|
|
055e32 |
commit b4232ae35d2b86592a945a56c948f107fe7efabe
|
|
|
055e32 |
Author: Jiri Vanek <jvanek@redhat.com>
|
|
|
055e32 |
Date: Wed Jun 26 13:46:45 2019 +0200
|
|
|
055e32 |
|
|
|
055e32 |
Nested jar, if by relative path point up, is stored as hashed
|
|
|
055e32 |
|
|
|
055e32 |
diff --git a/netx/net/sourceforge/jnlp/cache/CacheUtil.java b/netx/net/sourceforge/jnlp/cache/CacheUtil.java
|
|
|
055e32 |
index a972eb8e..5c8652b6 100644
|
|
|
055e32 |
--- a/netx/net/sourceforge/jnlp/cache/CacheUtil.java
|
|
|
055e32 |
+++ b/netx/net/sourceforge/jnlp/cache/CacheUtil.java
|
|
|
055e32 |
@@ -741,7 +741,7 @@
|
|
|
055e32 |
}
|
|
|
055e32 |
}
|
|
|
055e32 |
|
|
|
055e32 |
- private static String hex(String origName, String candidate) throws NoSuchAlgorithmException {
|
|
|
055e32 |
+ public static String hex(String origName, String candidate) throws NoSuchAlgorithmException {
|
|
|
055e32 |
MessageDigest md = MessageDigest.getInstance("SHA-256");
|
|
|
055e32 |
byte[] sum = md.digest(candidate.getBytes(StandardCharsets.UTF_8));
|
|
|
055e32 |
//convert the byte to hex format method 2
|
|
|
055e32 |
diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
|
|
|
055e32 |
index e015f348..117163f3 100644
|
|
|
055e32 |
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
|
|
|
055e32 |
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
|
|
|
055e32 |
@@ -1340,7 +1340,11 @@
|
|
|
055e32 |
// (inline loading with "jar:..!/..." path will not work
|
|
|
055e32 |
// with standard classloader methods)
|
|
|
055e32 |
|
|
|
055e32 |
- String extractedJarLocation = localFile + ".nested/" + je.getName();
|
|
|
055e32 |
+ String name = je.getName();
|
|
|
055e32 |
+ if (name.contains("..")){
|
|
|
055e32 |
+ name=CacheUtil.hex(name, name);
|
|
|
055e32 |
+ }
|
|
|
055e32 |
+ String extractedJarLocation = localFile + ".nested/" + name;
|
|
|
055e32 |
File parentDir = new File(extractedJarLocation).getParentFile();
|
|
|
055e32 |
if (!parentDir.isDirectory() && !parentDir.mkdirs()) {
|
|
|
055e32 |
throw new RuntimeException(R("RNestedJarExtration"));
|
|
|
055e32 |
diff --git a/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java b/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
|
|
|
055e32 |
index 7580d23b..a20a1d8f 100644
|
|
|
055e32 |
--- a/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
|
|
|
055e32 |
+++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
|
|
|
055e32 |
@@ -43,6 +43,8 @@
|
|
|
055e32 |
import java.io.File;
|
|
|
055e32 |
import java.io.FileOutputStream;
|
|
|
055e32 |
import java.io.InputStream;
|
|
|
055e32 |
+import java.io.OutputStream;
|
|
|
055e32 |
+import net.sourceforge.jnlp.ResourcesDesc;
|
|
|
055e32 |
import java.net.URL;
|
|
|
055e32 |
import java.nio.charset.Charset;
|
|
|
055e32 |
import java.nio.file.Files;
|
|
|
055e32 |
@@ -407,13 +409,7 @@ public class JNLPClassLoaderTest extends NoStdOutErrTest {
|
|
|
055e32 |
JNLPRuntime.setDebug(true);
|
|
|
055e32 |
try {
|
|
|
055e32 |
final JNLPFile jnlpFile1 = new JNLPFile(new URL("http://localhost:" + port + "/up.jnlp"));
|
|
|
055e32 |
