View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.myfaces.shared.resource;
20  
21  public class ResourceValidationUtils
22  {
23      public static boolean isValidResourceName(String resourceName)
24      {
25          return validateResourceName(resourceName, true);
26      }
27      
28      public static boolean isValidLibraryName(String libraryName)
29      {
30          return validate(libraryName, false);
31      }
32      
33      public static boolean isValidLibraryName(String libraryName, boolean allowSlash)
34      {
35          return validate(libraryName, allowSlash);
36      }
37      
38      public static boolean isValidResourceId(String resourceId)
39      {
40          // Follow the same rules as for resourceName, but check resourceId does not
41          // start with '/'
42          return resourceId.length() > 0 && resourceId.charAt(0) != '/' && 
43              validateResourceName(resourceId, true); 
44      }
45      
46      public static boolean isValidViewResource(String resourceId)
47      {
48          // Follow the same rules as for resourceName, but check resourceId does not
49          // start with '/'
50          return validateResourceName(resourceId, true);
51      }
52      
53      public static boolean isValidContractName(String contractName)
54      {
55          return validate(contractName, false);
56      }    
57      
58      public static boolean isValidLocalePrefix(String localePrefix)
59      {
60          for (int i = 0, length = localePrefix.length(); i < length; i++)
61          {
62              char c = localePrefix.charAt(i);
63              if ( (c >='A' && c <='Z') || c == '_' || (c >='a' && c <='z') || (c >='0' && c <='9') )
64              {
65                  continue;
66              }
67              else
68              {
69                  return false;
70              }
71          }
72          return true;
73      }
74      
75      public static boolean isValidPath(String path)
76      {
77          return validate(path, true);
78      }
79      
80      private static boolean validate(String expression, boolean allowSlash)
81      {
82          int length = expression.length();
83          if (length == 2 && 
84              expression.charAt(0) == '.' &&
85              expression.charAt(1) == '.')
86          {
87              return false;
88          }
89          for (int i = 0; i < length; i++)
90          {
91              char c = expression.charAt(i);
92  
93              // Enforce NameChar convention as specified
94              // http://www.w3.org/TR/REC-xml/#NT-NameChar
95              // Valid characters for NameChar
96              // ":" | [A-Z] | "_" | [a-z] | [#xC0-#xD6] | [#xD8-#xF6] | 
97              // [#xF8-#x2FF] | [#x370-#x37D] | [#x37F-#x1FFF] | [#x200C-#x200D] | 
98              // [#x2070-#x218F] | [#x2C00-#x2FEF] | [#x3001-#xD7FF] | [#xF900-#xFDCF] 
99              // | [#xFDF0-#xFFFD] | [#x10000-#xEFFFF]
100             // "-" | "." | [0-9] | #xB7 | [#x0300-#x036F] | [#x203F-#x2040]
101             // Excluding ":" 
102             if ( (c >='A' && c <='Z') || c == '_' || (c >='a' && c <='z') || 
103                  (c >=0xC0 && c <=0xD6) || (c >=0xD8 && c <=0xF6) || 
104                  (c >=0xF8 && c <=0x2FF) || (c >=0x370 && c <=0x37D) || 
105                  (c >=0x37F && c <=0x1FFF) || (c >=0x200C && c <=0x200D) ||
106                  (c >=0x2070 && c <=0x218F) || (c >=0x2C00 && c <=0x2FEF) || 
107                  (c >=0x3001 && c <=0xD7FF) || (c >=0xF900 && c <=0xFDCF) ||
108                  (c >=0xFDF0 && c <=0xFFFD) || (c >=0x10000 && c <=0xEFFFF) ||
109                  c == '-' || (c >='0' && c <='9') || c == 0xB7 || (c >=0x300 && c <=0x36F) || 
110                  (c >=0x203F && c <=0x2040) || (allowSlash && c == '/')
111                  )
112             {
113                 continue;
114             }
115             else if (c == '.')
