java/org/apache/catalina/webresources/AbstractFileResourceSet.java - tomcat80 - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.catalina.webresources;

 import java.io.File;
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URL;

 import org.apache.catalina.LifecycleException;
 import org.apache.tomcat.util.http.RequestUtil;

 public abstract class AbstractFileResourceSet extends AbstractResourceSet {

     protected static final String[] EMPTY_STRING_ARRAY = new String[0];

     private File fileBase;
     private String absoluteBase;
     private String canonicalBase;
     private boolean readOnly = false;

     protected AbstractFileResourceSet(String internalPath) {
         setInternalPath(internalPath);
     }

     protected final File getFileBase() {
         return fileBase;
     }

     @Override
     public void setReadOnly(boolean readOnly) {
         this.readOnly = readOnly;
     }

     @Override
     public boolean isReadOnly() {
         return readOnly;
     }

     protected final File file(String name, boolean mustExist) {

         if (name.equals("/")) {
             name = "";
         }
         File file = new File(fileBase, name);
         if (!mustExist || file.canRead()) {

             if (getRoot().getAllowLinking()) {
                 return file;
             }

             // Check that this file is located under the WebResourceSet's base
             String canPath = null;
             try {
                 canPath = file.getCanonicalPath();
             } catch (IOException e) {
                 // Ignore
             }
             if (canPath == null)
                 return null;

             if (!canPath.startsWith(canonicalBase)) {
                 return null;
             }

             // Case sensitivity check
             // Note: We know the resource is located somewhere under base at
             //       point. The purpose of this code is to check in a case
             //       sensitive manner, the path to the resource under base
             //       agrees with what was requested
             String fileAbsPath = file.getAbsolutePath();
             if (fileAbsPath.endsWith("."))
                 fileAbsPath = fileAbsPath + '/';
             String absPath = normalize(fileAbsPath);
             if ((absoluteBase.length() < absPath.length())
                 && (canonicalBase.length() < canPath.length())) {
                 absPath = absPath.substring(absoluteBase.length() + 1);
                 if (absPath.equals(""))
                     absPath = "/";
                 canPath = canPath.substring(canonicalBase.length() + 1);
                 if (canPath.equals(""))
                     canPath = "/";
                 if (!canPath.equals(absPath))
                     return null;
             }

         } else {
             return null;
         }
         return file;
     }

     /**
      * Return a context-relative path, beginning with a "/", that represents
      * the canonical version of the specified path after ".." and "." elements
      * are resolved out.  If the specified path attempts to go outside the
      * boundaries of the current context (i.e. too many ".." path elements
      * are present), return <code>null</code> instead.
      *
      * @param path Path to be normalized
      */
     private String normalize(String path) {
         return RequestUtil.normalize(path, File.separatorChar == '/');
     }

     @Override
     public URL getBaseUrl() {
         try {
             return getFileBase().toURI().toURL();
         } catch (MalformedURLException e) {
             return null;
         }
     }

     /**
      * {@inheritDoc}
      * <p>
      * This is a NO-OP by default for File based resource sets.
      */
     @Override
     public void gc() {
         // NO-OP
     }


     //-------------------------------------------------------- Lifecycle methods

     @Override
     protected void initInternal() throws LifecycleException {
         fileBase = new File(getBase(), getInternalPath());
         checkType(fileBase);

         String absolutePath = fileBase.getAbsolutePath();
         if (absolutePath.endsWith(".")) {
             absolutePath = absolutePath + '/';
         }
         this.absoluteBase = normalize(absolutePath);

         try {
             this.canonicalBase = fileBase.getCanonicalPath();
         } catch (IOException e) {
             throw new IllegalArgumentException(e);
         }
     }


     protected abstract void checkType(File file);
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.catalina.webresources;

	import java.io.File;
	import java.io.IOException;
	import java.net.MalformedURLException;
	import java.net.URL;

	import org.apache.catalina.LifecycleException;
	import org.apache.tomcat.util.http.RequestUtil;

	public abstract class AbstractFileResourceSet extends AbstractResourceSet {

	protected static final String[] EMPTY_STRING_ARRAY = new String[0];

	private File fileBase;
	private String absoluteBase;
	private String canonicalBase;
	private boolean readOnly = false;

	protected AbstractFileResourceSet(String internalPath) {
	setInternalPath(internalPath);
	}

	protected final File getFileBase() {
	return fileBase;
	}

	@Override
	public void setReadOnly(boolean readOnly) {
	this.readOnly = readOnly;
	}

	@Override
	public boolean isReadOnly() {
	return readOnly;
	}

	protected final File file(String name, boolean mustExist) {

	if (name.equals("/")) {
	name = "";
	}
	File file = new File(fileBase, name);
	if (!mustExist \|\| file.canRead()) {

	if (getRoot().getAllowLinking()) {
	return file;
	}

	// Check that this file is located under the WebResourceSet's base
	String canPath = null;
	try {
	canPath = file.getCanonicalPath();
	} catch (IOException e) {
	// Ignore
	}
	if (canPath == null)
	return null;

	if (!canPath.startsWith(canonicalBase)) {
	return null;
	}

	// Case sensitivity check
	// Note: We know the resource is located somewhere under base at
	// point. The purpose of this code is to check in a case
	// sensitive manner, the path to the resource under base
	// agrees with what was requested
	String fileAbsPath = file.getAbsolutePath();
	if (fileAbsPath.endsWith("."))
	fileAbsPath = fileAbsPath + '/';
	String absPath = normalize(fileAbsPath);
	if ((absoluteBase.length() < absPath.length())
	&& (canonicalBase.length() < canPath.length())) {
	absPath = absPath.substring(absoluteBase.length() + 1);
	if (absPath.equals(""))
	absPath = "/";
	canPath = canPath.substring(canonicalBase.length() + 1);
	if (canPath.equals(""))
	canPath = "/";
	if (!canPath.equals(absPath))
	return null;
	}

	} else {
	return null;
	}
	return file;
	}

	/**
	* Return a context-relative path, beginning with a "/", that represents
	* the canonical version of the specified path after ".." and "." elements
	* are resolved out. If the specified path attempts to go outside the
	* boundaries of the current context (i.e. too many ".." path elements
	* are present), return <code>null</code> instead.
	*
	* @param path Path to be normalized
	*/
	private String normalize(String path) {
	return RequestUtil.normalize(path, File.separatorChar == '/');
	}

	@Override
	public URL getBaseUrl() {
	try {
	return getFileBase().toURI().toURL();
	} catch (MalformedURLException e) {
	return null;
	}
	}

	/**
	* {@inheritDoc}
	* <p>
	* This is a NO-OP by default for File based resource sets.
	*/
	@Override
	public void gc() {
	// NO-OP
	}


	//-------------------------------------------------------- Lifecycle methods

	@Override
	protected void initInternal() throws LifecycleException {
	fileBase = new File(getBase(), getInternalPath());
	checkType(fileBase);

	String absolutePath = fileBase.getAbsolutePath();
	if (absolutePath.endsWith(".")) {
	absolutePath = absolutePath + '/';
	}
	this.absoluteBase = normalize(absolutePath);

	try {
	this.canonicalBase = fileBase.getCanonicalPath();
	} catch (IOException e) {
	throw new IllegalArgumentException(e);
	}
	}


	protected abstract void checkType(File file);
	}