From c6c7fba9e77ee31ed391919621036a63eb5b12d1 Mon Sep 17 00:00:00 2001
From: felmer <felmer>
Date: Thu, 23 Feb 2012 10:19:35 +0000
Subject: [PATCH] LMS-2612 ignore . files/folders, do not allow ' ', ',', '='
in plugin names
SVN: 24534
---
.../shared/utils/CorePluginsInjector.java | 29 +++++++++++++++++--
.../shared/utils/CorePluginsInjectorTest.java | 22 ++++++++++++++
2 files changed, 48 insertions(+), 3 deletions(-)
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/utils/CorePluginsInjector.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/utils/CorePluginsInjector.java
index dd07766a95e..451b9dc5b4e 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/utils/CorePluginsInjector.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/utils/CorePluginsInjector.java
@@ -52,6 +52,8 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.CorePlugin;
*/
class CorePluginsInjector
{
+ private static final String UNALLOWED_PLUGIN_NAME_CHARACTERS = " ,=";
+
static final String CORE_PLUGINS_FOLDER_KEY = "core-plugins-folder";
static final String PLUGIN_PROPERTIES_FILE_NAME = "plugin.properties";
@@ -188,8 +190,17 @@ class CorePluginsInjector
File file = new File(dssFolder, pluginType.getSubFolderName());
if (file.isDirectory())
{
- for (File definingFolder : file.listFiles())
+ File[] pluginFolders = file.listFiles(new FilenameFilter()
+ {
+ public boolean accept(File dir, String name)
+ {
+ return name.startsWith(".") == false;
+ }
+ });
+ for (File pluginFolder : pluginFolders)
{
+ String pluginName = pluginFolder.getName();
+ assertValidPluginName(pluginName);
Map<String, DssCorePlugin> map = typeToPluginsMap.get(pluginType);
if (map == null)
{
@@ -197,8 +208,7 @@ class CorePluginsInjector
typeToPluginsMap.put(pluginType, map);
}
DssCorePlugin plugin =
- new DssCorePlugin(technology, pluginType, definingFolder);
- String pluginName = definingFolder.getName();
+ new DssCorePlugin(technology, pluginType, pluginFolder);
if (pluginType.isUniquePluginNameRequired())
{
if (pluginNames.contains(pluginName))
@@ -216,6 +226,19 @@ class CorePluginsInjector
return typeToPluginsMap;
}
+ private void assertValidPluginName(String pluginName)
+ {
+ for (int i = 0; i < UNALLOWED_PLUGIN_NAME_CHARACTERS.length(); i++)
+ {
+ char c = UNALLOWED_PLUGIN_NAME_CHARACTERS.charAt(i);
+ if (pluginName.contains(Character.toString(c)))
+ {
+ throw new EnvironmentFailureException("Plugin name contains '" + c + "': "
+ + pluginName);
+ }
+ }
+ }
+
/**
* Load plugin properties file where all references to script names are replaced by script paths.
*/
diff --git a/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/generic/shared/utils/CorePluginsInjectorTest.java b/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/generic/shared/utils/CorePluginsInjectorTest.java
index f8d75f9aabf..3e98dc5bbd8 100644
--- a/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/generic/shared/utils/CorePluginsInjectorTest.java
+++ b/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/generic/shared/utils/CorePluginsInjectorTest.java
@@ -107,6 +107,28 @@ public class CorePluginsInjectorTest extends AbstractFileSystemTestCase
context.assertIsSatisfied();
}
+ @Test
+ public void testInvalidPluginNameAndIgnoringDotFilesAndFolders() throws IOException
+ {
+ File alpha = new File(corePluginsFolder, "screening/1/dss/drop-boxes/a b");
+ alpha.mkdirs();
+ new File(alpha.getParentFile(), ".svn").mkdirs();
+ new File(alpha.getParentFile(), ".blabla").createNewFile();
+ Properties properties = createProperties();
+ properties.setProperty(INPUT_THREAD_NAMES, "a, b");
+
+ try
+ {
+ injector.injectCorePlugins(properties);
+ fail("EnvironmentFailureException expected.");
+ } catch (EnvironmentFailureException ex)
+ {
+ assertEquals("Plugin name contains ' ': a b", ex.getMessage());
+ }
+
+ context.assertIsSatisfied();
+ }
+
@Test
public void testPluginIsNotAFolder() throws IOException
{
--
GitLab