View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.myfaces.shared.resource;
20  
21  public class ResourceValidationUtils
22  {
23      public static boolean isValidResourceName(String resourceName)
24      {
25          return validateResourceName(resourceName, true);
26      }
27      
28      public static boolean isValidLibraryName(String libraryName)
29      {
30          return validate(libraryName, false);
31      }
32      
33      public static boolean isValidLibraryName(String libraryName, boolean allowSlash)
34      {
35          return validate(libraryName, allowSlash);
36      }
37      
38      public static boolean isValidLocalePrefix(String localePrefix)
39      {
40          for (int i = 0; i < localePrefix.length(); i++)
41          {
42              char c = localePrefix.charAt(i);
43              if ( (c >='A' && c <='Z') || c == '_' || (c >='a' && c <='z') || (c >='0' && c <='9') )
44              {
45                  continue;
46              }
47              else
48              {
49                  return false;
50              }
51          }
52          return true;
53      }
54      
55      private static boolean validate(String expression, boolean allowSlash)
56      {
57          if (expression.length() == 2 && 
58              expression.charAt(0) == '.' &&
59              expression.charAt(1) == '.')
60          {
61              return false;
62          }
63          for (int i = 0; i < expression.length(); i++)
64          {
65              char c = expression.charAt(i);
66  
67              // Enforce NameChar convention as specified
68              // http://www.w3.org/TR/REC-xml/#NT-NameChar
69              // Valid characters for NameChar
70              // ":" | [A-Z] | "_" | [a-z] | [#xC0-#xD6] | [#xD8-#xF6] | 
71              // [#xF8-#x2FF] | [#x370-#x37D] | [#x37F-#x1FFF] | [#x200C-#x200D] | 
72              // [#x2070-#x218F] | [#x2C00-#x2FEF] | [#x3001-#xD7FF] | [#xF900-#xFDCF] 
73              // | [#xFDF0-#xFFFD] | [#x10000-#xEFFFF]
74              // "-" | "." | [0-9] | #xB7 | [#x0300-#x036F] | [#x203F-#x2040]
75              // Excluding ":" 
76              if ( (c >='A' && c <='Z') || c == '_' || (c >='a' && c <='z') || 
77                   (c >=0xC0 && c <=0xD6) || (c >=0xD8 && c <=0xF6) || 
78                   (c >=0xF8 && c <=0x2FF) || (c >=0x370 && c <=0x37D) || 
79                   (c >=0x37F && c <=0x1FFF) || (c >=0x200C && c <=0x200D) ||
80                   (c >=0x2070 && c <=0x218F) || (c >=0x2C00 && c <=0x2FEF) || 
81                   (c >=0x3001 && c <=0xD7FF) || (c >=0xF900 && c <=0xFDCF) ||
82                   (c >=0xFDF0 && c <=0xFFFD) || (c >=0x10000 && c <=0xEFFFF) ||
83                   c == '-' || (c >='0' && c <='9') || c == 0xB7 || (c >=0x300 && c <=0x36F) || 
84                   (c >=0x203F && c <=0x2040) || (allowSlash && c == '/')
85                   )
86              {
87                  continue;
88              }
89              else if (c == '.')
90              {
91                  if (i+2 < expression.length())
92                  {
93                      char c1 = expression.charAt(i+1);
94                      char c2 = expression.charAt(i+2);
95                      if (c == c1 && (c2 == '/' || c2 == '\\' ) )
96                      {
97                          return false;
98                      }
99                  }
100                 continue;
101             }
102             else
103             {
104                 return false;
105             }
106         }
107         if (expression.length() >= 3)
108         {
109             int length = expression.length();
110             if ( (expression.charAt(length-3) == '/' || expression.charAt(length-3) == '\\' ) && 
111                   expression.charAt(length-2) == '.' &&
112                   expression.charAt(length-1) == '.' )
113             {
114                 return false;
115             }
116         }
117         return true;
118     }
119     
120     private static boolean validateResourceName(String expression, boolean allowSlash)
121     {
122         if (expression.length() == 2 && 
123             expression.charAt(0) == '.' &&
124             expression.charAt(1) == '.')
125         {
126             return false;
127         }
128         for (int i = 0; i < expression.length(); i++)
129         {
130             char c = expression.charAt(i);
131 
132             // Enforce NameChar convention as specified
133             // http://www.w3.org/TR/REC-xml/#NT-NameChar
134             // Valid characters for NameChar
135             // ":" | [A-Z] | "_" | [a-z] | [#xC0-#xD6] | [#xD8-#xF6] | 
136             // [#xF8-#x2FF] | [#x370-#x37D] | [#x37F-#x1FFF] | [#x200C-#x200D] | 
137             // [#x2070-#x218F] | [#x2C00-#x2FEF] | [#x3001-#xD7FF] | [#xF900-#xFDCF] 
138             // | [#xFDF0-#xFFFD] | [#x10000-#xEFFFF]
139             // "-" | "." | [0-9] | #xB7 | [#x0300-#x036F] | [#x203F-#x2040]
140             // Excluding ":" 
141             
142             // Forbidden chars by win
143             // < (less than)
144             // > (greater than)
145             // : (colon)
146             // " (double quote)
147             // / (forward slash)
148             // \ (backslash)
149             // | (vertical bar or pipe)
150             // ? (question mark)
151             // * (asterisk)
152             // Do not use chars in UNIX because they have special meaning
153             // *&%$|^/\~
154             if ( (c >='A' && c <='Z') || c == '_' || (c >='a' && c <='z') || 
155                  (c >=0xC0 && c <=0xD6) || (c >=0xD8 && c <=0xF6) || 
156                  (c >=0xF8 && c <=0x2FF) || (c >=0x370 && c <=0x37D) || 
157                  (c >=0x37F && c <=0x1FFF) || (c >=0x200C && c <=0x200D) ||
158                  (c >=0x2070 && c <=0x218F) || (c >=0x2C00 && c <=0x2FEF) || 
159                  (c >=0x3001 && c <=0xD7FF) || (c >=0xF900 && c <=0xFDCF) ||
160                  (c >=0xFDF0 && c <=0xFFFD) || (c >=0x10000 && c <=0xEFFFF) ||
161                  (c == '-') || (c >='0' && c <='9') || c == 0xB7 || (c >=0x300 && c <=0x36F) || 
162                  (c >=0x203F && c <=0x2040) || (allowSlash && c == '/') ||
163                  (c == '!') || (c == '#') || (c == '\'') || (c == '(') || (c == ')') ||
164                  (c == '+') || (c == ',') || (c == ';' ) || (c == '=') || 
165                  (c == '@') || (c == '[') || (c == ']' ) || (c == '{') || (c == '}'))
166             {
167                 continue;
168             }
169             else if (c == '.')
170             {
171                 if (i+2 < expression.length())
172                 {
173                     char c1 = expression.charAt(i+1);
174                     char c2 = expression.charAt(i+2);
175                     if (c == c1 && (c2 == '/' || c2 == '\\' ) )
176                     {
177                         return false;
178                     }
179                 }
180                 continue;
181             }
182             else
183             {
184                 return false;
185             }
186         }
187         if (expression.length() >= 3)
188         {
189             int length = expression.length();
190             if ( (expression.charAt(length-3) == '/' || expression.charAt(length-3) == '\\' ) && 
191                   expression.charAt(length-2) == '.' &&
192                   expression.charAt(length-1) == '.' )
193             {
194                 return false;
195             }
196         }
197         return true;
198     }
199 }