From 8081dbdc024afdcae925e2582ebbf0a4f6301ad8 Mon Sep 17 00:00:00 2001 From: Oleg Kalnichevski Date: Fri, 3 Jun 2016 19:37:33 +0000 Subject: [PATCH] HTTPCLIENT-1746: improved argument validation in URLEncodedUtils git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1746751 13f79535-47bb-0310-9956-ffa450edef68 --- .../hc/client5/http/fluent/Request.java | 2 +- .../client5/http/utils/URLEncodedUtils.java | 92 +++---------------- .../http/utils/TestURLEncodedUtils.java | 22 ++--- 3 files changed, 24 insertions(+), 92 deletions(-) diff --git a/httpclient5-fluent/src/main/java/org/apache/hc/client5/http/fluent/Request.java b/httpclient5-fluent/src/main/java/org/apache/hc/client5/http/fluent/Request.java index 123e89a31..70c6288a0 100644 --- a/httpclient5-fluent/src/main/java/org/apache/hc/client5/http/fluent/Request.java +++ b/httpclient5-fluent/src/main/java/org/apache/hc/client5/http/fluent/Request.java @@ -315,7 +315,7 @@ public class Request { paramList.add(param); } final ContentType contentType = ContentType.create(URLEncodedUtils.CONTENT_TYPE, charset); - final String s = URLEncodedUtils.format(paramList, charset != null ? charset.name() : null); + final String s = URLEncodedUtils.format(paramList, charset); return bodyString(s, contentType); } diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/utils/URLEncodedUtils.java b/httpclient5/src/main/java/org/apache/hc/client5/http/utils/URLEncodedUtils.java index 6dd56fd2e..5487878de 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/utils/URLEncodedUtils.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/utils/URLEncodedUtils.java @@ -80,13 +80,16 @@ public class URLEncodedUtils { * @param uri * URI to parse * @param charset - * Charset name to use while parsing the query + * Charset to use while parsing the query * @return a list of {@link NameValuePair} as built from the URI's query portion. + * + * @since 4.5 */ - public static List parse(final URI uri, final String charset) { + public static List parse(final URI uri, final Charset charset) { + Args.notNull(uri, "URI"); final String query = uri.getRawQuery(); if (query != null && !query.isEmpty()) { - return parse(query, Charset.forName(charset)); + return parse(query, charset); } return Collections.emptyList(); } @@ -105,6 +108,7 @@ public class URLEncodedUtils { */ public static List parse( final HttpEntity entity) throws IOException { + Args.notNull(entity, "HTTP entity"); final ContentType contentType = ContentType.get(entity); if (contentType == null || !contentType.getMimeType().equalsIgnoreCase(CONTENT_TYPE)) { return Collections.emptyList(); @@ -140,6 +144,7 @@ public class URLEncodedUtils { * {@code application/x-www-form-urlencoded}. */ public static boolean isEncoded(final HttpEntity entity) { + Args.notNull(entity, "HTTP entity"); final ContentType contentType = ContentType.parse(entity.getContentType()); return contentType != null && CONTENT_TYPE.equalsIgnoreCase(contentType.getMimeType()); } @@ -157,6 +162,9 @@ public class URLEncodedUtils { * @since 4.2 */ public static List parse(final String s, final Charset charset) { + if (s == null) { + return Collections.emptyList(); + } final CharArrayBuffer buffer = new CharArrayBuffer(s.length()); buffer.append(s); return parse(buffer, charset, QP_SEP_A, QP_SEP_S); @@ -233,51 +241,6 @@ public class URLEncodedUtils { return list; } - /** - * Returns a String that is suitable for use as an {@code application/x-www-form-urlencoded} - * list of parameters in an HTTP PUT or HTTP POST. - * - * @param parameters The parameters to include. - * @param charset The encoding to use. - * @return An {@code application/x-www-form-urlencoded} string - */ - public static String format( - final List parameters, - final String charset) { - return format(parameters, QP_SEP_A, charset); - } - - /** - * Returns a String that is suitable for use as an {@code application/x-www-form-urlencoded} - * list of parameters in an HTTP PUT or HTTP POST. - * - * @param parameters The parameters to include. - * @param parameterSeparator The parameter separator, by convention, {@code '&'} or {@code ';'}. - * @param charset The encoding to use. - * @return An {@code application/x-www-form-urlencoded} string - * - * @since 4.3 - */ - public static String format( - final List parameters, - final char parameterSeparator, - final String charset) { - final StringBuilder result = new StringBuilder(); - for (final NameValuePair parameter : parameters) { - final String encodedName = encodeFormFields(parameter.getName(), charset); - final String encodedValue = encodeFormFields(parameter.getValue(), charset); - if (result.length() > 0) { - result.append(parameterSeparator); - } - result.append(encodedName); - if (encodedValue != null) { - result.append(NAME_VALUE_SEPARATOR); - result.append(encodedValue); - } - } - return result.toString(); - } - /** * Returns a String that is suitable for use as an {@code application/x-www-form-urlencoded} * list of parameters in an HTTP PUT or HTTP POST. @@ -309,6 +272,7 @@ public class URLEncodedUtils { final Iterable parameters, final char parameterSeparator, final Charset charset) { + Args.notNull(parameters, "Parameters"); final