decode the request uri and validate that

2012-11-29 11:23:16 -06:00 · 2012-11-29 11:23:16 -06:00 · 51bb01e14b
parent a5081abc55
commit 51bb01e14b
2 changed files with 21 additions and 7 deletions
--- a/jetty-rewrite/src/main/java/org/eclipse/jetty/rewrite/handler/ValidUrlRule.java
+++ b/jetty-rewrite/src/main/java/org/eclipse/jetty/rewrite/handler/ValidUrlRule.java
@ -23,6 +23,8 @@ import java.io.IOException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.eclipse.jetty.util.URIUtil;
 public class ValidUrlRule extends Rule
 {
    String _code = "400";
@ -60,11 +62,12 @@ public class ValidUrlRule extends Rule
    @Override
    public String matchAndApply(String target, HttpServletRequest request, HttpServletResponse response) throws IOException
    {
-        String uri = request.getRequestURI();
+        // best to decide the request uri and validate that
        String uri = URIUtil.decodePath(request.getRequestURI());
        for (int i = 0; i < uri.length(); ++i)
        {
-            if (!isPrintableChar(uri.charAt(i)))
+            if (!isValidChar(uri.charAt(i)))
            {
                int code = Integer.parseInt(_code);
@ -85,7 +88,7 @@ public class ValidUrlRule extends Rule
        return null;
    }
-    protected boolean isPrintableChar(char c)
+    protected boolean isValidChar(char c)
    {
        Character.UnicodeBlock block = Character.UnicodeBlock.of(c);
--- a/jetty-rewrite/src/test/java/org/eclipse/jetty/rewrite/handler/ValidUrlRuleTest.java
+++ b/jetty-rewrite/src/test/java/org/eclipse/jetty/rewrite/handler/ValidUrlRuleTest.java
@ -50,7 +50,18 @@ public class ValidUrlRuleTest extends AbstractRuleTestCase
    public void testInvalidUrl() throws Exception
    {
        _rule.setCode("404");
-        _request.setRequestURI("/invalid\u000c/uri.html");
+        _request.setRequestURI("/invalid%0c/uri.html");
        String result = _rule.matchAndApply(_request.getRequestURI(), _request, _response);
        assertEquals(404,_response.getStatus());
    }
    @Test
    public void testInvalidUrl2() throws Exception
    {
        _rule.setCode("404");
        _request.setRequestURI("/%00/");
        String result = _rule.matchAndApply(_request.getRequestURI(), _request, _response);
@ -61,9 +72,9 @@ public class ValidUrlRuleTest extends AbstractRuleTestCase
    public void testCharacters() throws Exception
    {
        // space
-        Assert.assertTrue( _rule.isPrintableChar("\u0020".charAt(0)));
+        Assert.assertTrue( _rule.isValidChar("\u0020".charAt(0)));
        // form feed
-        Assert.assertFalse( _rule.isPrintableChar("\u000c".charAt(0)));
+        Assert.assertFalse( _rule.isValidChar("\u000c".charAt(0)));
    }
 }