From 525aa8b2080750ae0c15715c4ec163418798950b Mon Sep 17 00:00:00 2001
From: Jesse McConnell <jesse.mcconnell@gmail.com>
Date: Thu, 27 Dec 2012 13:26:34 -0300
Subject: [PATCH] [Bug 397190] improve ValidUrlRule to iterate on codepoints

---
 .../jetty/rewrite/handler/ValidUrlRule.java   | 23 ++++++++---
 .../rewrite/handler/ValidUrlRuleTest.java     | 41 +++++++++++++++++++
 2 files changed, 58 insertions(+), 6 deletions(-)

diff --git a/jetty-rewrite/src/main/java/org/eclipse/jetty/rewrite/handler/ValidUrlRule.java b/jetty-rewrite/src/main/java/org/eclipse/jetty/rewrite/handler/ValidUrlRule.java
index 688859a2adf..100ddd94498 100644
--- a/jetty-rewrite/src/main/java/org/eclipse/jetty/rewrite/handler/ValidUrlRule.java
+++ b/jetty-rewrite/src/main/java/org/eclipse/jetty/rewrite/handler/ValidUrlRule.java
@@ -24,6 +24,8 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.eclipse.jetty.util.URIUtil;
+import org.eclipse.jetty.util.log.Log;
+import org.eclipse.jetty.util.log.Logger;
 
 /**
  * This rule can be used to protect against invalid unicode characters in a url making it into applications.
@@ -36,6 +38,8 @@ import org.eclipse.jetty.util.URIUtil;
  */
 public class ValidUrlRule extends Rule
 {
+    private static final Logger LOG = Log.getLogger(ValidUrlRule.class);
+
     String _code = "400";
     String _reason = "Illegal Url";
     
@@ -72,12 +76,16 @@ public class ValidUrlRule extends Rule
     public String matchAndApply(String target, HttpServletRequest request, HttpServletResponse response) throws IOException
     {
         // best to decide the request uri and validate that
+        // String uri = request.getRequestURI();
         String uri = URIUtil.decodePath(request.getRequestURI());
-        
-        for (int i = 0; i < uri.length(); ++i)
+
+        for (int i = 0; i < uri.length();)
         {
-            if (!isValidChar(uri.charAt(i)))
+            int codepoint = uri.codePointAt(i);
+
+            if (!isValidChar(uri.codePointAt(i)))
             {
+
                 int code = Integer.parseInt(_code);
 
                 // status code 400 and up are error codes so include a reason
@@ -93,17 +101,20 @@ public class ValidUrlRule extends Rule
                 // we have matched, return target and consider it is handled
                 return target;
             }
+            i += Character.charCount(codepoint);
         }
 
         // we have not matched so return null
         return null;
     }
 
-    protected boolean isValidChar(char c)
+    protected boolean isValidChar(int codepoint)
     {
-        Character.UnicodeBlock block = Character.UnicodeBlock.of(c);
+        Character.UnicodeBlock block = Character.UnicodeBlock.of(codepoint);
         
-        return (!Character.isISOControl(c)) && block != null && block != Character.UnicodeBlock.SPECIALS;
+        LOG.debug("{} {} {} {}", Character.charCount(codepoint), codepoint, block, Character.isISOControl(codepoint));
+        
+        return (!Character.isISOControl(codepoint)) && block != null && block != Character.UnicodeBlock.SPECIALS;       
     }
 
     public String toString()
diff --git a/jetty-rewrite/src/test/java/org/eclipse/jetty/rewrite/handler/ValidUrlRuleTest.java b/jetty-rewrite/src/test/java/org/eclipse/jetty/rewrite/handler/ValidUrlRuleTest.java
index 1ba760721a3..93618c54940 100644
--- a/jetty-rewrite/src/test/java/org/eclipse/jetty/rewrite/handler/ValidUrlRuleTest.java
+++ b/jetty-rewrite/src/test/java/org/eclipse/jetty/rewrite/handler/ValidUrlRuleTest.java
@@ -22,6 +22,7 @@ import static org.junit.Assert.assertEquals;
 import junit.framework.Assert;
 
 import org.junit.Before;
+import org.junit.Ignore;
 import org.junit.Test;
 
 public class ValidUrlRuleTest extends AbstractRuleTestCase
@@ -70,6 +71,46 @@ public class ValidUrlRuleTest extends AbstractRuleTestCase
         assertEquals("foo",_response.getReason());
     }
     
+    @Test
+    public void testInvalidJsp() throws Exception
+    {
+        _rule.setCode("405");
+        _rule.setReason("foo");
+        _request.setRequestURI("/jsp/bean1.jsp%00");
+        
+        String result = _rule.matchAndApply(_request.getRequestURI(), _request, _response);
+
+        assertEquals(405,_response.getStatus());
+        assertEquals("foo",_response.getReason());
+    }
+    
+    @Test
+    public void testInvalidShamrock() throws Exception
+    {
+        _rule.setCode("405");
+        _rule.setReason("foo");
+        _request.setRequestURI("/jsp/shamrock-%002618.jsp");
+        
+        String result = _rule.matchAndApply(_request.getRequestURI(), _request, _response);
+
+        assertEquals(405,_response.getStatus());
+        assertEquals("foo",_response.getReason());
+    }
+
+    @Ignore("Not passing (yet), issue in uri decoding")
+    @Test
+    public void testValidShamrock() throws Exception
+    {
+        _rule.setCode("405");
+        _rule.setReason("foo");
+        _request.setRequestURI("/jsp/shamrock-%00%E2%98%98.jsp");
+        
+        String result = _rule.matchAndApply(_request.getRequestURI(), _request, _response);
+
+        assertEquals(200,_response.getStatus());
+    }
+
+    
     @Test
     public void testCharacters() throws Exception
     {