From a2d516d526b482c5824429480963dc92eb2fcd2f Mon Sep 17 00:00:00 2001 From: Rossen Stoyanchev Date: Mon, 8 Jun 2020 21:19:10 +0100 Subject: [PATCH] Replace "whitelist" with alternative words --- .../core/ReactiveAdapterRegistry.java | 2 +- .../accept/ContentNegotiationManagerFactoryBean.java | 2 +- .../annotation/ContentNegotiationConfigurer.java | 6 +++--- .../AbstractMessageConverterMethodProcessor.java | 12 ++++++------ .../RequestResponseBodyMethodProcessorTests.java | 4 ++-- src/docs/asciidoc/web/webmvc.adoc | 8 ++++---- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/spring-core/src/main/java/org/springframework/core/ReactiveAdapterRegistry.java b/spring-core/src/main/java/org/springframework/core/ReactiveAdapterRegistry.java index ab205a8f085..f3a770163e9 100644 --- a/spring-core/src/main/java/org/springframework/core/ReactiveAdapterRegistry.java +++ b/spring-core/src/main/java/org/springframework/core/ReactiveAdapterRegistry.java @@ -361,7 +361,7 @@ public class ReactiveAdapterRegistry { /** * {@code BlockHoundIntegration} for spring-core classes. - *

Whitelists the following: + *

Explicitly allow the following: *

* @param mediaTypes media type mappings diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/config/annotation/ContentNegotiationConfigurer.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/config/annotation/ContentNegotiationConfigurer.java index 91217a1d5d2..9a12d1f4487 100644 --- a/spring-webmvc/src/main/java/org/springframework/web/servlet/config/annotation/ContentNegotiationConfigurer.java +++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/config/annotation/ContentNegotiationConfigurer.java @@ -146,9 +146,9 @@ public class ContentNegotiationConfigurer { * Add a mapping from a key, extracted from a path extension or a query * parameter, to a MediaType. This is required in order for the parameter * strategy to work. Any extensions explicitly registered here are also - * whitelisted for the purpose of Reflected File Download attack detection - * (see Spring Framework reference documentation for more details on RFD - * attack protection). + * treated as safe for the purpose of Reflected File Download attack + * detection (see Spring Framework reference documentation for more details + * on RFD attack protection). *

