From cad6b749231be8c91fcfd3616934032b5dfd3614 Mon Sep 17 00:00:00 2001 From: Alexandre Montplaisir Date: Thu, 19 May 2016 17:55:02 -0400 Subject: [PATCH] Restrict Java context retriever names to a set of valid characters Since the context/retriever names end up as-is as part of the metadata, only alphanumerical characters, periods "." and underscores "_" should be accepted. The names must also not start with a number. Refuse registration of retriever names that do not respect these conditions, so that the problem is reported right away to the application. Signed-off-by: Alexandre Montplaisir Signed-off-by: Mathieu Desnoyers --- .../ust/agent/context/ContextInfoManager.java | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/liblttng-ust-java-agent/java/lttng-ust-agent-common/org/lttng/ust/agent/context/ContextInfoManager.java b/liblttng-ust-java-agent/java/lttng-ust-agent-common/org/lttng/ust/agent/context/ContextInfoManager.java index c3999b5d..86ded59b 100644 --- a/liblttng-ust-java-agent/java/lttng-ust-agent-common/org/lttng/ust/agent/context/ContextInfoManager.java +++ b/liblttng-ust-java-agent/java/lttng-ust-agent-common/org/lttng/ust/agent/context/ContextInfoManager.java @@ -21,6 +21,8 @@ import java.io.IOException; import java.util.HashMap; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; +import java.util.regex.Matcher; +import java.util.regex.Pattern; /** * The singleton manager of {@link IContextInfoRetriever} objects. @@ -31,6 +33,8 @@ public final class ContextInfoManager { private static final String SHARED_LIBRARY_NAME = "lttng-ust-context-jni"; + private static final Pattern VALID_CONTEXT_NAME_PATTERN = Pattern.compile("^[a-zA-Z0-9_\\.]+$"); + private static ContextInfoManager instance; private final Map contextInfoRetrievers = new ConcurrentHashMap(); @@ -95,6 +99,10 @@ public final class ContextInfoManager { */ public boolean registerContextInfoRetriever(String retrieverName, IContextInfoRetriever contextInfoRetriever) { synchronized (retrieverLock) { + if (!validateRetrieverName(retrieverName)) { + return false; + } + if (contextInfoRetrievers.containsKey(retrieverName)) { /* * There is already a retriever registered with that name, @@ -157,4 +165,24 @@ public final class ContextInfoManager { public IContextInfoRetriever getContextInfoRetriever(String retrieverName) { return contextInfoRetrievers.get(retrieverName); } + + /** + * Validate that the given retriever name contains only the allowed + * characters, which are alphanumerical characters, period "." and + * underscore "_". The name must also not start with a number. + */ + private static boolean validateRetrieverName(String contextName) { + if (contextName.isEmpty()) { + return false; + } + + /* First character must not be a number */ + if (Character.isDigit(contextName.charAt(0))) { + return false; + } + + /* Validate the other characters of the string */ + Matcher matcher = VALID_CONTEXT_NAME_PATTERN.matcher(contextName); + return matcher.matches(); + } } -- 2.34.1