1
0
mirror of https://github.com/etesync/android synced 2024-12-23 07:08:16 +00:00

Handle relative URIs with ":" in path names correctly

This commit is contained in:
R Hirner 2014-12-26 18:53:22 +01:00
parent e65a1b5f16
commit 142e229ff3
11 changed files with 72 additions and 84 deletions

View File

@ -12,9 +12,6 @@ android {
buildTypes {
debug {
//minifyEnabled false
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.txt'
}
release {
minifyEnabled true

View File

@ -32,4 +32,3 @@
# DAVdroid
-keep class at.bitfire.davdroid.** { *; } # all DAVdroid code is required

View File

@ -35,7 +35,7 @@ public class URLUtilsTest extends TestCase {
assertEquals("/test/", URIUtils.ensureTrailingSlash("/test"));
assertEquals("/test/", URIUtils.ensureTrailingSlash("/test/"));
String withoutSlash = "http://www.test.at/dav/collection",
String withoutSlash = "http://www.test.example/dav/collection",
withSlash = withoutSlash + "/";
assertEquals(new URI(withSlash), URIUtils.ensureTrailingSlash(new URI(withoutSlash)));
assertEquals(new URI(withSlash), URIUtils.ensureTrailingSlash(new URI(withSlash)));
@ -44,18 +44,24 @@ public class URLUtilsTest extends TestCase {
public void testParseURI() throws Exception {
// don't escape valid characters
String validPath = "/;:@&=$-_.+!*'(),";
assertEquals(new URI("https://www.test.at:123" + validPath), URIUtils.parseURI("https://www.test.at:123" + validPath));
assertEquals(new URI(validPath), URIUtils.parseURI(validPath));
assertEquals(new URI("https://www.test.example:123" + validPath), URIUtils.parseURI("https://www.test.example:123" + validPath, false));
assertEquals(new URI(validPath), URIUtils.parseURI(validPath, true));
// keep literal IPv6 addresses (only in host name)
assertEquals(new URI("https://[1:2::1]/"), URIUtils.parseURI("https://[1:2::1]/"));
assertEquals(new URI("https://[1:2::1]/"), URIUtils.parseURI("https://[1:2::1]/", false));
// ~ as home directory
assertEquals(new URI("http://www.test.at/~user1/"), URIUtils.parseURI("http://www.test.at/~user1/"));
assertEquals(new URI("http://www.test.at/~user1/"), URIUtils.parseURI("http://www.test.at/%7euser1/"));
// "~" as home directory
assertEquals(new URI("http://www.test.example/~user1/"), URIUtils.parseURI("http://www.test.example/~user1/", false));
assertEquals(new URI("/~user1/"), URIUtils.parseURI("/%7euser1/", true));
// @ in directory name
assertEquals(new URI("http://www.test.at/user@server.com/"), URIUtils.parseURI("http://www.test.at/user@server.com/"));
assertEquals(new URI("http://www.test.at/user@server.com/"), URIUtils.parseURI("http://www.test.at/user%40server.com/"));
// "@" in directory name
assertEquals(new URI("http://www.test.example/user@server.com/"), URIUtils.parseURI("http://www.test.example/user@server.com/", false));
assertEquals(new URI("/user@server.com/"), URIUtils.parseURI("/user%40server.com/", true));
assertEquals(new URI("user@server.com"), URIUtils.parseURI("user%40server.com", true));
// ":" in path names
assertEquals(new URI("http://www.test.example/my:cal.ics"), URIUtils.parseURI("http://www.test.example/my:cal.ics", false));
assertEquals(new URI("/my:cal.ics"), URIUtils.parseURI("/my%3Acal.ics", true));
assertEquals(new URI(null, null, "my:cal.ics", null, null), URIUtils.parseURI("my%3Acal.ics", true));
}
}

