Project

Profile

Help

Actions
Send by e-mail Copy link

Bug #5357

closed

URL is not normalized correctly

Added by Octavian Nadolu about 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Michael Kay
Category:
Internals
Sprint/Milestone:
-
Start date:
2022-02-25
Due date:
% Done:

0%

Estimated time:
Legacy ID:
Applies to branch:
11
Fix Committed on Branch:
Fixed in Maintenance Release:
Platforms:

Description

The method net.sf.saxon.om.DocumentKey.normalizeURI(String) does not create correctly the normalized URI. For example, if you have something like this: file:/d:/projects/saxon/././something/../file%20with%20spaces.xml You will obtain the following normalized URI:: file:d:\projects\saxon\file%20with%20spaces.xml Instead of: file:/d:/projects/saxon/file%20with%20spaces.xml

The problem is that you concatenate the canonical path of the file with the file protocol.

I tested with Saxon 10.6

Actions
Copy link
 #1

Updated by Michael Kay about 2 years ago

This method should only be used when comparing two URIs to see if they are "the same". As far as I can see the workings of the method are consistent with that intended usage. Are you perhaps using the method to achieve something different?

Actions
Copy link
 #2

Updated by Octavian Nadolu about 2 years ago

I think that the problem is the creation of the File from the URL. If the URL contains %20, this should be escaped when the file is created. We found a problem when the SecurityManager is set and the file permissions are verified. Here is a test case:

public void testCanonicalization() throws Exception {
    File file = new File("././ceva/../file with spaces.xml");
    String fileUrl = URLUtil.correct(file).toExternalForm();
    
    System.setSecurityManager(new SecurityManager() {
      @Override
      public void checkPermission(Permission perm) {
        if (perm instanceof FilePermission) {
          assertFalse(perm.getName(), perm.getName().contains("%20"));
        }
      }
      @Override
      public void checkPermission(Permission perm, Object context) {
        this.checkPermission(perm);
      }
    });
    String normalizedUri;
    try {
      normalizedUri = DocumentKey.normalizeURI(fileUrl);
    } finally {
      System.setSecurityManager(null);
    }
    assertTrue(normalizedUri, normalizedUri.endsWith("/file%20with%20spaces.xml"));
    assertFalse(normalizedUri, normalizedUri.contains(".."));
    assertFalse(normalizedUri, normalizedUri.contains("./"));
  }
Actions
Copy link
 #3

Updated by Michael Kay almost 2 years ago

  • Category set to Internals
  • Status changed from New to Closed
  • Assignee set to Michael Kay
  • Priority changed from Low to Normal
  • Applies to branch 11 added

Please register to edit this issue

Actions
Send by e-mail Copy link

Also available in: Atom PDF