- final JNLPClassLoader classLoader1 = new JNLPClassLoader(jnlpFile1, UpdatePolicy.ALWAYS) {
|
|
|
055e32 |
- @Override
|
|
|
055e32 |
- protected void activateJars(List<JARDesc> jars) {
|
|
|
055e32 |
- super.activateJars(jars);
|
|
|
055e32 |
- }
|
|
|
055e32 |
-
|
|
|
055e32 |
- };
|
|
|
055e32 |
+ final JNLPClassLoader classLoader1 = JNLPClassLoader.getInstance(jnlpFile1, UpdatePolicy.ALWAYS, false);
|
|
|
055e32 |
InputStream is1 = classLoader1.getResourceAsStream("Hello1.class");
|
|
|
055e32 |
is1.close();
|
|
|
055e32 |
is1 = classLoader1.getResourceAsStream("META-INF/MANIFEST.MF");
|
|
|
055e32 |
@@ -430,4 +426,74 @@ public class JNLPClassLoaderTest extends NoStdOutErrTest {
|
|
|
055e32 |
|
|
|
055e32 |
}
|
|
|
055e32 |
|
|
|
055e32 |
+ @Test
|
|
|
055e32 |
+ public void testRelativePathInNestedJars() throws Exception {
|
|
|
055e32 |
+ CacheUtil.clearCache();
|
|
|
055e32 |
+ int port = ServerAccess.findFreePort();
|
|
|
055e32 |
+ File dir = FileTestUtils.createTempDirectory();
|
|
|
055e32 |
+ dir.deleteOnExit();
|
|
|
055e32 |
+ File jar = new File(dir,"jar03_dotdotN1.jar");
|
|
|
055e32 |
+ File jnlp = new File(dir,"jar_03_dotdot_jarN1.jnlp");
|
|
|
055e32 |
+ InputStream is1 = ClassLoader.getSystemClassLoader().getResourceAsStream("net/sourceforge/jnlp/runtime/jar_03_dotdot_jarN1.jnlp");
|
|
|
055e32 |
+ InputStream is2 = ClassLoader.getSystemClassLoader().getResourceAsStream("net/sourceforge/jnlp/runtime/jar03_dotdotN1.jar");
|
|
|
055e32 |
+ OutputStream fos1 = new FileOutputStream(jnlp);
|
|
|
055e32 |
+ OutputStream fos2 = new FileOutputStream(jar);
|
|
|
055e32 |
+ StreamUtils.copyStream(is1, fos1);
|
|
|
055e32 |
+ StreamUtils.copyStream(is2, fos2);
|
|
|
055e32 |
+ fos1.flush();;
|
|
|
055e32 |
+ fos2.flush();
|
|
|
055e32 |
+ fos1.close();
|
|
|
055e32 |
+ fos2.close();
|
|
|
055e32 |
+ ServerLauncher as = ServerAccess.getIndependentInstance(dir.getAbsolutePath(), port);
|
|
|
055e32 |
+ boolean verifyBackup = JNLPRuntime.isVerifying();
|
|
|
055e32 |
+ boolean trustBackup= JNLPRuntime.isTrustAll();
|
|
|
055e32 |
+ boolean securityBAckup= JNLPRuntime.isSecurityEnabled();
|
|
|
055e32 |
+ boolean verbose= JNLPRuntime.isDebug();
|
|
|
055e32 |
+ JNLPRuntime.setVerify(false);
|
|
|
055e32 |
+ JNLPRuntime.setTrustAll(true);
|
|
|
055e32 |
+ JNLPRuntime.setSecurityEnabled(false);
|
|
|
055e32 |
+ JNLPRuntime.setDebug(true);
|
|
|
055e32 |
+ try {
|
|
|
055e32 |
+ //it is invalid jar, so we have to disable checks first
|
|
|
055e32 |
+ final JNLPFile jnlpFile = new JNLPFile(new URL("http://localhost:" + port + "/jar_03_dotdot_jarN1.jnlp"));
|
|
|
055e32 |
+ final JNLPClassLoader classLoader = JNLPClassLoader.getInstance(jnlpFile, UpdatePolicy.ALWAYS, false);
|
|
|
055e32 |
+
|
|
|
055e32 |
+ //ThreadGroup group = Thread.currentThread().getThreadGroup();
|
|
|
055e32 |
+ //ApplicationInstance app = new ApplicationInstance(jnlpFile, group, classLoader);
|
|
|
055e32 |
+ //classLoader.setApplication(app);
|
|
|
055e32 |
+ //app.initialize();
|
|
|
055e32 |
+
|
|
|
055e32 |
+ //this test is actually not testing mutch. The app must be accessing the nested jar in plugin-like way
|
|
|