View File

@ -36,9 +36,8 @@ public class WebDavResourceTest extends InstrumentationTestCase {
CloseableHttpClient httpClient;
WebDavResource baseDAV;
WebDavResource simpleFile,
davCollection, davNonExistingFile, davExistingFile,
davInvalid;
WebDavResource davAssets,
davCollection, davNonExistingFile, davExistingFile;
@Override
protected void setUp() throws Exception {
@ -47,14 +46,11 @@ public class WebDavResourceTest extends InstrumentationTestCase {
assetMgr = getInstrumentation().getContext().getResources().getAssets();
baseDAV = new WebDavResource(httpClient, TestConstants.roboHydra.resolve("/dav/"));
simpleFile = new WebDavResource(httpClient, TestConstants.roboHydra.resolve("assets/test.random"));
davAssets = new WebDavResource(httpClient, TestConstants.roboHydra.resolve("assets/"));
davCollection = new WebDavResource(httpClient, TestConstants.roboHydra.resolve("dav/"));
davNonExistingFile = new WebDavResource(davCollection, "collection/new.file");
davExistingFile = new WebDavResource(davCollection, "collection/existing.file");
davInvalid = new WebDavResource(httpClient, TestConstants.roboHydra.resolve("dav-invalid/"));
}
@Override
@ -80,7 +76,8 @@ public class WebDavResourceTest extends InstrumentationTestCase {
public void testPropfindCurrentUserPrincipal() throws Exception {
davCollection.propfind(HttpPropfind.Mode.CURRENT_USER_PRINCIPAL);
assertEquals("/dav/principals/users/test", davCollection.getCurrentUserPrincipal());
WebDavResource simpleFile = new WebDavResource(davAssets, "test.random");
try {
simpleFile.propfind(HttpPropfind.Mode.CURRENT_USER_PRINCIPAL);
fail();
@ -152,6 +149,7 @@ public class WebDavResourceTest extends InstrumentationTestCase {
}
public void testGet() throws Exception {
WebDavResource simpleFile = new WebDavResource(davAssets, "test.random");
simpleFile.get("*/*");
@Cleanup InputStream is = assetMgr.open("test.random", AssetManager.ACCESS_STREAMING);
byte[] expected = IOUtils.toByteArray(is);
@ -163,7 +161,7 @@ public class WebDavResourceTest extends InstrumentationTestCase {
boolean sniWorking = false;
try {
file.get("*/*");
file.get("* /*");
sniWorking = true;
} catch (SSLPeerUnverifiedException e) {
}
@ -222,12 +220,14 @@ public class WebDavResourceTest extends InstrumentationTestCase {
/* special test */
public void testInvalidURLs() throws Exception {
WebDavResource dav = new WebDavResource(davInvalid, "addressbooks/%7euser1/");
dav.propfind(HttpPropfind.Mode.CARDDAV_COLLECTIONS);
List<WebDavResource> members = dav.getMembers();
assertEquals(1, members.size());
assertEquals(TestConstants.ROBOHYDRA_BASE + "dav-invalid/addressbooks/~user1/My%20Contacts:1.vcf/", members.get(0).getLocation().toASCIIString());
public void testGetSpecialURLs() throws Exception {
WebDavResource dav = new WebDavResource(davAssets, "member-with:colon.vcf");
try {
dav.get("*/*");
fail();
} catch(NotFoundException e) {
assertTrue(true);
}
}
}

View File

@ -1,6 +1,5 @@
{"plugins":[
"assets",
"redirect",
"dav",
"dav-invalid"
"dav"
]}

View File

@ -1,36 +0,0 @@
var roboHydraHeadDAV = require("../headdav");
exports.getBodyParts = function(conf) {
return {
heads: [
/* address-book home set */
new RoboHydraHeadDAV({
path: "/dav-invalid/addressbooks/~user1/",
handler: function(req,res,next) {
if (req.method == "PROPFIND" && req.rawBody.toString().match(/addressbook-description/)) {
res.statusCode = 207;
res.write('\<?xml version="1.0" encoding="utf-8" ?>\
<multistatus xmlns="DAV:">\
<response>\
<href>/dav-invalid/addressbooks/~user1/My%20Contacts:1.vcf/</href>\
<propstat>\
<prop xmlns:CARD="urn:ietf:params:xml:ns:carddav">\
<resourcetype>\
<collection/>\
<CARD:addressbook/>\
</resourcetype>\
<CARD:addressbook-description>\
Address Book with dubious characters in path\
</CARD:addressbook-description>\
</prop>\
<status>HTTP/1.1 200 OK</status>\
</propstat>\
</response>\
</multistatus>\
');
}
}
})
]
};
};

