Fix obvious matching error with prefix and suffix predicates.

Restore regexp matching capability when parsing a single expression. This allows regular expressions with MIME matching.
apache · Jan 11, 2024 · 48beb65 · 48beb65
1 parent 5e1e5b2
commit 48beb65
Showing 1 changed file with 19 additions and 2 deletions.
diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
@@ -202,11 +202,19 @@ protected static Predicate<String> createNoNoncePredicate(ServletContext context
             return new SuffixPredicate(pattern.substring(1));
         } else if (pattern.endsWith("*")) {
             return new PrefixPredicate(pattern.substring(0, pattern.length() - 1));
+        } else if (pattern.startsWith("/") && pattern.endsWith("/")) {
+            return new PatternPredicate(pattern.substring(1, pattern.length() - 1));
         } else {
             throw new IllegalArgumentException("Unsupported pattern: " + pattern);
         }
     }
 
+    /**
+     * A no-nonce Predicate that evaluates a MIME type instead of a URL.
+     *
+     * It can be used with any other Predicate for matching
+     * the actual value of the MIME type.
+     */
     protected static class MimePredicate implements Predicate<String> {
         private final ServletContext context;
         private final Predicate<String> predicate;
@@ -224,6 +232,9 @@ public boolean test(String t) {
         }
     }
 
+    /**
+     * A no-nonce Predicate that matches a prefix.
+     */
     protected static class PrefixPredicate implements Predicate<String> {
         private final String prefix;
         public PrefixPredicate(String prefix) {
@@ -232,10 +243,13 @@ public PrefixPredicate(String prefix) {
 
         @Override
         public boolean test(String t) {
-            return t.endsWith(this.prefix);
+            return t.startsWith(this.prefix);
         }
     }
 
+    /**
+     * A no-nonce Predicate that matches a suffix.
+     */
     protected static class SuffixPredicate implements Predicate<String> {
         private final String suffix;
         public SuffixPredicate(String suffix) {
@@ -244,10 +258,13 @@ public SuffixPredicate(String suffix) {
 
         @Override
         public boolean test(String t) {
-            return t.startsWith(this.suffix);
+            return t.endsWith(this.suffix);
         }
     }
 
+    /**
+     * A no-nonce Predicate that matches a regular expression.
+     */
     protected static class PatternPredicate implements Predicate<String> {
         private final Pattern pattern;