https://saxonica.plan.io/https://saxonica.plan.io/favicon.ico2022-02-25T10:02:02ZSaxonica Developer CommunitySaxon - Bug #5357: URL is not normalized correctlyhttps://saxonica.plan.io/issues/5357?journal_id=196512022-02-25T10:02:02ZMichael Kaymike@saxonica.com
<ul></ul><p>This method should only be used when comparing two URIs to see if they are "the same". As far as I can see the workings of the method are consistent with that intended usage. Are you perhaps using the method to achieve something different?</p> Saxon - Bug #5357: URL is not normalized correctlyhttps://saxonica.plan.io/issues/5357?journal_id=196522022-02-25T10:28:03ZOctavian Nadoluoctavian_nadolu@sync.ro
<ul></ul><p>I think that the problem is the creation of the File from the URL. If the URL contains %20, this should be escaped when the file is created.
We found a problem when the SecurityManager is set and the file permissions are verified. Here is a test case:</p>
<pre><code class="java syntaxhl" data-language="java"><span class="kd">public</span> <span class="kt">void</span> <span class="nf">testCanonicalization</span><span class="o">()</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span>
<span class="nc">File</span> <span class="n">file</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">File</span><span class="o">(</span><span class="s">"././ceva/../file with spaces.xml"</span><span class="o">);</span>
<span class="nc">String</span> <span class="n">fileUrl</span> <span class="o">=</span> <span class="nc">URLUtil</span><span class="o">.</span><span class="na">correct</span><span class="o">(</span><span class="n">file</span><span class="o">).</span><span class="na">toExternalForm</span><span class="o">();</span>
<span class="nc">System</span><span class="o">.</span><span class="na">setSecurityManager</span><span class="o">(</span><span class="k">new</span> <span class="nc">SecurityManager</span><span class="o">()</span> <span class="o">{</span>
<span class="nd">@Override</span>
<span class="kd">public</span> <span class="kt">void</span> <span class="nf">checkPermission</span><span class="o">(</span><span class="nc">Permission</span> <span class="n">perm</span><span class="o">)</span> <span class="o">{</span>
<span class="k">if</span> <span class="o">(</span><span class="n">perm</span> <span class="k">instanceof</span> <span class="nc">FilePermission</span><span class="o">)</span> <span class="o">{</span>
<span class="n">assertFalse</span><span class="o">(</span><span class="n">perm</span><span class="o">.</span><span class="na">getName</span><span class="o">(),</span> <span class="n">perm</span><span class="o">.</span><span class="na">getName</span><span class="o">().</span><span class="na">contains</span><span class="o">(</span><span class="s">"%20"</span><span class="o">));</span>
<span class="o">}</span>
<span class="o">}</span>
<span class="nd">@Override</span>
<span class="kd">public</span> <span class="kt">void</span> <span class="nf">checkPermission</span><span class="o">(</span><span class="nc">Permission</span> <span class="n">perm</span><span class="o">,</span> <span class="nc">Object</span> <span class="n">context</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span class="na">checkPermission</span><span class="o">(</span><span class="n">perm</span><span class="o">);</span>
<span class="o">}</span>
<span class="o">});</span>
<span class="nc">String</span> <span class="n">normalizedUri</span><span class="o">;</span>
<span class="k">try</span> <span class="o">{</span>
<span class="n">normalizedUri</span> <span class="o">=</span> <span class="nc">DocumentKey</span><span class="o">.</span><span class="na">normalizeURI</span><span class="o">(</span><span class="n">fileUrl</span><span class="o">);</span>
<span class="o">}</span> <span class="k">finally</span> <span class="o">{</span>
<span class="nc">System</span><span class="o">.</span><span class="na">setSecurityManager</span><span class="o">(</span><span class="kc">null</span><span class="o">);</span>
<span class="o">}</span>
<span class="n">assertTrue</span><span class="o">(</span><span class="n">normalizedUri</span><span class="o">,</span> <span class="n">normalizedUri</span><span class="o">.</span><span class="na">endsWith</span><span class="o">(</span><span class="s">"/file%20with%20spaces.xml"</span><span class="o">));</span>
<span class="n">assertFalse</span><span class="o">(</span><span class="n">normalizedUri</span><span class="o">,</span> <span class="n">normalizedUri</span><span class="o">.</span><span class="na">contains</span><span class="o">(</span><span class="s">".."</span><span class="o">));</span>
<span class="n">assertFalse</span><span class="o">(</span><span class="n">normalizedUri</span><span class="o">,</span> <span class="n">normalizedUri</span><span class="o">.</span><span class="na">contains</span><span class="o">(</span><span class="s">"./"</span><span class="o">));</span>
<span class="o">}</span>
</code></pre> Saxon - Bug #5357: URL is not normalized correctlyhttps://saxonica.plan.io/issues/5357?journal_id=209322022-06-06T11:29:49ZMichael Kaymike@saxonica.com
<ul><li><strong>Category</strong> set to <i>Internals</i></li><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>Assignee</strong> set to <i>Michael Kay</i></li><li><strong>Priority</strong> changed from <i>Low</i> to <i>Normal</i></li><li><strong>Applies to branch</strong> <i>11</i> added</li></ul>