Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8211285: Better app validation JDK-8200758-branch
authorherrick
Wed, 17 Oct 2018 15:43:29 -0400
branchJDK-8200758-branch
changeset 56985 5e6ced665587
parent 56984 51600bf3a6e7
child 56986 5c3dae7af901
8211285: Better app validation Submitten-by: almatvee Reviewed-by: herrick, kcr
src/jdk.packager/share/classes/jdk/packager/internal/DeployParams.java file | annotate | diff | comparison | revisions
src/jdk.packager/share/classes/jdk/packager/internal/resources/Bundle.properties file | annotate | diff | comparison | revisions 
--- a/src/jdk.packager/share/classes/jdk/packager/internal/DeployParams.java	Wed Oct 17 14:17:48 2018 -0400
+++ b/src/jdk.packager/share/classes/jdk/packager/internal/DeployParams.java	Wed Oct 17 15:43:29 2018 -0400
@@ -297,6 +297,40 @@
                         null : baseDir.getAbsolutePath(), path);
     }
 
+    public static void validateAppName(String s) throws PackagerException {
+        if (s == null || s.length() == 0) {
+            // empty or null string - there is no unsupported char
+            return;
+        }
+
+        int last = s.length() - 1;
+
+        char fc = s.charAt(0);
+        char lc = s.charAt(last);
+
+        // illegal to end in backslash escape char
+        if (lc == '\\') {
+            throw new PackagerException("ERR_InvalidCharacterInArgument", "--name");
+        }
+
+        for (int i = 0; i < s.length(); i++) {
+            char a = s.charAt(i);
+            // We check for ASCII codes first which we accept. If check fails,
+            // then check if it is acceptable extended ASCII or unicode character.
+            if (a < ' ' || a > '~' || a == '%') {
+                // Reject '%', whitespaces and ISO Control.
+                // Accept anything else including special characters like copyright
+                // symbols. Note: space will be included by ASCII check above,
+                // but other whitespace like tabs or new line will be ignored.
+                if (Character.isISOControl(a) || Character.isWhitespace(a) || a == '%') {
+                    throw new PackagerException("ERR_InvalidCharacterInArgument", "--name");
+                }
+            }
+            if (a == '"') {
+                throw new PackagerException("ERR_InvalidCharacterInArgument", "--name");
+            }
+        }
+    }
 
     @Override
     public void validate() throws PackagerException {
@@ -328,6 +362,9 @@
             }
         }
 
+        String name = (String)bundlerArguments.get(Arguments.CLIOptions.NAME.getId());
+        validateAppName(name);
+
         // Validate app image if set
         String appImage = (String)bundlerArguments.get(
                 Arguments.CLIOptions.PREDEFINED_APP_IMAGE.getId());
--- a/src/jdk.packager/share/classes/jdk/packager/internal/resources/Bundle.properties	Wed Oct 17 14:17:48 2018 -0400
+++ b/src/jdk.packager/share/classes/jdk/packager/internal/resources/Bundle.properties	Wed Oct 17 15:43:29 2018 -0400
@@ -32,6 +32,7 @@
 ERR_NoSecondaryLauncherName=Secondary Launchers require a name parameter.
 ERR_NoUniqueName=Secondary Launchers require a unique name parameter.
 ERR_NoJreInstallerName=Jre Installers require a name parameter.
+ERR_InvalidCharacterInArgument=Error: Invalid character found in {0} argument
 
 MSG_BundlerFailed=Error: Bundler "{1}" ({0}) failed to produce a bundle.
 MSG_BundlerPlatformException=Bundler {0} skipped because the bundler does not support bundling on this platform.
jdk-sandbox