Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix path parameter sanitization #797

Merged
merged 2 commits into from
Apr 23, 2020
Merged

Fix path parameter sanitization #797

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bf2c763
fix sanitization
sujaygarlanka Apr 23, 2020
61436f7
Update CHANGELOG.md
sujaygarlanka Apr 23, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

## Next Release
- Add support for the uploader display name field for Files and File Versions ([#791](https://github.com/box/box-java-sdk/pull/791))
- Fix path parameter sanitization ([#797](https://github.com/box/box-java-sdk/pull/797))

## 2.46.0 [2020-04-09]
- Fix retry logic ([#787](https://github.com/box/box-java-sdk/pull/787))
Expand Down
16 changes: 8 additions & 8 deletions src/main/java/com/box/sdk/URLTemplate.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ public URL build(String base, Object... values) {
String valueString = String.valueOf(value);
Boolean test = NUMERIC.matcher(valueString).matches();
if (!NUMERIC.matcher(valueString).matches()) {
assert false : "An invalid path parameter passed in. It must be numeric.";
throw new BoxAPIException("An invalid path parameter passed in. It must be numeric.");
}
}
String urlString = String.format(base + this.template, values);
Expand All @@ -40,7 +40,7 @@ public URL build(String base, Object... values) {
try {
url = new URL(urlString);
} catch (MalformedURLException e) {
assert false : "A valid URL could not be constructed from the provided parameters.";
throw new BoxAPIException("An invalid path parameter passed in. It must be numeric.");
}

return url;
Expand All @@ -57,7 +57,7 @@ public URL buildAlpha(String base, Object... values) {
String valueString = String.valueOf(value);
Boolean test = ALPHA_NUMERIC.matcher(valueString).matches();
if (!ALPHA_NUMERIC.matcher(valueString).matches()) {
assert false : "An invalid path parameter passed in. It must be alphanumeric.";
throw new BoxAPIException("An invalid path parameter passed in. It must be alphanumeric.");
}
}
String urlString = String.format(base + this.template, values);
Expand All @@ -66,7 +66,7 @@ public URL buildAlpha(String base, Object... values) {
try {
url = new URL(urlString);
} catch (MalformedURLException e) {
assert false : "A valid URL could not be constructed from the provided parameters.";
throw new BoxAPIException("A valid URL could not be constructed from the provided parameters.");
}

return url;
Expand All @@ -83,15 +83,15 @@ public URL buildWithQuery(String base, String queryString, Object... values) {
for (Object value: values) {
String valueString = String.valueOf(value);
if (!NUMERIC.matcher(valueString).matches()) {
assert false : "An invalid path param passed in. It must be numeric.";
throw new BoxAPIException("An invalid path param passed in. It must be numeric.");
}
}
String urlString = String.format(base + this.template, values) + queryString;
URL url = null;
try {
url = new URL(urlString);
} catch (MalformedURLException e) {
assert false : "A valid URL could not be constructed from the provided parameters.";
throw new BoxAPIException("A valid URL could not be constructed from the provided parameters.");
}

return url;
Expand All @@ -108,15 +108,15 @@ public URL buildAlphaWithQuery(String base, String queryString, Object... values
for (Object value: values) {
String valueString = String.valueOf(value);
if (!ALPHA_NUMERIC.matcher(valueString).matches()) {
assert false : "An invalid path param passed in. It must be alphanumeric.";
throw new BoxAPIException("An invalid path param passed in. It must be alphanumeric.");
}
}
String urlString = String.format(base + this.template, values) + queryString;
URL url = null;
try {
url = new URL(urlString);
} catch (MalformedURLException e) {
assert false : "A valid URL could not be constructed from the provided parameters.";
throw new BoxAPIException("A valid URL could not be constructed from the provided parameters.");
}

return url;
Expand Down
10 changes: 5 additions & 5 deletions src/test/java/com/box/sdk/BoxURLTemplateTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,12 @@ public void testBuildSucceeds() {
public void testBuildFails() {
URLTemplate template = new URLTemplate("test/%s");
try {
URL url = template.build(BASE_URL, "1fdsa45");
} catch (AssertionError e) {
URL url = template.build(BASE_URL, "123dfest");
} catch (BoxAPIException e) {
Assert.assertEquals("An invalid path parameter passed in. It must be numeric.", e.getMessage());
return;
}
Assert.fail("Never threw an AssertionError");
Assert.fail("Never threw a BoxAPIException");
}

/**
Expand All @@ -64,10 +64,10 @@ public void testBuildAlphaFails() {
URLTemplate template = new URLTemplate("test/%s");
try {
URL url = template.buildAlpha(BASE_URL, "1234.45/43/5");
} catch (AssertionError e) {
} catch (BoxAPIException e) {
Assert.assertEquals("An invalid path parameter passed in. It must be alphanumeric.", e.getMessage());
return;
}
Assert.fail("Never threw an AssertionError");
Assert.fail("Never threw a BoxAPIException");
}
}