116             {
117                 if (i+2 < length)
118                 {
119                     char c1 = expression.charAt(i+1);
120                     char c2 = expression.charAt(i+2);
121                     if (c == c1 && (c2 == '/' || c2 == '\\' ) )
122                     {
123                         return false;
124                     }
125                 }
126                 continue;
127             }
128             else
129             {
130                 return false;
131             }
132         }
133         if (length >= 3)
134         {
135             if ( (expression.charAt(length-3) == '/' || expression.charAt(length-3) == '\\' ) && 
136                   expression.charAt(length-2) == '.' &&
137                   expression.charAt(length-1) == '.' )
138             {
139                 return false;
140             }
141         }
142         return true;
143     }
144     
145     private static boolean validateResourceName(String expression, boolean allowSlash)
146     {
147         int length = expression.length();
148         if (length == 2 && 
149             expression.charAt(0) == '.' &&
150             expression.charAt(1) == '.')
151         {
152             return false;
153         }
154         for (int i = 0; i < length; i++)
155         {
156             char c = expression.charAt(i);
157 
158             // Enforce NameChar convention as specified
159             // http://www.w3.org/TR/REC-xml/#NT-NameChar
160             // Valid characters for NameChar
161             // ":" | [A-Z] | "_" | [a-z] | [#xC0-#xD6] | [#xD8-#xF6] | 
162             // [#xF8-#x2FF] | [#x370-#x37D] | [#x37F-#x1FFF] | [#x200C-#x200D] | 
163             // [#x2070-#x218F] | [#x2C00-#x2FEF] | [#x3001-#xD7FF] | [#xF900-#xFDCF] 
164             // | [#xFDF0-#xFFFD] | [#x10000-#xEFFFF]
165             // "-" | "." | [0-9] | #xB7 | [#x0300-#x036F] | [#x203F-#x2040]
166             // Excluding ":" 
167             
168             // Forbidden chars by win
169             // < (less than)
170             // > (greater than)
171             // : (colon)
172             // " (double quote)
173             // / (forward slash)
174             // \ (backslash)
175             // | (vertical bar or pipe)
176             // ? (question mark)
177             // * (asterisk)
178             // Do not use chars in UNIX because they have special meaning
179             // *&%$|^/\~
180             if ( (c >='A' && c <='Z') || c == '_' || (c >='a' && c <='z') || 
181                  (c >=0xC0 && c <=0xD6) || (c >=0xD8 && c <=0xF6) || 
182                  (c >=0xF8 && c <=0x2FF) || (c >=0x370 && c <=0x37D) || 
183                  (c >=0x37F && c <=0x1FFF) || (c >=0x200C && c <=0x200D) ||
184                  (c >=0x2070 && c <=0x218F) || (c >=0x2C00 && c <=0x2FEF) || 
185                  (c >=0x3001 && c <=0xD7FF) || (c >=0xF900 && c <=0xFDCF) ||
186                  (c >=0xFDF0 && c <=0xFFFD) || (c >=0x10000 && c <=0xEFFFF) ||
187                  (c == '-') || (c >='0' && c <='9') || c == 0xB7 || (c >=0x300 && c <=0x36F) || 
188                  (c >=0x203F && c <=0x2040) || (allowSlash && c == '/') ||
189                  (c == '!') || (c == '#') || (c == '\'') || (c == '(') || (c == ')') ||
190                  (c == '+') || (c == ',') || (c == ';' ) || (c == '=') || 
191                  (c == '@') || (c == '[') || (c == ']' ) || (c == '{') || (c == '}'))
192             {
193                 continue;
194             }
195             else if (c == '.')
196             {
197                 if (i+2 < length)
198                 {
199                     char c1 = expression.charAt(i+1);
200                     char c2 = expression.charAt(i+2);
201                     if (c == c1 && (c2 == '/' || c2 == '\\' ) )
202                     {
203                         return false;
204                     }
205                 }
206                 continue;
207             }
208             else
209             {
210                 return false;
211             }
212         }
213         if (length >= 3)
214         {
215             if ( (expression.charAt(length-3) == '/' || expression.charAt(length-3) == '\\' ) && 
216                   expression.charAt(length-2) == '.' &&
217                   expression.charAt(length-1) == '.' )
218             {
219                 return false;
220             }
221         }
222         return true;
223     }
224 }