Fixed: IndexOutOfBoundsException on Entity Import (OFBIZ-12273)

JacquesLeRoux · JacquesLeRoux · commit 0effce0c7b07 · 2021-07-03T19:24:08.000+02:00
I get an IndexOutOfBoundsException when using the EntityImport.

The problem occurs while having a resemblance of an url in the data.
For example
screenPath="component://... is interpreted as url because of '://'
but doesn't match a valid url pattern.

jleroux: I decided to keep it simple and to take the "component://" and the
"https://localhost" cases apart. I see no reasons to fear "https://localhost"
there. It should be only used in a safe dev env.

Thanks: Sebastian Berg and Nicolas Malin for report
diff --git a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
@@ -415,7 +415,7 @@ public static Map<String, Object> canonicalizeParameterMap(Map<String, Object> p
                             params = params + s + " ";
                         } else if (UtilValidate.isUrl(s) && !s.isEmpty()) {
                             // if the string contains not only an URL => concatenate possible canonicalized before and after, w/o changing the URL
-                            String url = extractUrls(s).get(0); // THere should be only 1 URL in a block, makes no sense else
+                            String url = extractUrls(s).get(0); // There should be only 1 URL in a block, makes no sense else
                             int start = s.indexOf(url);
                             String after = (String) s.subSequence(start + url.length(), s.length());
                             params = params + canonicalizeParameter((String) s.subSequence(0, start)) + url + canonicalizeParameter(after) + " ";
@@ -1736,9 +1736,15 @@ public static List<String> extractUrls(String input) {
                         + "([-\\w~!$+|.,*:=]|%[a-f\\d]{2})*)*)*"
                         + "(#([-\\w~!$+|.,*:=]|%[a-f\\d]{2})*)?\\b");
 
-        Matcher matcher = pattern.matcher(input);
-        while (matcher.find()) {
-            result.add(matcher.group());
+        if (input.contains("component://")
+                || input.contains("https://localhost") // We consider localhost a safe dev env
+                || input.contains("https://127.0.0.1")) {
+            result.add(input);
+        } else {
+            Matcher matcher = pattern.matcher(input);
+            while (matcher.find()) {
+                result.add(matcher.group());
+            }
         }
 
         return result;