055e32 |
+ InputStream is = classLoader.getResourceAsStream("application/abev/nyomtatvanyinfo/1965.teminfo.enyk");
|
|
|
055e32 |
+ is.close();
|
|
|
055e32 |
+ is = classLoader.getResourceAsStream("META-INF/MANIFEST.MF");
|
|
|
055e32 |
+ is.close();
|
|
|
055e32 |
+ is = classLoader.getResourceAsStream("META-INF/j1.jar");
|
|
|
055e32 |
+ is.close();
|
|
|
055e32 |
+ is = classLoader.getResourceAsStream("META-INF/../../jar01_to_be_injected.jar");
|
|
|
055e32 |
+ //the .. is not recognized correctly
|
|
|
055e32 |
+ //is.close();
|
|
|
055e32 |
+ //Class c = classLoader.getClass().forName("Hello1");
|
|
|
055e32 |
+ // in j1.jar
|
|
|
055e32 |
+ is = classLoader.getResourceAsStream("Hello1.class");
|
|
|
055e32 |
+ //is.close(); nested jar is not on defualt CP
|
|
|
055e32 |
+ //in jar01
|
|
|
055e32 |
+ //c = classLoader.getClass().forName("com.devdaily.FileUtilities");
|
|
|
055e32 |
+ is = classLoader.getResourceAsStream("com/devdaily/FileUtilities.class");
|
|
|
055e32 |
+ // is.close(); nested jar is not on defualt CP
|
|
|
055e32 |
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/0/http/localhost/"+port+"/jar_03_dotdot_jarN1.jnlp").exists());
|
|
|
055e32 |
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/1/http/localhost/"+port+"/jar03_dotdotN1.jar").exists());
|
|
|
055e32 |
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/1/http/localhost/"+port+"/jar03_dotdotN1.jar.nested/99a90686bfbe84e3f9dbeed8127bba85672ed73688d3c69191aa1ee70916a.jar").exists());
|
|
|
055e32 |
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/1/http/localhost/"+port+"/jar03_dotdotN1.jar.nested/META-INF/j1.jar").exists());
|
|
|
055e32 |
+ } finally {
|
|
|
055e32 |
+ JNLPRuntime.setVerify(verifyBackup);
|
|
|
055e32 |
+ JNLPRuntime.setTrustAll(trustBackup);
|
|
|
055e32 |
+ JNLPRuntime.setSecurityEnabled(securityBAckup);
|
|
|
055e32 |
+ JNLPRuntime.setDebug(verbose);
|
|
|
055e32 |
+ as.stop();
|
|
|
055e32 |
+ }
|
|
|
055e32 |
+
|
|
|
055e32 |
+ }
|
|
|
055e32 |
+
|
|
|
055e32 |
+
|
|
|
055e32 |
}
|
|
|
055e32 |
diff --git a/tests/netx/unit/net/sourceforge/jnlp/runtime/jar_03_dotdot_jarN1.jnlp b/tests/netx/unit/net/sourceforge/jnlp/runtime/jar_03_dotdot_jarN1.jnlp
|
|
|
055e32 |
new file mode 100644
|
|
|
055e32 |
index 00000000..71bdea87
|
|
|
055e32 |
--- /dev/null
|
|
|
055e32 |
+++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/jar_03_dotdot_jarN1.jnlp
|
|
|
055e32 |
@@ -0,0 +1,15 @@
|
|
|
055e32 |
+
|
|
|
055e32 |
+<jnlp spec="6.0+" >
|
|
|
055e32 |
+
|
|
|
055e32 |
+<information><title>1965</title><vendor>Nemzeti Ado- es Vamhivatal</vendor><offline-allowed/></information>
|
|
|
055e32 |
+
|
|
|
055e32 |
+<security><all-permissions/></security>
|
|
|
055e32 |
+
|
|
|
055e32 |
+<resources>
|
|
|
055e32 |
+ <j2se href="http://java.sun.com/products/autodl/j2se" version="1.8+" />
|
|
|
055e32 |
+ <jar href="jar03_dotdotN1.jar" version="2.0"/>
|
|
|
055e32 |
+</resources>
|
|
|
055e32 |
+
|
|
|
055e32 |
+<application-desc main-class="http://localhost/jar01.jar!META-INF/jar01_to_be_injected.jar!METAxINF.Test" />
|
|
|
055e32 |
+
|
|
|
055e32 |
+</jnlp>
|