Better input validation in *Store.createUri()

This commit is contained in:
cketti 2011-10-13 02:35:08 +02:00
parent 7a9c747db9
commit b05750c245
4 changed files with 40 additions and 15 deletions

View file

@ -237,7 +237,8 @@ public class ImapStore extends Store {
String passwordEnc; String passwordEnc;
try { try {
userEnc = URLEncoder.encode(server.username, "UTF-8"); userEnc = URLEncoder.encode(server.username, "UTF-8");
passwordEnc = URLEncoder.encode(server.password, "UTF-8"); passwordEnc = (server.password != null) ?
URLEncoder.encode(server.password, "UTF-8") : "";
} }
catch (UnsupportedEncodingException e) { catch (UnsupportedEncodingException e) {
throw new IllegalArgumentException("Could not encode username or password", e); throw new IllegalArgumentException("Could not encode username or password", e);
@ -263,7 +264,15 @@ public class ImapStore extends Store {
break; break;
} }
String userInfo = server.authenticationType + ":" + userEnc + ":" + passwordEnc; AuthType authType;
try {
authType = AuthType.valueOf(server.authenticationType);
} catch (Exception e) {
throw new IllegalArgumentException("Invalid authentication type: " +
server.authenticationType);
}
String userInfo = authType.toString() + ":" + userEnc + ":" + passwordEnc;
try { try {
Map<String, String> extra = server.getExtra(); Map<String, String> extra = server.getExtra();
String prefix = (extra != null) ? extra.get(ImapStoreSettings.PATH_PREFIX_KEY) : null; String prefix = (extra != null) ? extra.get(ImapStoreSettings.PATH_PREFIX_KEY) : null;

View file

@ -121,7 +121,8 @@ public class Pop3Store extends Store {
String passwordEnc; String passwordEnc;
try { try {
userEnc = URLEncoder.encode(server.username, "UTF-8"); userEnc = URLEncoder.encode(server.username, "UTF-8");
passwordEnc = URLEncoder.encode(server.password, "UTF-8"); passwordEnc = (server.password != null) ?
URLEncoder.encode(server.password, "UTF-8") : "";
} }
catch (UnsupportedEncodingException e) { catch (UnsupportedEncodingException e) {
throw new IllegalArgumentException("Could not encode username or password", e); throw new IllegalArgumentException("Could not encode username or password", e);

View file

@ -203,7 +203,8 @@ public class WebDavStore extends Store {
String passwordEnc; String passwordEnc;
try { try {
userEnc = URLEncoder.encode(server.username, "UTF-8"); userEnc = URLEncoder.encode(server.username, "UTF-8");
passwordEnc = URLEncoder.encode(server.password, "UTF-8"); passwordEnc = (server.password != null) ?
URLEncoder.encode(server.password, "UTF-8") : "";
} }
catch (UnsupportedEncodingException e) { catch (UnsupportedEncodingException e) {
throw new IllegalArgumentException("Could not encode username or password", e); throw new IllegalArgumentException("Could not encode username or password", e);
@ -229,15 +230,22 @@ public class WebDavStore extends Store {
break; break;
} }
Map<String, String> extra = server.getExtra();
String userInfo = userEnc + ":" + passwordEnc; String userInfo = userEnc + ":" + passwordEnc;
String path = extra.get(WebDavStoreSettings.PATH_KEY);
path = (path != null) ? path : ""; String uriPath;
String authPath = extra.get(WebDavStoreSettings.AUTH_PATH_KEY); Map<String, String> extra = server.getExtra();
authPath = (authPath != null) ? authPath : ""; if (extra != null) {
String mailboxPath = extra.get(WebDavStoreSettings.MAILBOX_PATH_KEY); String path = extra.get(WebDavStoreSettings.PATH_KEY);
mailboxPath = (mailboxPath != null) ? mailboxPath : ""; path = (path != null) ? path : "";
String uriPath = path + "|" + authPath + "|" + mailboxPath; String authPath = extra.get(WebDavStoreSettings.AUTH_PATH_KEY);
authPath = (authPath != null) ? authPath : "";
String mailboxPath = extra.get(WebDavStoreSettings.MAILBOX_PATH_KEY);
mailboxPath = (mailboxPath != null) ? mailboxPath : "";
uriPath = path + "|" + authPath + "|" + mailboxPath;
} else {
uriPath = "||";
}
try { try {
return new URI(scheme, userInfo, server.host, server.port, uriPath, return new URI(scheme, userInfo, server.host, server.port, uriPath,
null, null).toString(); null, null).toString();

View file

@ -129,8 +129,10 @@ public class SmtpTransport extends Transport {
String userEnc; String userEnc;
String passwordEnc; String passwordEnc;
try { try {
userEnc = URLEncoder.encode(server.username, "UTF-8"); userEnc = (server.username != null) ?
passwordEnc = URLEncoder.encode(server.password, "UTF-8"); URLEncoder.encode(server.username, "UTF-8") : "";
passwordEnc = (server.password != null) ?
URLEncoder.encode(server.password, "UTF-8") : "";
} }
catch (UnsupportedEncodingException e) { catch (UnsupportedEncodingException e) {
throw new IllegalArgumentException("Could not encode username or password", e); throw new IllegalArgumentException("Could not encode username or password", e);
@ -156,7 +158,12 @@ public class SmtpTransport extends Transport {
break; break;
} }
String userInfo = userEnc + ":" + passwordEnc + ":" + server.authenticationType; String authType = server.authenticationType;
if (!"CRAM_MD5".equals(authType) && !"PLAIN".equals(authType)) {
throw new IllegalArgumentException("Invalid authentication type: " + authType);
}
String userInfo = userEnc + ":" + passwordEnc + ":" + authType;
try { try {
return new URI(scheme, userInfo, server.host, server.port, null, null, return new URI(scheme, userInfo, server.host, server.port, null, null,
null).toString(); null).toString();