Further limit allowed characters in file path (#686)

* Further limit allowed characters in file path * Apply suggestions from code review Co-authored-by: Zbynek Konecny <zbynek1729@gmail.com> --------- Co-authored-by: Daniel Beck <daniel-beck@users.noreply.github.com> Co-authored-by: Zbynek Konecny <zbynek1729@gmail.com>
jenkins-infra · Mar 8, 2024 · 60ea5ad · 60ea5ad
1 parent 2297112
commit 60ea5ad
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/src/main/java/io/jenkins/update_center/ArtifactoryRepositoryImpl.java b/src/main/java/io/jenkins/update_center/ArtifactoryRepositoryImpl.java
@@ -79,15 +79,20 @@ protected Set<ArtifactCoordinates> listAllJenkinsWars(String groupId) throws IOE
     }
 
     private static boolean containsIllegalChars(String test) {
-        return !test.chars().allMatch(c -> c >= 0x2B && c < 0x7B);
+        return !test.chars().allMatch(c ->
+                c >= '0' && c <= '9'
+                || c >= 'A' && c <= 'Z'
+                || c >= 'a' && c <= 'z'
+                || c == '+' || c == '-' || c == '.' || c == '/' || c == '_'
+        );
     }
 
     private static ArtifactCoordinates toGav(JsonFile f) {
         String fileName = f.name;
         String path = f.path;
 
         if (containsIllegalChars(fileName) || containsIllegalChars(path)) {
-            LOGGER.log(Level.INFO, "Not only printable ascii: " + f.path + " / " + f.name);
+            LOGGER.log(Level.INFO, "Characters outside allowed set: " + f.path + " / " + f.name);
             return null;
         }