[GitHub] [cxf] andymc12 opened a new pull request #707: [CXF-8353] MediaType validation

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[GitHub] [cxf] andymc12 opened a new pull request #707: [CXF-8353] MediaType validation

GitBox

andymc12 opened a new pull request #707:
URL: https://github.com/apache/cxf/pull/707


   Performs validation on the type and subtype of the MediaType string passed-in according to https://tools.ietf.org/html/rfc2045#section-5.1


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]


Reply | Threaded
Open this post in threaded view
|

[GitHub] [cxf] reta commented on a change in pull request #707: [CXF-8353] MediaType validation

GitBox

reta commented on a change in pull request #707:
URL: https://github.com/apache/cxf/pull/707#discussion_r503292114



##########
File path: rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProvider.java
##########
@@ -190,4 +190,35 @@ private static MediaType handleMediaTypeWithoutSubtype(String mType) {
         }
         throw new IllegalArgumentException("Media type separator is missing");
     }
+
+    // Determines whether the type or subtype contains any of the tspecials characters defined at:
+    // https://tools.ietf.org/html/rfc2045#section-5.1
+    private static boolean isValid(String str) {
+        final int len = str.length();

Review comment:
       Minor, may be check `str.trim().length()`, it seems weird media types like `application/   ` are still passing through.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]


Reply | Threaded
Open this post in threaded view
|

[GitHub] [cxf] andymc12 commented on a change in pull request #707: [CXF-8353] MediaType validation

GitBox
In reply to this post by GitBox

andymc12 commented on a change in pull request #707:
URL: https://github.com/apache/cxf/pull/707#discussion_r503323101



##########
File path: rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProvider.java
##########
@@ -190,4 +190,35 @@ private static MediaType handleMediaTypeWithoutSubtype(String mType) {
         }
         throw new IllegalArgumentException("Media type separator is missing");
     }
+
+    // Determines whether the type or subtype contains any of the tspecials characters defined at:
+    // https://tools.ietf.org/html/rfc2045#section-5.1
+    private static boolean isValid(String str) {
+        final int len = str.length();

Review comment:
       @reta - sounds good.  Since we end up trimming both type and subType at lines 114 and 115, I moved those trims to before the `isValid` method is called (to lines 88 and 89).  Let me know if you'd prefer the trim to be in isValid instead.  Otherwise, I'll plan to merge this later today.  Thanks for the review!




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]


Reply | Threaded
Open this post in threaded view
|

[GitHub] [cxf] reta commented on a change in pull request #707: [CXF-8353] MediaType validation

GitBox
In reply to this post by GitBox

reta commented on a change in pull request #707:
URL: https://github.com/apache/cxf/pull/707#discussion_r503325226



##########
File path: rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/MediaTypeHeaderProvider.java
##########
@@ -190,4 +190,35 @@ private static MediaType handleMediaTypeWithoutSubtype(String mType) {
         }
         throw new IllegalArgumentException("Media type separator is missing");
     }
+
+    // Determines whether the type or subtype contains any of the tspecials characters defined at:
+    // https://tools.ietf.org/html/rfc2045#section-5.1
+    private static boolean isValid(String str) {
+        final int len = str.length();

Review comment:
       Looks good, thanks @andymc12 !




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]


Reply | Threaded
Open this post in threaded view
|

[GitHub] [cxf] andymc12 merged pull request #707: [CXF-8353] MediaType validation

GitBox
In reply to this post by GitBox

andymc12 merged pull request #707:
URL: https://github.com/apache/cxf/pull/707


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]