The path extension strategy will also try to use * {@link ServletContext#getMimeType} and {@link MediaTypeFactory} to resolve path * extensions. To change this behavior see the {@link #useRegisteredExtensionsOnly} property. diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/AbstractMessageConverterMethodProcessor.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/AbstractMessageConverterMethodProcessor.java index 4e83bab4f83..dbda3378dfd 100644 --- a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/AbstractMessageConverterMethodProcessor.java +++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/AbstractMessageConverterMethodProcessor.java @@ -76,12 +76,12 @@ public abstract class AbstractMessageConverterMethodProcessor extends AbstractMe implements HandlerMethodReturnValueHandler { /* Extensions associated with the built-in message converters */ - private static final Set WHITELISTED_EXTENSIONS = new HashSet<>(Arrays.asList( + private static final Set SAFE_EXTENSIONS = new HashSet<>(Arrays.asList( "txt", "text", "yml", "properties", "csv", "json", "xml", "atom", "rss", "png", "jpe", "jpeg", "jpg", "gif", "wbmp", "bmp")); - private static final Set WHITELISTED_MEDIA_BASE_TYPES = new HashSet<>( + private static final Set SAFE_MEDIA_BASE_TYPES = new HashSet<>( Arrays.asList("audio", "image", "video")); private static final List ALL_APPLICATION_MEDIA_TYPES = @@ -133,7 +133,7 @@ public abstract class AbstractMessageConverterMethodProcessor extends AbstractMe this.contentNegotiationManager = (manager != null ? manager : new ContentNegotiationManager()); this.safeExtensions.addAll(this.contentNegotiationManager.getAllFileExtensions()); - this.safeExtensions.addAll(WHITELISTED_EXTENSIONS); + this.safeExtensions.addAll(SAFE_EXTENSIONS); } @@ -406,8 +406,8 @@ public abstract class AbstractMessageConverterMethodProcessor extends AbstractMe } /** - * Check if the path has a file extension and whether the extension is - * either {@link #WHITELISTED_EXTENSIONS whitelisted} or explicitly + * Check if the path has a file extension and whether the extension is either + * on the list of {@link #SAFE_EXTENSIONS safe extensions} or explicitly * {@link ContentNegotiationManager#getAllFileExtensions() registered}. * If not, and the status is in the 2xx range, a 'Content-Disposition' * header with a safe attachment file name ("f.txt") is added to prevent @@ -491,7 +491,7 @@ public abstract class AbstractMessageConverterMethodProcessor extends AbstractMe } private boolean safeMediaType(MediaType mediaType) { - return (WHITELISTED_MEDIA_BASE_TYPES.contains(mediaType.getType()) || + return (SAFE_MEDIA_BASE_TYPES.contains(mediaType.getType()) || mediaType.getSubtype().endsWith("+xml")); } diff --git a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/RequestResponseBodyMethodProcessorTests.java b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/RequestResponseBodyMethodProcessorTests.java index 54ce6fd5055..0e5ef25cd70 100644 --- a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/RequestResponseBodyMethodProcessorTests.java +++ b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/RequestResponseBodyMethodProcessorTests.java @@ -380,7 +380,7 @@ public class RequestResponseBodyMethodProcessorTests { Collections.singletonList(new StringHttpMessageConverter()), factory.getObject()); - assertContentDisposition(processor, false, "/hello.json", "whitelisted extension"); + assertContentDisposition(processor, false, "/hello.json", "safe extension"); assertContentDisposition(processor, false, "/hello.pdf", "registered extension"); assertContentDisposition(processor, true, "/hello.dataless", "unknown extension"); @@ -388,7 +388,7 @@ public class RequestResponseBodyMethodProcessorTests { assertContentDisposition(processor, false, "/hello.json;a=b", "path param shouldn't cause issue"); assertContentDisposition(processor, true, "/hello.json;a=b;setup.dataless", "unknown ext in path params"); assertContentDisposition(processor, true, "/hello.dataless;a=b;setup.json", "unknown ext in filename"); - assertContentDisposition(processor, false, "/hello.json;a=b;setup.json", "whitelisted extensions"); + assertContentDisposition(processor, false, "/hello.json;a=b;setup.json", "safe extensions"); // encoded dot assertContentDisposition(processor, true, "/hello%2Edataless;a=b;setup.json", "encoded dot in filename"); diff --git a/src/docs/asciidoc/web/webmvc.adoc b/src/docs/asciidoc/web/webmvc.adoc index 0a759081440..ff1a441fa37 100644 --- a/src/docs/asciidoc/web/webmvc.adoc +++ b/src/docs/asciidoc/web/webmvc.adoc @@ -1737,11 +1737,11 @@ lower the risk but are not sufficient to prevent RFD attacks. To prevent RFD attacks, prior to rendering the response body, Spring MVC adds a `Content-Disposition:inline;filename=f.txt` header to suggest a fixed and safe download -file. This is done only if the URL path contains a file extension that is neither whitelisted -nor explicitly registered for content negotiation. However, it can potentially have -side effects when URLs are typed directly into a browser. +file. This is done only if the URL path contains a file extension that is neither +allowed as safe nor explicitly registered for content negotiation. However, it can +potentially have side effects when URLs are typed directly into a browser. -Many common path extensions are whitelisted by default. Applications with custom +Many common path extensions are allowed as safe by default. Applications with custom `HttpMessageConverter` implementations can explicitly register file extensions for content negotiation to avoid having a `Content-Disposition` header added for those extensions. See <>.