Skip to content

Commit

Permalink
Ban call of URLEncoder.encode/URLDecoder.decode(String,String)
Browse files Browse the repository at this point in the history
Use URLEncoder.encode/URLDecoder.decode(String,Charset) instead
  • Loading branch information
quaff committed Dec 12, 2023
1 parent 0fe7d78 commit e5dcfcc
Show file tree
Hide file tree
Showing 6 changed files with 32 additions and 15 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@

import java.io.File;
import java.io.IOException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.file.Files;
import java.nio.file.StandardOpenOption;
import java.util.List;
Expand Down Expand Up @@ -60,6 +62,7 @@
* {@link Task} that checks for architecture problems.
*
* @author Andy Wilkinson
* @author Yanming Zhou
*/
public abstract class ArchitectureCheck extends DefaultTask {

Expand All @@ -71,7 +74,8 @@ public ArchitectureCheck() {
allBeanPostProcessorBeanMethodsShouldBeStaticAndHaveParametersThatWillNotCausePrematureInitialization(),
allBeanFactoryPostProcessorBeanMethodsShouldBeStaticAndHaveNoParameters(),
noClassesShouldCallStepVerifierStepVerifyComplete(),
noClassesShouldConfigureDefaultStepVerifierTimeout(), noClassesShouldCallCollectorsToList());
noClassesShouldConfigureDefaultStepVerifierTimeout(), noClassesShouldCallCollectorsToList(),
noClassesShouldCallURLEncoderWithStringEncoding(), noClassesShouldCallURLDecoderWithStringEncoding());
getRuleDescriptions().set(getRules().map((rules) -> rules.stream().map(ArchRule::getDescription).toList()));
}

Expand Down Expand Up @@ -190,6 +194,20 @@ private ArchRule noClassesShouldCallCollectorsToList() {
.because("java.util.stream.Stream.toList() should be used instead");
}

private ArchRule noClassesShouldCallURLEncoderWithStringEncoding() {
return ArchRuleDefinition.noClasses()
.should()
.callMethod(URLEncoder.class, "encode", String.class, String.class)
.because("java.net.URLEncoder.encode(String s, Charset charset) should be used instead");
}

private ArchRule noClassesShouldCallURLDecoderWithStringEncoding() {
return ArchRuleDefinition.noClasses()
.should()
.callMethod(URLDecoder.class, "decode", String.class, String.class)
.because("java.net.URLDecoder.decode(String s, Charset charset) should be used instead");
}

public void setClasses(FileCollection classes) {
this.classes = classes;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import java.net.URL;
import java.net.URLClassLoader;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
Expand Down Expand Up @@ -159,7 +160,7 @@ private static List<URL> getUrlsFromManifestClassPathAttribute(URL jarUrl, JarFi
urls.add(referenced);
}
else {
referenced = new URL(jarUrl, URLDecoder.decode(entry, "UTF-8"));
referenced = new URL(jarUrl, URLDecoder.decode(entry, StandardCharsets.UTF_8));
if (new File(referenced.getFile()).exists()) {
urls.add(referenced);
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2012-2022 the original author or authors.
* Copyright 2012-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand All @@ -20,6 +20,7 @@
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;

import jakarta.servlet.ServletContext;
import org.junit.jupiter.api.Test;
Expand Down Expand Up @@ -80,7 +81,7 @@ protected String getResourceLocation(String path) {
};
URL resource = context.getResource("/");
assertThat(resource).isNotNull();
File file = new File(URLDecoder.decode(resource.getPath(), "UTF-8"));
File file = new File(URLDecoder.decode(resource.getPath(), StandardCharsets.UTF_8));
assertThat(file).exists().isDirectory();
String[] contents = file.list((dir, name) -> !(".".equals(name) || "..".equals(name)));
assertThat(contents).isNotNull();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,12 @@
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Constructor;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
Expand Down Expand Up @@ -225,9 +225,9 @@ private InputStream getResource(String config) throws Exception {
return getFileResource(config);
}

private String handleUrl(String path) throws UnsupportedEncodingException {
private String handleUrl(String path) {
if (path.startsWith("jar:file:") || path.startsWith("file:")) {
path = URLDecoder.decode(path, "UTF-8");
path = URLDecoder.decode(path, StandardCharsets.UTF_8);
if (path.startsWith("file:")) {
path = path.substring("file:".length());
if (path.startsWith("//")) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
import java.net.URLConnection;
import java.net.URLEncoder;
import java.net.URLStreamHandler;
import java.nio.charset.StandardCharsets;
import java.security.Permission;

/**
Expand Down Expand Up @@ -318,13 +319,8 @@ private void write(String source, ByteArrayOutputStream outputStream) {
for (int i = 0; i < length; i++) {
int c = source.charAt(i);
if (c > 127) {
try {
String encoded = URLEncoder.encode(String.valueOf((char) c), "UTF-8");
write(encoded, outputStream);
}
catch (UnsupportedEncodingException ex) {
throw new IllegalStateException(ex);
}
String encoded = URLEncoder.encode(String.valueOf((char) c), StandardCharsets.UTF_8);
write(encoded, outputStream);
}
else {
if (c == '%') {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
import java.io.IOException;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
Expand Down Expand Up @@ -553,7 +554,7 @@ public void removeResourceChangeListener(ResourceChangeListener listener) {

private URLResource getMetaInfResource(URL resourceJar, String path) {
try {
String urlPath = URLEncoder.encode(ENCODED_SLASH.matcher(path).replaceAll("/"), "UTF-8");
String urlPath = URLEncoder.encode(ENCODED_SLASH.matcher(path).replaceAll("/"), StandardCharsets.UTF_8);
URL resourceUrl = new URL(resourceJar + "META-INF/resources" + urlPath);
URLResource resource = new URLResource(resourceUrl, path);
if (resource.getContentLength() < 0) {
Expand Down

0 comments on commit e5dcfcc

Please sign in to comment.