3x patch (#165)
* CVE-2021-28170 Fix expression delimiter escaping (#160)
Co-authored-by: rmartinc rmartinc@redhat.com
* Fix copyrights (#164)
Signed-off-by: Jorge Bescos Gascon <jorge.bescos.gascon@oracle.com>
* javax adaptation
Signed-off-by: Maxim Nesen <maxim.nesen@oracle.com>
Co-authored-by: TomasHofman <thofman@redhat.com>
Co-authored-by: jbescos <jorge.bescos.gascon@oracle.com>
diff --git a/impl/src/main/java/com/sun/el/parser/ELParser.jjt b/impl/src/main/java/com/sun/el/parser/ELParser.jjt
index 703f6ef..4cccc57 100644
--- a/impl/src/main/java/com/sun/el/parser/ELParser.jjt
+++ b/impl/src/main/java/com/sun/el/parser/ELParser.jjt
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2021 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
@@ -453,8 +453,8 @@
< LITERAL_EXPRESSION:
((~["\\", "$", "#"])
| ("\\" ("\\" | "$" | "#"))
- | ("$" ~["{", "$", "#"])
- | ("#" ~["{", "$", "#"])
+ | ("$" ~["{", "$", "#", "\\"])
+ | ("#" ~["{", "$", "#", "\\"])
)+
| "$"
| "#"
diff --git a/impl/src/main/java/com/sun/el/parser/ELParserTokenManager.java b/impl/src/main/java/com/sun/el/parser/ELParserTokenManager.java
index 0c59560..027fd5d 100644
--- a/impl/src/main/java/com/sun/el/parser/ELParserTokenManager.java
+++ b/impl/src/main/java/com/sun/el/parser/ELParserTokenManager.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2021 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
@@ -205,7 +205,7 @@
jjCheckNAddStates(0, 3);
break;
case 4:
- if ((0xf7ffffffffffffffL & l) == 0L) {
+ if ((0xf7ffffffefffffffL & l) == 0L) {
break;
}
if (kind > 1) {
diff --git a/src/test/java/org/glassfish/el/test/EscapingTest.java b/src/test/java/org/glassfish/el/test/EscapingTest.java
new file mode 100644
index 0000000..4f78bd7
--- /dev/null
+++ b/src/test/java/org/glassfish/el/test/EscapingTest.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2021 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.el.test;
+
+import javax.el.ELManager;
+import javax.el.ELProcessor;
+import javax.el.ValueExpression;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+
+public class EscapingTest {
+
+ static ELProcessor elp;
+ static ELManager elm;
+
+ public EscapingTest() {
+ }
+
+ @BeforeClass
+ public static void setUpClass() throws Exception {
+ elp = new ELProcessor();
+ elm = elp.getELManager();
+ }
+
+ @Test
+ public void testEscape01() {
+ assertEquals("$2", evaluateExpression("$${1+1}"));
+ assertEquals("$${1+1}", evaluateExpression("$\\${1+1}"));
+ }
+
+ @Test
+ public void testEscape02() {
+ assertEquals("$2", evaluateExpression("$#{1+1}"));
+ assertEquals("$#{1+1}", evaluateExpression("$\\#{1+1}"));
+ }
+
+ @Test
+ public void testEscape03() {
+ assertEquals("#2", evaluateExpression("##{1+1}"));
+ assertEquals("##{1+1}", evaluateExpression("#\\#{1+1}"));
+ }
+
+ @Test
+ public void testEscape04() {
+ assertEquals("#2", evaluateExpression("#${1+1}"));
+ assertEquals("#${1+1}", evaluateExpression("#\\${1+1}"));
+ }
+
+ private String evaluateExpression(String expr) {
+ ValueExpression v = ELManager.getExpressionFactory().createValueExpression(
+ elm.getELContext(), expr, String.class);
+ return (String) v.getValue(elm.getELContext());
+ }
+}
