packages/snakeyaml
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
snakeyaml/0002-Replace-bundled-gdata-java-client-classes-with-commo.patch
starlet-dx 69ce785feb Update to 1.32 for fix CVE-2022-41854,CVE-2022-25857 and CVE-2022-38749-to-CVE-2022-38752 
(cherry picked from commit e7a054183c24620acb0f0c4c74641f20c624fad2)
2023-03-09 19:45:21 +08:00

61 lines
2.3 KiB
Diff
Raw Permalink Blame History

diff --git a/src/main/java/org/yaml/snakeyaml/util/UriEncoder.java b/src/main/java/org/yaml/snakeyaml/util/UriEncoder.java
index 02c3e43..5ccb842 100644
--- a/src/main/java/org/yaml/snakeyaml/util/UriEncoder.java
+++ b/src/main/java/org/yaml/snakeyaml/util/UriEncoder.java
@@ -22,18 +22,33 @@ import java.nio.charset.CharsetDecoder;
import java.nio.charset.CodingErrorAction;
import java.nio.charset.StandardCharsets;
import org.yaml.snakeyaml.error.YAMLException;
-import org.yaml.snakeyaml.external.com.google.gdata.util.common.base.Escaper;
-import org.yaml.snakeyaml.external.com.google.gdata.util.common.base.PercentEscaper;
+import java.util.BitSet;
+
+import org.apache.commons.codec.net.URLCodec;
public abstract class UriEncoder {
+ // default safe characters which can appear within URI and shouldn't be escaped
+ private static final BitSet allowedCharacters = new BitSet(256);
+
+ static {
+ for (int i = 'a'; i <= 'z'; i++) {
+ allowedCharacters.set(i);
+ }
+ for (int i = 'A'; i <= 'Z'; i++) {
+ allowedCharacters.set(i);
+ }
+ for (int i = '0'; i <= '9'; i++) {
+ allowedCharacters.set(i);
+ }
+ // http://yaml.org/spec/1.1/#escaping%20in%20URI/
+ for (char c : "-_.!~*'()@:$&,;=/[]".toCharArray()) {
+ allowedCharacters.set(c);
+ }
+ }
+
private static final CharsetDecoder UTF8Decoder =
StandardCharsets.UTF_8.newDecoder().onMalformedInput(CodingErrorAction.REPORT);
- // Include the [] chars to the SAFEPATHCHARS_URLENCODER to avoid
- // its escape as required by spec. See
- // http://yaml.org/spec/1.1/#escaping%20in%20URI/
- private static final String SAFE_CHARS = PercentEscaper.SAFEPATHCHARS_URLENCODER + "[]/";
- private static final Escaper escaper = new PercentEscaper(SAFE_CHARS, false);
/**
* Escape special characters with '%'
@@ -42,7 +57,13 @@ public abstract class UriEncoder {
* @return encoded URI
*/
public static String encode(String uri) {
- return escaper.escape(uri);
+ try {
+ byte[] rawdata = URLCodec.encodeUrl(allowedCharacters,
+ uri.getBytes("UTF-8"));
+ return new String(rawdata, 0, rawdata.length, "US-ASCII");
+ } catch (UnsupportedEncodingException e) {
+ throw new YAMLException(e);
+ }
}
/**
Reference in New Issue View Git Blame Copy Permalink