/hg/icedtea-web: fixed handling of connect url and added socket ...

[jvanek at icedtea.classpath.org]

changeset b947373b064a in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=b947373b064a
author: Jiri Vanek <jvanek at redhat.com>
date: Fri Sep 25 17:03:06 2015 +0200

	fixed handling of connect url and added socket reading from internal server


diffstat:

 ChangeLog                                                          |   7 ++
 tests/reproducers/signed/SOPBypassSigned/srcs/SOPBypassSigned.java |  35 ++++++++--
 tests/reproducers/simple/SOPBypass/srcs/SOPBypass.java             |  35 ++++++++--
 3 files changed, 63 insertions(+), 14 deletions(-)

diffs (158 lines):

diff -r b02ae452f99f -r b947373b064a ChangeLog
--- a/ChangeLog	Thu Sep 24 16:32:30 2015 +0200
+++ b/ChangeLog	Fri Sep 25 17:03:06 2015 +0200
@@ -1,3 +1,10 @@
+2015-09-25  Jiri Vanek  <jvanek at redhat.com>
+
+	* tests/reproducers/signed/SOPBypassSigned/srcs/SOPBypassSigned.java
+	fixed handling of connect url and added socket reading from internal server
+	* tests/reproducers/simple/SOPBypass/srcs/SOPBypass.java
+	same
+
 2015-09-24  Jiri Vanek  <jvanek at redhat.com>
 
 	SOPBypass reprodcuer addapted to use instance of internal server as unrleated url
diff -r b02ae452f99f -r b947373b064a tests/reproducers/signed/SOPBypassSigned/srcs/SOPBypassSigned.java
--- a/tests/reproducers/signed/SOPBypassSigned/srcs/SOPBypassSigned.java	Thu Sep 24 16:32:30 2015 +0200
+++ b/tests/reproducers/signed/SOPBypassSigned/srcs/SOPBypassSigned.java	Fri Sep 25 17:03:06 2015 +0200
@@ -122,15 +122,25 @@
     void attemptSocketConnection(String host, int port, String resource, String id, boolean sendData) {
         boolean connected = true;
         try {
-            Socket local = new Socket();
+            final Socket local = new Socket();
             local.bind(null);
             local.connect(new InetSocketAddress(host, port));
+            final BufferedReader br = new BufferedReader(new InputStreamReader(local.getInputStream()));
+            final PrintWriter writer = new PrintWriter(local.getOutputStream(), true);
             if (sendData) {
-                try (PrintWriter writer = new PrintWriter(local.getOutputStream(), true)) {
-                    writer.println("test");
+                writer.println("GET /" + reachableResource + " HTTP/1.1");
+                writer.println("Host: " + "itwTest");
+                writer.println("Accept: */*");
+                writer.println("User-Agent: Java"); //used to it to much
+                writer.println(""); // Important, else the server will expect that there's more into the request.
+                writer.flush();
+                String s = getText(br);
+                System.out.println("" + s);
+                if (s == null || s.trim().isEmpty()) {
+                    connected = false;
                 }
+                local.close();
             }
-            local.close();
         } catch (Exception e) {
             connected = false;
             e.printStackTrace();
@@ -233,8 +243,12 @@
 
     private URL concateUrlAndResource(URL url, String resource) {
         String s = url.toExternalForm();
+        String badResource1 = resource.replace("-filtered", "");
+        String badResource2 = badResource1.replace("Signed", "");
         //see testcases for usages
         s = s.replace("/codebase/", "/");
+        s = s.replace("/"+badResource1, "/");
+        s = s.replace("/"+badResource2, "/");
         try {
             //docbase may have it
             if (s.endsWith(resource)) {
@@ -253,15 +267,22 @@
         }
     }
 
-    public static String getText(InputStream is ) throws Exception {
+    public static String getText(InputStream is) throws Exception {
         BufferedReader in = new BufferedReader(new InputStreamReader(is));
+        try {
+            return getText(in);
+        } finally {
+            in.close();
+        }
+    }
+
+    public static String getText(BufferedReader in) throws Exception {
+
         StringBuilder response = new StringBuilder();
         String inputLine;
         while ((inputLine = in.readLine()) != null) {
             response.append(inputLine);
         }
-        in.close();
-
         return response.toString();
     }
 
diff -r b02ae452f99f -r b947373b064a tests/reproducers/simple/SOPBypass/srcs/SOPBypass.java
--- a/tests/reproducers/simple/SOPBypass/srcs/SOPBypass.java	Thu Sep 24 16:32:30 2015 +0200
+++ b/tests/reproducers/simple/SOPBypass/srcs/SOPBypass.java	Fri Sep 25 17:03:06 2015 +0200
@@ -122,15 +122,25 @@
     void attemptSocketConnection(String host, int port, String resource, String id, boolean sendData) {
         boolean connected = true;
         try {
-            Socket local = new Socket();
+            final Socket local = new Socket();
             local.bind(null);
             local.connect(new InetSocketAddress(host, port));
+            final BufferedReader br = new BufferedReader(new InputStreamReader(local.getInputStream()));
+            final PrintWriter writer = new PrintWriter(local.getOutputStream(), true);
             if (sendData) {
-                try (PrintWriter writer = new PrintWriter(local.getOutputStream(), true)) {
-                    writer.println("test");
+                writer.println("GET /" + reachableResource + " HTTP/1.1");
+                writer.println("Host: " + "itwTest");
+                writer.println("Accept: */*");
+                writer.println("User-Agent: Java"); //used to it to much
+                writer.println(""); // Important, else the server will expect that there's more into the request.
+                writer.flush();
+                String s = getText(br);
+                System.out.println("" + s);
+                if (s == null || s.trim().isEmpty()) {
+                    connected = false;
                 }
+                local.close();
             }
-            local.close();
         } catch (Exception e) {
             connected = false;
             e.printStackTrace();
@@ -233,8 +243,12 @@
 
     private URL concateUrlAndResource(URL url, String resource) {
         String s = url.toExternalForm();
+        String badResource1 = resource.replace("-filtered", "");
+        String badResource2 = badResource1.replace("Signed", "");
         //see testcases for usages
         s = s.replace("/codebase/", "/");
+        s = s.replace("/"+badResource1, "/");
+        s = s.replace("/"+badResource2, "/");
         try {
             //docbase may have it
             if (s.endsWith(resource)) {
@@ -253,15 +267,22 @@
         }
     }
 
-    public static String getText(InputStream is ) throws Exception {
+    public static String getText(InputStream is) throws Exception {
         BufferedReader in = new BufferedReader(new InputStreamReader(is));
+        try {
+            return getText(in);
+        } finally {
+            in.close();
+        }
+    }
+
+    public static String getText(BufferedReader in) throws Exception {
+
         StringBuilder response = new StringBuilder();
         String inputLine;
         while ((inputLine = in.readLine()) != null) {
             response.append(inputLine);
         }
-        in.close();
-
         return response.toString();
     }