Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HttpURI.Mutable path changes should clear out any existing path violations before parsing the new path. #12306

Merged
merged 4 commits into from
Sep 30, 2024
Merged

HttpURI.Mutable path changes should clear out any existing path violations before parsing the new path. #12306

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
814024f
HttpURI.Mutable path changes should clear out any existing path viola…
joakime Sep 24, 2024
1681812
Changes from review
joakime Sep 26, 2024
5836808
Using EnumSet
joakime Sep 26, 2024
610ef36
Add missing PATH violations to enumset
joakime Sep 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions jetty-core/jetty-http/src/main/java/org/eclipse/jetty/http/HttpURI.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -994,6 +994,9 @@ public Mutable path(String path)
throw new IllegalArgumentException("Relative path with authority");
if (!URIUtil.isPathValid(path))
throw new IllegalArgumentException("Path not correctly encoded: " + path);
// since we are resetting the path, lets clear out the path specific violations.
if (_violations != null)
_violations.removeIf(UriCompliance::isPathViolation);
_uri = null;
_path = null;
_canonicalPath = null;
Expand All @@ -1016,6 +1019,9 @@ public Mutable pathQuery(String pathQuery)
{
if (hasAuthority() && !isPathValidForAuthority(pathQuery))
throw new IllegalArgumentException("Relative path with authority");
// since we are resetting the path, lets clear out the path specific violations.
if (_violations != null)
_violations.removeIf(UriCompliance::isPathViolation);
_uri = null;
_path = null;
_canonicalPath = null;
Expand Down
15 changes: 15 additions & 0 deletions jetty-core/jetty-http/src/main/java/org/eclipse/jetty/http/UriCompliance.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -352,6 +352,21 @@ public UriCompliance without(String name, Violation... violations)
return new UriCompliance(name, remainder);
}

/**
* Test if violation is referencing a URI path violation.
*
* @param violation the violation to test.
* @return true if violation is a path violation.
*/
public static boolean isPathViolation(UriCompliance.Violation violation)
{
return (violation == Violation.AMBIGUOUS_PATH_PARAMETER) ||
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be an enumset

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It makes the removal of individual items on a collection WAY more complicated and slower.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keep in mind that the usage is _violations.removeIf(UriCompliance::isPathViolation);

As an EnumSet, this would mean a EnumSet.contains() call for every entry in the _violations collection.
Why go to all that complication for a simple comparison.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

EnumSet's are highly optimized for enums with less than 32 values. A contains operation will be a single bitwise operation and null check. OK in this case, it is probably hardly different from 4 == and 3 || operations, but I think the code is also more readable. Also we do other EnumSet comparisons on Violations (e.g. org.eclipse.jetty.http.UriCompliance#AMBIGUOUS_VIOLATIONS) so best to keep the style the same.

    private static final EnumSet<Violation> PATH_VIOLATIONS = Collections.unmodifiableSet(EnumSet.of( 
        Violation.AMBIGUOUS_PATH_SEGMENT,            
        Violation.AMBIGUOUS_PATH_SEPARATOR,
        Violation.AMBIGUOUS_PATH_ENCODING,
        Violation.AMBIGUOUS_EMPTY_SEGMENT));

    // ...
    
    public static boolean isPathViolation(UriCompliance.Violation violation)
    {
        return PATH_VIOLATIONS.contains(violation);
    }

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change to EnumSet pushed.

(violation == Violation.AMBIGUOUS_PATH_SEGMENT) ||
(violation == Violation.AMBIGUOUS_PATH_SEPARATOR) ||
(violation == Violation.AMBIGUOUS_PATH_ENCODING) ||
(violation == Violation.AMBIGUOUS_EMPTY_SEGMENT);
}

@Override
public String toString()
{
Expand Down
78 changes: 66 additions & 12 deletions ...re/jetty-rewrite/src/test/java/org/eclipse/jetty/rewrite/handler/CompactPathRuleTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,18 @@

package org.eclipse.jetty.rewrite.handler;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.Objects;
import java.util.Properties;
import java.util.stream.Stream;

