SandboxGuard.java

package net.java.dev.weblets.impl.misc;

import net.java.dev.weblets.WebletRequest;

/**
 * A security enabler to jail our resources so that no request can break out of our jailed paths!
 * 
 */
public class SandboxGuard {
	/**
	 * we can jail our resources by blocking requests which try to break through our resource root
	 * 
	 * @param origResourcePath
	 *            the original resource path which will be checked for futile patterns
	 * 
	 * @return true in case of a detected jailbreak false if not
	 */
	public static boolean isJailBreak(String origResourcePath) {
		origResourcePath = origResourcePath.trim();
		int startSubstr = 0;
		int endSubstr = origResourcePath.length();
		if (origResourcePath.startsWith("/"))
			startSubstr++;
		if (origResourcePath.endsWith("/"))
			endSubstr--;
		if (startSubstr < endSubstr)
			origResourcePath = origResourcePath.substring(startSubstr, endSubstr);
		String[] elements = origResourcePath.split("/");
		int nonBackpath = 0;
		int backPath = 0;
		int interimbreak = 1;
		int len = elements.length;
		for (int cnt = 0; cnt < len; cnt++) {
			// check for empty values and double quotes
			// TODO empty value security check investigate what it does pathwise
			String pathEntry = elements[cnt].trim();
			if (pathEntry.equals(".")) {
				// do nothing this is a zeroconf entry
			} else if (pathEntry.equals("..")) {
				backPath++;
				interimbreak--;
			} else {
				nonBackpath++;
				interimbreak++;
			}
			if (interimbreak == 0)
				return true;
			/*
			 * we stepped out of our given root this is a clear break you can jump into a sidedir that way
			 */
		}
		return nonBackpath <= backPath;
	}
}