View File

@ -39,15 +39,32 @@ public class URIUtils {
/**
* Parse a received absolute/relative URL and generate a normalized URI that can be compared.
* @param original URI to be parsed, may be absolute or relative
* @return normalized URI
* @param original URI to be parsed, may be absolute or relative
* @param mustBePath true if it's known that original is a path (may contain ":") and not an URI, i.e. ":" is not the scheme separator
* @return normalized URI
* @throws URISyntaxException
*/
public static URI parseURI(String original) throws URISyntaxException {
URI raw = URI.create(original);
URI uri = new URI(raw.getScheme(), raw.getAuthority(), raw.getPath(), raw.getQuery(), raw.getFragment());
Log.v(TAG, "Normalized URL " + original + " -> " + uri.toASCIIString());
return uri;
public static URI parseURI(String original, boolean mustBePath) throws URISyntaxException {
if (mustBePath) {
// may contain ":"
// case 1: "my:file" won't be parsed by URI correctly because it would consider "my" as URI scheme
// case 2: "path/my:file" will be parsed by URI correctly
// case 3: "my:path/file" won't be parsed by URI correctly because it would consider "my" as URI scheme
int idxSlash = original.indexOf('/'),
idxColon = original.indexOf(':');
if (idxColon != -1) {
// colon present
if ((idxSlash != -1) && idxSlash < idxColon) // There's a slash, and it's before the colon everything OK
;
else // No slash before the colon; we have to put it there
original = "./" + original;
}
}
URI uri = new URI(original);
URI normalized = new URI(uri.getScheme(), uri.getAuthority(), uri.getPath(), uri.getQuery(), uri.getFragment());
Log.v(TAG, "Normalized URL " + original + " -> " + normalized.toASCIIString());
return normalized;
}
}

View File

@ -52,7 +52,7 @@ public abstract class RemoteCollection<T extends Resource> {
public RemoteCollection(CloseableHttpClient httpClient, String baseURL, String user, String password, boolean preemptiveAuth) throws URISyntaxException {
this.httpClient = httpClient;
collection = new WebDavResource(httpClient, URIUtils.parseURI(baseURL), user, password, preemptiveAuth);
collection = new WebDavResource(httpClient, URIUtils.parseURI(baseURL, false), user, password, preemptiveAuth);
}

View File

@ -31,7 +31,7 @@ import at.bitfire.davdroid.URIUtils;
*/
public class DavRedirectStrategy implements RedirectStrategy {
private final static String TAG = "davdroid.DavRedirectStrategy";
final static DavRedirectStrategy INSTANCE = new DavRedirectStrategy();
public final static DavRedirectStrategy INSTANCE = new DavRedirectStrategy();
protected final static String REDIRECTABLE_METHODS[] = {
"OPTIONS", "GET", "PUT", "DELETE"
@ -82,12 +82,12 @@ public class DavRedirectStrategy implements RedirectStrategy {
return null;
}
try {
URI location = URIUtils.parseURI(locationHdr.getValue());
URI location = URIUtils.parseURI(locationHdr.getValue(), false);
// some servers don't return absolute URLs as required by RFC 2616
if (!location.isAbsolute()) {
Log.w(TAG, "Received invalid redirection to relative URL, repairing");
URI originalURI = URIUtils.parseURI(request.getRequestLine().getUri());
URI originalURI = URIUtils.parseURI(request.getRequestLine().getUri(), false);
if (!originalURI.isAbsolute()) {
final HttpHost target = HttpClientContext.adapt(context).getTargetHost();
if (target != null)

View File

@ -36,7 +36,7 @@ import javax.net.ssl.SSLSocket;
public class TlsSniSocketFactory implements LayeredConnectionSocketFactory {
private static final String TAG = "davdroid.SNISocketFactory";
final static TlsSniSocketFactory INSTANCE = new TlsSniSocketFactory();
public final static TlsSniSocketFactory INSTANCE = new TlsSniSocketFactory();
private final static SSLCertificateSocketFactory sslSocketFactory =
(SSLCertificateSocketFactory)SSLCertificateSocketFactory.getDefault(0);

View File

@ -123,7 +123,7 @@ public class WebDavResource {
}
}
WebDavResource(WebDavResource parent) { // copy constructor: based on existing WebDavResource, reuse settings
public WebDavResource(WebDavResource parent) { // copy constructor: based on existing WebDavResource, reuse settings
httpClient = parent.httpClient;
context = parent.context;
location = parent.location;
@ -133,10 +133,16 @@ public class WebDavResource {
this(parent);
location = parent.location.resolve(url);
}
/**
* Creates a WebDavResource representing a member of the parent collection.
* @param parent Parent collection
* @param member File name of the member. This may contain ":" without leading "./"!
* @throws URISyntaxException
*/
public WebDavResource(WebDavResource parent, String member) throws URISyntaxException {
this(parent);
location = parent.location.resolve(URIUtils.parseURI(member));
location = parent.location.resolve(URIUtils.parseURI(member, true));
}
public WebDavResource(WebDavResource parent, String member, String ETag) throws URISyntaxException {
@ -454,7 +460,7 @@ public class WebDavResource {
for (DavResponse singleResponse : multiStatus.response) {
URI href;
try {
href = location.resolve(URIUtils.parseURI(singleResponse.getHref().href));
href = location.resolve(URIUtils.parseURI(singleResponse.getHref().href, false));
} catch(Exception ex) {
Log.w(TAG, "Ignoring illegal member URI in multi-status response", ex);
continue;