mirror of
				https://github.com/spring-projects/spring-security.git
				synced 2025-10-24 19:28:45 +00:00 
			
		
		
		
	Merge branch '6.3.x'
This commit is contained in:
		
						commit
						cf03f2fed9
					
				| @ -1,5 +1,5 @@ | ||||
| /* | ||||
|  * Copyright 2002-2023 the original author or authors. | ||||
|  * Copyright 2002-2024 the original author or authors. | ||||
|  * | ||||
|  * Licensed under the Apache License, Version 2.0 (the "License"); | ||||
|  * you may not use this file except in compliance with the License. | ||||
| @ -78,6 +78,9 @@ public class CookieRequestCache implements RequestCache { | ||||
| 			return null; | ||||
| 		} | ||||
| 		String originalURI = decodeCookie(savedRequestCookie.getValue()); | ||||
| 		if (originalURI == null) { | ||||
| 			return null; | ||||
| 		} | ||||
| 		UriComponents uriComponents = UriComponentsBuilder.fromUriString(originalURI).build(); | ||||
| 		DefaultSavedRequest.Builder builder = new DefaultSavedRequest.Builder(); | ||||
| 		int port = getPort(uriComponents); | ||||
| @ -127,9 +130,15 @@ public class CookieRequestCache implements RequestCache { | ||||
| 		return Base64.getEncoder().encodeToString(cookieValue.getBytes()); | ||||
| 	} | ||||
| 
 | ||||
| 	private static String decodeCookie(String encodedCookieValue) { | ||||
| 	private String decodeCookie(String encodedCookieValue) { | ||||
| 		try { | ||||
| 			return new String(Base64.getDecoder().decode(encodedCookieValue.getBytes())); | ||||
| 		} | ||||
| 		catch (IllegalArgumentException ex) { | ||||
| 			this.logger.debug("Failed decode cookie value " + encodedCookieValue); | ||||
| 			return null; | ||||
| 		} | ||||
| 	} | ||||
| 
 | ||||
| 	private static String getCookiePath(HttpServletRequest request) { | ||||
| 		String contextPath = request.getContextPath(); | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| /* | ||||
|  * Copyright 2002-2023 the original author or authors. | ||||
|  * Copyright 2002-2024 the original author or authors. | ||||
|  * | ||||
|  * Licensed under the Apache License, Version 2.0 (the "License"); | ||||
|  * you may not use this file except in compliance with the License. | ||||
| @ -229,4 +229,14 @@ public class CookieRequestCacheTests { | ||||
| 		return new String(Base64.getDecoder().decode(encodedCookieValue.getBytes())); | ||||
| 	} | ||||
| 
 | ||||
| 	// gh-15905 | ||||
| 	@Test | ||||
| 	public void illegalCookieValueReturnNull() { | ||||
| 		CookieRequestCache cookieRequestCache = new CookieRequestCache(); | ||||
| 		MockHttpServletRequest request = new MockHttpServletRequest(); | ||||
| 		request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, "123^456")); | ||||
| 		SavedRequest savedRequest = cookieRequestCache.getRequest(request, new MockHttpServletResponse()); | ||||
| 		assertThat(savedRequest).isNull(); | ||||
| 	} | ||||
| 
 | ||||
| } | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user