diff --git a/maven-model-builder/src/main/java/org/apache/maven/model/path/DefaultUrlNormalizer.java b/maven-model-builder/src/main/java/org/apache/maven/model/path/DefaultUrlNormalizer.java index 9b9216d8eb21..af445a4137bc 100644 --- a/maven-model-builder/src/main/java/org/apache/maven/model/path/DefaultUrlNormalizer.java +++ b/maven-model-builder/src/main/java/org/apache/maven/model/path/DefaultUrlNormalizer.java @@ -43,10 +43,15 @@ public String normalize( String url ) while ( true ) { int idx = result.indexOf( "/../" ); - if ( idx <= 0 ) + if ( idx < 0 ) { break; } + else if ( idx == 0 ) + { + result = result.substring( 3 ); + continue; + } int parent = idx - 1; while ( parent >= 0 && result.charAt( parent ) == '/' ) { @@ -55,9 +60,12 @@ public String normalize( String url ) parent = result.lastIndexOf( '/', parent ); if ( parent < 0 ) { - break; + result = result.substring( idx + 4 ); + } + else + { + result = result.substring( 0, parent ) + result.substring( idx + 3 ); } - result = result.substring( 0, parent ) + result.substring( idx + 3 ); } } diff --git a/maven-model-builder/src/test/java/org/apache/maven/model/path/DefaultUrlNormalizerTest.java b/maven-model-builder/src/test/java/org/apache/maven/model/path/DefaultUrlNormalizerTest.java index 88fdc9cfb897..095ff6294269 100644 --- a/maven-model-builder/src/test/java/org/apache/maven/model/path/DefaultUrlNormalizerTest.java +++ b/maven-model-builder/src/test/java/org/apache/maven/model/path/DefaultUrlNormalizerTest.java @@ -19,45 +19,31 @@ * under the License. */ -import junit.framework.TestCase; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; + +import org.junit.Test; /** * @author Benjamin Bentmann */ public class DefaultUrlNormalizerTest - extends TestCase { - private UrlNormalizer normalizer; - - @Override - protected void setUp() - throws Exception - { - super.setUp(); - - normalizer = new DefaultUrlNormalizer(); - } - - @Override - protected void tearDown() - throws Exception - { - normalizer = null; - - super.tearDown(); - } + private UrlNormalizer normalizer = new DefaultUrlNormalizer(); private String normalize( String url ) { return normalizer.normalize( url ); } + @Test public void testNullSafe() { assertNull( normalize( null ) ); } + @Test public void testTrailingSlash() { assertEquals( "", normalize( "" ) ); @@ -65,6 +51,7 @@ public void testTrailingSlash() assertEquals( "http://server.org/dir/", normalize( "http://server.org/dir/" ) ); } + @Test public void testRemovalOfParentRefs() { assertEquals( "http://server.org/child", normalize( "http://server.org/parent/../child" ) ); @@ -74,6 +61,7 @@ public void testRemovalOfParentRefs() assertEquals( "http://server.org/child", normalize( "http://server.org/parent//../child" ) ); } + @Test public void testPreservationOfDoubleSlashes() { assertEquals( "scm:hg:ssh://localhost//home/user", normalize( "scm:hg:ssh://localhost//home/user" ) ); @@ -82,4 +70,21 @@ public void testPreservationOfDoubleSlashes() normalize( "[fetch=]http://server.org/[push=]ssh://server.org/" ) ); } + @Test + public void absolutePathTraversalPastRootIsOmitted() + { + assertEquals( "/", normalize("/../" ) ); + } + + @Test + public void parentDirectoryRemovedFromRelativeUriReference() + { + assertEquals( "", normalize( "a/../" ) ); + } + + @Test + public void leadingParentDirectoryNotRemovedFromRelativeUriReference() + { + assertEquals( "../", normalize( "../" ) ); + } }