StringBuilder result = new StringBuilder(); for (final NameValuePair parameter : parameters) { final String encodedName = encodeFormFields(parameter.getName(), charset); @@ -499,20 +463,6 @@ public class URLEncodedUtils { return charset.decode(bb).toString(); } - /** - * Decode/unescape www-url-form-encoded content. - * - * @param content the content to decode, will decode '+' as space - * @param charset the charset to use - * @return encoded string - */ - private static String decodeFormFields (final String content, final String charset) { - if (content == null) { - return null; - } - return urlDecode(content, charset != null ? Charset.forName(charset) : StandardCharsets.UTF_8, true); - } - /** * Decode/unescape www-url-form-encoded content. * @@ -527,24 +477,6 @@ public class URLEncodedUtils { return urlDecode(content, charset != null ? charset : StandardCharsets.UTF_8, true); } - /** - * Encode/escape www-url-form-encoded content. - *

- * Uses the {@link #URLENCODER} set of characters, rather than - * the {@link #UNRESERVED} set; this is for compatibilty with previous - * releases, URLEncoder.encode() and most browsers. - * - * @param content the content to encode, will convert space to '+' - * @param charset the charset to use - * @return encoded string - */ - private static String encodeFormFields(final String content, final String charset) { - if (content == null) { - return null; - } - return urlEncode(content, charset != null ? Charset.forName(charset) : StandardCharsets.UTF_8, URLENCODER, true); - } - /** * Encode/escape www-url-form-encoded content. *

diff --git a/httpclient5/src/test/java/org/apache/hc/client5/http/utils/TestURLEncodedUtils.java b/httpclient5/src/test/java/org/apache/hc/client5/http/utils/TestURLEncodedUtils.java index a61ec33f3..08dba3ce1 100644 --- a/httpclient5/src/test/java/org/apache/hc/client5/http/utils/TestURLEncodedUtils.java +++ b/httpclient5/src/test/java/org/apache/hc/client5/http/utils/TestURLEncodedUtils.java @@ -351,46 +351,46 @@ public class TestURLEncodedUtils { @Test public void testFormatString() throws Exception { // as above, using String final List params = new ArrayList<>(); - Assert.assertEquals(0, URLEncodedUtils.format(params, "US-ASCII").length()); + Assert.assertEquals(0, URLEncodedUtils.format(params, StandardCharsets.US_ASCII).length()); params.clear(); params.add(new BasicNameValuePair("Name0", null)); - Assert.assertEquals("Name0", URLEncodedUtils.format(params, "US-ASCII")); + Assert.assertEquals("Name0", URLEncodedUtils.format(params, StandardCharsets.US_ASCII)); params.clear(); params.add(new BasicNameValuePair("Name1", "Value1")); - Assert.assertEquals("Name1=Value1", URLEncodedUtils.format(params, "US-ASCII")); + Assert.assertEquals("Name1=Value1", URLEncodedUtils.format(params, StandardCharsets.US_ASCII)); params.clear(); params.add(new BasicNameValuePair("Name2", "")); - Assert.assertEquals("Name2=", URLEncodedUtils.format(params, "US-ASCII")); + Assert.assertEquals("Name2=", URLEncodedUtils.format(params, StandardCharsets.US_ASCII)); params.clear(); params.add(new BasicNameValuePair("Name4", "Value 4&")); - Assert.assertEquals("Name4=Value+4%26", URLEncodedUtils.format(params, "US-ASCII")); + Assert.assertEquals("Name4=Value+4%26", URLEncodedUtils.format(params, StandardCharsets.US_ASCII)); params.clear(); params.add(new BasicNameValuePair("Name4", "Value+4&")); - Assert.assertEquals("Name4=Value%2B4%26", URLEncodedUtils.format(params, "US-ASCII")); + Assert.assertEquals("Name4=Value%2B4%26", URLEncodedUtils.format(params, StandardCharsets.US_ASCII)); params.clear(); params.add(new BasicNameValuePair("Name4", "Value 4& =4")); - Assert.assertEquals("Name4=Value+4%26+%3D4", URLEncodedUtils.format(params, "US-ASCII")); + Assert.assertEquals("Name4=Value+4%26+%3D4", URLEncodedUtils.format(params, StandardCharsets.US_ASCII)); params.clear(); params.add(new BasicNameValuePair("Name5", "aaa")); params.add(new BasicNameValuePair("Name6", "bbb")); - Assert.assertEquals("Name5=aaa&Name6=bbb", URLEncodedUtils.format(params, "US-ASCII")); + Assert.assertEquals("Name5=aaa&Name6=bbb", URLEncodedUtils.format(params, StandardCharsets.US_ASCII)); params.clear(); params.add(new BasicNameValuePair("Name7", "aaa")); params.add(new BasicNameValuePair("Name7", "b,b")); params.add(new BasicNameValuePair("Name7", "ccc")); - Assert.assertEquals("Name7=aaa&Name7=b%2Cb&Name7=ccc", URLEncodedUtils.format(params, "US-ASCII")); + Assert.assertEquals("Name7=aaa&Name7=b%2Cb&Name7=ccc", URLEncodedUtils.format(params, StandardCharsets.US_ASCII)); params.clear(); params.add(new BasicNameValuePair("Name8", "xx, yy ,zz")); - Assert.assertEquals("Name8=xx%2C++yy++%2Czz", URLEncodedUtils.format(params, "US-ASCII")); + Assert.assertEquals("Name8=xx%2C++yy++%2Czz", URLEncodedUtils.format(params, StandardCharsets.US_ASCII)); } private List parse (final String params) { @@ -398,7 +398,7 @@ public class TestURLEncodedUtils { } private List parseString (final String uri) throws Exception { - return URLEncodedUtils.parse(new URI("?"+uri), "UTF-8"); + return URLEncodedUtils.parse(new URI("?"+uri), StandardCharsets.UTF_8); } private static void assertNameValuePair (