import org.eclipse.jetty.http.HttpStatus;
import org.eclipse.jetty.http.HttpTester;
import org.eclipse.jetty.http.HttpURI;
import org.eclipse.jetty.http.UriCompliance;
import org.eclipse.jetty.io.Content;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Response;
Expand All @@ -36,14 +41,20 @@ public static Stream<Arguments> scenarios()
{
return Stream.of(
// shouldn't change anything
Arguments.of("/foo", null, "/foo", null, "/foo"),
Arguments.of("/", null, "/", null, "/"),
Arguments.of("/foo", null, "/foo", "", "/foo"),
Arguments.of("/", null, "/", "", "/"),
// simple compact path
Arguments.of("////foo", null, "/foo", null, "/foo"),
Arguments.of("////foo", null, "/foo", "", "/foo"),
// with simple query
Arguments.of("//foo//bar", "a=b", "/foo/bar", "a=b", "/foo/bar?a=b"),
// with query that has double slashes (should preserve slashes in query)
Arguments.of("//foo//bar", "a=b//c", "/foo/bar", "a=b//c", "/foo/bar?a=b//c")
Arguments.of("//foo//bar", "a=b//c", "/foo/bar", "a=b//c", "/foo/bar?a=b//c"),
// with ambiguous path parameter
Arguments.of("//foo/..;/bar", "a=b//c", "/bar", "a=b//c", "/bar?a=b//c"),
// with ambiguous path separator (not changed)
Arguments.of("//foo/b%2far", "a=b//c", "/foo/b%2Far", "a=b//c", "/foo/b%2Far?a=b//c"),
// with ambiguous path encoding (not changed)
Arguments.of("//foo/%2562ar", "a=b//c", "/foo/%2562ar", "a=b//c", "/foo/%2562ar?a=b//c")
);
}

Expand All @@ -59,24 +70,67 @@ public void testCompactPathRule(String inputPath, String inputQuery, String expe
@Override
public boolean handle(Request request, Response response, Callback callback)
{
Content.Sink.write(response, true, request.getHttpURI().getPathQuery(), callback);
Properties props = new Properties();
HttpURI httpURI = request.getHttpURI();
props.setProperty("uri.path", of(httpURI.getPath()));
props.setProperty("uri.query", of(httpURI.getQuery()));
props.setProperty("uri.pathQuery", of(httpURI.getPathQuery()));
props.setProperty("uri.hasViolations", of(httpURI.hasViolations()));
props.setProperty("uri.isAmbiguous", of(httpURI.isAmbiguous()));
props.setProperty("uri.hasAmbiguousEmptySegment", of(httpURI.hasAmbiguousEmptySegment()));
props.setProperty("uri.hasAmbiguousEncoding", of(httpURI.hasAmbiguousEncoding()));
props.setProperty("uri.hasAmbiguousParameter", of(httpURI.hasAmbiguousParameter()));
props.setProperty("uri.hasAmbiguousSeparator", of(httpURI.hasAmbiguousSeparator()));
props.setProperty("uri.hasAmbiguousSegment", of(httpURI.hasAmbiguousSegment()));
try (ByteArrayOutputStream out = new ByteArrayOutputStream())
{
props.store(out, "HttpURI State");
response.write(true, ByteBuffer.wrap(out.toByteArray()), callback);
}
catch (IOException e)
{
callback.failed(e);
}
return true;
}

private String of(Object obj)
{
if (obj == null)
return "";
if (obj instanceof Boolean)
return Boolean.toString((Boolean)obj);
return Objects.toString(obj);
}
});


String request = """
GET %s HTTP/1.1
Host: localhost

""".formatted(HttpURI.build().path(inputPath).query(inputQuery));

HttpTester.Response response = HttpTester.parseResponse(_connector.getResponse(request));
System.err.println(response.getReason());
assertEquals(HttpStatus.OK_200, response.getStatus());
HttpURI.Mutable result = HttpURI.build(response.getContent());
assertEquals(expectedPath, result.getPath());
assertEquals(expectedQuery, result.getQuery());
assertEquals(expectedPathQuery, result.getPathQuery());
Properties props = new Properties();
try (ByteArrayInputStream in = new ByteArrayInputStream(response.getContentBytes()))
{
props.load(in);
assertEquals(expectedPath, props.getProperty("uri.path"));
assertEquals(expectedQuery, props.getProperty("uri.query"));
assertEquals(expectedPathQuery, props.getProperty("uri.pathQuery"));

boolean ambiguousPathSep = inputPath.contains("%2f");
boolean ambiguousPathEncoding = inputPath.contains("%25");

assertEquals(Boolean.toString(ambiguousPathSep || ambiguousPathEncoding), props.getProperty("uri.isAmbiguous"));
assertEquals(Boolean.toString(ambiguousPathSep || ambiguousPathEncoding), props.getProperty("uri.hasViolations"));
assertEquals("false", props.getProperty("uri.hasAmbiguousEmptySegment"));
assertEquals(Boolean.toString(ambiguousPathEncoding), props.getProperty("uri.hasAmbiguousEncoding"));
assertEquals("false", props.getProperty("uri.hasAmbiguousParameter"));
assertEquals(Boolean.toString(ambiguousPathSep), props.getProperty("uri.hasAmbiguousSeparator"));
assertEquals("false", props.getProperty("uri.hasAmbiguousSegment"));
}
}
}
Loading