packages/apache-commons-io
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
apache-commons-io/CVE-2021-29425-2.patch
wangxiao65 8308c6716f fix CVE-2021-29425
2021-05-08 15:54:59 +08:00

58 lines
2.5 KiB
Diff
Raw Permalink Blame History

From 71639e041876e4dca28785ac3e61d80ecc33db44 Mon Sep 17 00:00:00 2001
From: Stefan Bodewig <stefan.bodewig@innoq.com>
Date: Wed, 16 May 2018 08:49:15 +0200
Subject: [PATCH 2/4] checkstyle requires javadocs on private methods?
---
.../org/apache/commons/io/FilenameUtils.java | 20 +++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/src/main/java/org/apache/commons/io/FilenameUtils.java b/src/main/java/org/apache/commons/io/FilenameUtils.java
index cdbc41c2..a829f8c7 100644
--- a/src/main/java/org/apache/commons/io/FilenameUtils.java
+++ b/src/main/java/org/apache/commons/io/FilenameUtils.java
@@ -1476,6 +1476,12 @@ public class FilenameUtils {
Pattern.compile("^(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})$");
private static final int IPV4_MAX_OCTET_VALUE = 255;
+ /**
+ * Checks whether a given string represents a valid IPv4 address.
+ *
+ * @param name the name to validate
+ * @return true if the given name is a valid IPv4 address
+ */
// mostly copied from org.apache.commons.validator.routines.InetAddressValidator#isValidInet4Address
private static boolean isIPv4Address(String name) {
Matcher m = IPV4_PATTERN.matcher(name);
@@ -1517,6 +1523,12 @@ public class FilenameUtils {
private static final int BASE_16 = 16;
// copied from org.apache.commons.validator.routines.InetAddressValidator#isValidInet6Address
+ /**
+ * Checks whether a given string represents a valid IPv6 address.
+ *
+ * @param inet6Address the name to validate
+ * @return true if the given name is a valid IPv6 address
+ */
private static boolean isIPv6Address(String inet6Address) {
boolean containsCompressedZeroes = inet6Address.contains("::");
if (containsCompressedZeroes && (inet6Address.indexOf("::") != inet6Address.lastIndexOf("::"))) {
@@ -1582,6 +1594,14 @@ public class FilenameUtils {
private static final Pattern REG_NAME_PART_PATTERN = Pattern.compile("^[a-zA-Z0-9][a-zA-Z0-9-]*$");
+ /**
+ * Checks whether a given string is a valid host name according to
+ * RFC 3986 - not accepting IP addresses.
+ *
+ * @see "https://tools.ietf.org/html/rfc3986#section-3.2.2"
+ * @param name the hostname to validate
+ * @return true if the given name is a valid host name
+ */
private static boolean isRFC3986HostName(String name) {
String[] parts = name.split("\\.", -1);
for (int i = 0; i < parts.length; i++) {
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink