Eclipse/jetty.project
1
0
Fork 0
mirror of https://github.com/jetty/jetty.project.git synced 2025-02-28 19:09:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

[Bug 397190] improve ValidUrlRule to iterate on codepoints

Browse Source
This commit is contained in:
Jesse McConnell 2012-12-27 13:26:34 -03:00
parent f0a9930693
commit 525aa8b208
2 changed files with 58 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
jetty-rewrite/src/main/java/org/eclipse/jetty/rewrite/handler/ValidUrlRule.java
View File

@ -24,6 +24,8 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.util.URIUtil;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
/**
* This rule can be used to protect against invalid unicode characters in a url making it into applications.
@ -36,6 +38,8 @@ import org.eclipse.jetty.util.URIUtil;
*/
public class ValidUrlRule extends Rule
{
private static final Logger LOG = Log.getLogger(ValidUrlRule.class);
String _code = "400";
String _reason = "Illegal Url";
@ -72,12 +76,16 @@ public class ValidUrlRule extends Rule
public String matchAndApply(String target, HttpServletRequest request, HttpServletResponse response) throws IOException
{
// best to decide the request uri and validate that
// String uri = request.getRequestURI();
String uri = URIUtil.decodePath(request.getRequestURI());
for (int i = 0; i < uri.length(); ++i)
for (int i = 0; i < uri.length();)
{
if (!isValidChar(uri.charAt(i)))
int codepoint = uri.codePointAt(i);
if (!isValidChar(uri.codePointAt(i)))
{
int code = Integer.parseInt(_code);
// status code 400 and up are error codes so include a reason
@ -93,17 +101,20 @@ public class ValidUrlRule extends Rule
// we have matched, return target and consider it is handled
return target;
}
i += Character.charCount(codepoint);
}
// we have not matched so return null
return null;
}
protected boolean isValidChar(char c)
protected boolean isValidChar(int codepoint)
{
Character.UnicodeBlock block = Character.UnicodeBlock.of(c);
Character.UnicodeBlock block = Character.UnicodeBlock.of(codepoint);
return (!Character.isISOControl(c)) && block != null && block != Character.UnicodeBlock.SPECIALS;
LOG.debug("{} {} {} {}", Character.charCount(codepoint), codepoint, block, Character.isISOControl(codepoint));
return (!Character.isISOControl(codepoint)) && block != null && block != Character.UnicodeBlock.SPECIALS;
}
public String toString()

41
jetty-rewrite/src/test/java/org/eclipse/jetty/rewrite/handler/ValidUrlRuleTest.java
View File

@ -22,6 +22,7 @@ import static org.junit.Assert.assertEquals;
import junit.framework.Assert;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
public class ValidUrlRuleTest extends AbstractRuleTestCase
@ -70,6 +71,46 @@ public class ValidUrlRuleTest extends AbstractRuleTestCase
assertEquals("foo",_response.getReason());
}
@Test
public void testInvalidJsp() throws Exception
{
_rule.setCode("405");
_rule.setReason("foo");
_request.setRequestURI("/jsp/bean1.jsp%00");
String result = _rule.matchAndApply(_request.getRequestURI(), _request, _response);
assertEquals(405,_response.getStatus());
assertEquals("foo",_response.getReason());
}
@Test
public void testInvalidShamrock() throws Exception
{
_rule.setCode("405");
_rule.setReason("foo");
_request.setRequestURI("/jsp/shamrock-%002618.jsp");
String result = _rule.matchAndApply(_request.getRequestURI(), _request, _response);
assertEquals(405,_response.getStatus());
assertEquals("foo",_response.getReason());
}
@Ignore("Not passing (yet), issue in uri decoding")
@Test
public void testValidShamrock() throws Exception
{
_rule.setCode("405");
_rule.setReason("foo");
_request.setRequestURI("/jsp/shamrock-%00%E2%98%98.jsp");
String result = _rule.matchAndApply(_request.getRequestURI(), _request, _response);
assertEquals(200,_response.getStatus());
}
@Test
public void testCharacters() throws Exception
{