validBundleName(pkg)) {
+                        throw new OdeFault("Invalid bundle name, only non empty alpha-numerics and _ strings are allowed.");
                     }
+
                     File deploymentDir = new File(_deployPath, pkg);
                     if (!deploymentDir.exists())
                         throw new OdeFault("Couldn't find deployment package " + pkg + " in directory " + _deployPath);
@@ -309,6 +315,11 @@
             envelope.getBody().addChild(responseOp);
             AxisEngine.send(outMsgContext);
         }
+
+        private boolean validBundleName(String bundle) {
+            if (StringUtils.isBlank(bundle)) return false;
+            return bundle.matches("[\\p{L}0-9_\\-]*");
+        }
     }
 
     private static void copyInputStream(InputStream in, OutputStream out)
@@ -320,6 +331,6 @@
         out.close();
     }
 
-	
+
 
 }