CXF-8698: Use fallback domain in case parsed is not alphanumeric

(cherry picked from commit a75bc16) (cherry picked from commit 1e6dc65)
apache · Dec 7, 2022 · b31b23c · b31b23c
1 parent b25906e
commit b31b23c
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 11 deletions.
diff --git a/core/src/main/java/org/apache/cxf/attachment/AttachmentUtil.java b/core/src/main/java/org/apache/cxf/attachment/AttachmentUtil.java
@@ -45,6 +45,7 @@
 import java.util.UUID;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.logging.Logger;
+import java.util.regex.Pattern;
 
 import javax.activation.CommandInfo;
 import javax.activation.CommandMap;
@@ -81,8 +82,15 @@ public final class AttachmentUtil {
     private static final Random BOUND_RANDOM = new Random();
     private static final CommandMap DEFAULT_COMMAND_MAP = CommandMap.getDefaultCommandMap();
     private static final MailcapCommandMap COMMAND_MAP = new EnhancedMailcapCommandMap();
-
-
+
+    /**
+     * Yet <a href="https://datatracker.ietf.org/doc/html/rfc822#appendix-D">RFC-822 Appendix D (ALPHABETICAL LISTING OF SYNTAX RULES)</a>
+     * allows more characters in domain-literal,
+     * this regex is valid to check that the parsed domain is compliant,
+     * although it is stricter
+     */
+    private static final Pattern ALPHA_NUMERIC_DOMAIN_PATTERN = Pattern.compile("^\\w+(\\.\\w+)*$");
+
     static final class EnhancedMailcapCommandMap extends MailcapCommandMap {
         @Override
         public synchronized DataContentHandler createDataContentHandler(
@@ -256,22 +264,27 @@ public static String createContentID(String ns) {
         // tend to change
         String cid = "cxf.apache.org";
         if (ns != null && !ns.isEmpty()) {
+            if (isAlphaNumericDomain(ns)) {
+                cid = ns;
+            }
             try {
                 URI uri = new URI(ns);
                 String host = uri.getHost();
-                if (host != null) {
+                if (host != null && isAlphaNumericDomain(host)) {
                     cid = host;
-                } else {
-                    cid = ns;
                 }
             } catch (Exception e) {
-                cid = ns;
+                // Could not parse domain => use fallback value
             }
         }
         return ATT_UUID + '-' + Integer.toString(COUNTER.incrementAndGet()) + '@'
             + URLEncoder.encode(cid, StandardCharsets.UTF_8);
     }
 
+    private static boolean isAlphaNumericDomain(String string) {
+        return ALPHA_NUMERIC_DOMAIN_PATTERN.matcher(string).matches();
+    }
+
     public static String getUniqueBoundaryValue() {
         //generate a random UUID.
         //we don't need the cryptographically secure random uuid that

diff --git a/core/src/test/java/org/apache/cxf/attachment/AttachmentUtilTest.java b/core/src/test/java/org/apache/cxf/attachment/AttachmentUtilTest.java
@@ -40,6 +40,10 @@
 
 public class AttachmentUtilTest {
 
+    // Yet RFC822 allows more characters in domain-literal,
+    // this regex is enough to check that the fallback domain is compliant
+    public static final String CONTENT_ID_WITH_ALPHA_NUMERIC_DOMAIN_PATTERN = ".+@\\w+(\\.\\w+)*";
+
     @Test
     public void testContendDispositionFileNameNoQuotes() {
         assertEquals("a.txt",
@@ -141,9 +145,7 @@ public void testCreateContentID() throws Exception {
     public void testCreateContentIDWithNullDomainNamePassed() {
         String actual = AttachmentUtil.createContentID(null);
 
-        // Yet RFC822 allows more characters in domain-literal,
-        // this regex is enough to check that the fallback domain is compliant
-        assertThat(actual, matchesPattern(".+@\\w+(\\.\\w+)*"));
+        assertThat(actual, matchesPattern(CONTENT_ID_WITH_ALPHA_NUMERIC_DOMAIN_PATTERN));
     }
 
     @Test
@@ -176,14 +178,13 @@ public void testCreateContentIDWithIPv4BasedUrlPassed() {
     }
 
     @Test
-    @Ignore //TODO:8698 Content-Id should contain valid domain, but IPv6 input results in URL-encoded string
     public void testCreateContentIDWithIPv6BasedUrlPassed() {
         String domain = "[2001:0db8:11a3:09d7:1f34:8a2e:07a0:765d]";
         String url = "http://" + domain + "/a/b/c";
 
         String actual = AttachmentUtil.createContentID(url);
 
-        assertThat(actual, endsWith("@" + domain));
+        assertThat(actual, matchesPattern(CONTENT_ID_WITH_ALPHA_NUMERIC_DOMAIN_PATTERN));
     }
 
     private CachedOutputStream testSetStreamedAttachmentProperties(final String property, final Object value)