JETTY-1129 Filter control characters out of StdErrLog

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@991 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Greg Wilkins 2009-10-15 19:04:48 +00:00
parent 9583051709
commit b5d16898e5
4 changed files with 203 additions and 34 deletions

View File

@ -13,6 +13,7 @@ jetty-7.0.1-SNAPSHOT
+ JETTY-937 More JVM bug work arounds. Insert pause if all else fails
+ JETTY-1114 unsynchronised WebAppClassloader.getResource(String)
+ JETTY-1122 Handle multi-byte utf that causes buffer overflow
+ JETTY-1129 Filter control characters out of StdErrLog
+ Fixed XSS issue in CookieDump demo servlet.
+ 291019 Fix default DEBUG option; "-D.DEBUG=true" now works
+ 291340 Race condition in onException() notifications
@ -22,6 +23,36 @@ jetty-7.0.1-SNAPSHOT
jetty-7.0.0.v20091005 5 October 2009
291340 Race condition in onException() notifications
jetty-6.1.21 22 September 2009
+ JETTY-719 Document state machine of jetty http client
+ JETTY-933 State == HEADER in client
+ JETTY-936 Improved servlet matching and optimized
+ JETTY-1038 ChannelId.isParentOf returns the wrong result
+ JETTY-1061 Catch exceptions from cometd listeners
+ JETTY-1072 maven plugin handles context path not as documented
+ JETTY-1080 modified previous fix for windows
+ JETTY-1084 HEAD command not setting content-type in response under certain circumstances
+ JETTY-1090 resolve inifinte loop condition for webdav listener
+ JETTY-1092 MultiPartFilter can be pushed into infinite loop
+ JETTY-1093 Request.toString throws exception when size exceeds 4k
+ JETTY-1098 Default form encoding is UTF8
+ JETTY-1099 Improve cookie handling in BayeuxClient
+ JETTY-1100 extend setuid feature to allow setting max open file descriptors
+ JETTY-1102 Wrong usage of deliver() in private chat messages
+ JETTY-1108 SSL EOF detection
+ JETTY-1109 Improper handling of cookies in Terracotta tests
+ JETTY-1112 Response fails if header exceeds buffer size
+ JETTY-1113 IllegalStateException when adding servlet filters programmatically
+ JETTY-1114 Unsynchronize webapp classloader getResource
+ 282543 HttpClient SSL buffer size fix
+ 288055 fix jetty-client for failed listener state machine
+ 288153 reset exchange when resending
+ 288182 PUT request fails during retry
+ Fix DefaultServletTest for windows
+ Update Jetty implementation of com.sun.net.httpserver.*
+ Include tmp directory sweeper in build
+ Streamline jetty-jboss build, update sar to QueuedThreadPool
jetty-7.0.0.RC6 September 21 2009
+ Fixed XSS issue in CookieDump demo servlet.
+ 289958 StatisticsServlet incorrectly adds StatisticsHandler

View File

@ -456,7 +456,15 @@ public class HttpParser implements Parser
case HttpHeaders.CONTENT_LENGTH_ORDINAL:
if (_contentLength != HttpTokens.CHUNKED_CONTENT)
{
_contentLength=BufferUtil.toLong(value);
try
{
_contentLength=BufferUtil.toLong(value);
}
catch(NumberFormatException e)
{
Log.ignore(e);
throw new HttpException(HttpStatus.BAD_REQUEST_400);
}
if (_contentLength <= 0)
_contentLength=HttpTokens.NO_CONTENT;
}

View File

@ -92,8 +92,7 @@ public class ErrorHandler extends AbstractHandler
writer.write("<title>Error ");
writer.write(Integer.toString(code));
writer.write(' ');
if (message!=null)
writer.write(deScript(message));
write(writer,message);
writer.write("</title>\n");
}
@ -118,9 +117,9 @@ public class ErrorHandler extends AbstractHandler
writer.write("<h2>HTTP ERROR ");
writer.write(Integer.toString(code));
writer.write("</h2>\n<p>Problem accessing ");
writer.write(deScript(uri));
write(writer,uri);
writer.write(". Reason:\n<pre> ");
writer.write(deScript(message));
write(writer,message);
writer.write("</pre></p>");
}
@ -136,7 +135,7 @@ public class ErrorHandler extends AbstractHandler
PrintWriter pw = new PrintWriter(sw);
th.printStackTrace(pw);
pw.flush();
writer.write(deScript(sw.getBuffer().toString()));
write(writer,sw.getBuffer().toString());
writer.write("</pre>\n");
th =th.getCause();
@ -163,13 +162,34 @@ public class ErrorHandler extends AbstractHandler
}
/* ------------------------------------------------------------ */
protected String deScript(String string)
protected void write(Writer writer,String string)
throws IOException
{
if (string==null)
return null;
string=StringUtil.replace(string, "&", "&amp;");
string=StringUtil.replace(string, "<", "&lt;");
string=StringUtil.replace(string, ">", "&gt;");
return string;
return;
for (int i=0;i<string.length();i++)
{
char c=string.charAt(i);
switch(c)
{
case '&' :
writer.write("&amp;");
break;
case '<' :
writer.write("&lt;");
break;
case '>' :
writer.write("&gt;");
break;
default:
if (Character.isISOControl(c) && !Character.isWhitespace(c))
writer.write('?');
else
writer.write(c);
}
}
}
}

View File

@ -37,6 +37,7 @@ public class StdErrLog implements Logger
private boolean _debug = __debug;
private final String _name;
private boolean _hideStacks=false;
StringBuilder _buffer = new StringBuilder();
static
{
@ -99,14 +100,24 @@ public class StdErrLog implements Logger
{
String d=_dateCache.now();
int ms=_dateCache.lastMs();
System.err.println(d+(ms>99?".":(ms>0?".0":".00"))+ms+":INFO:"+_name+":"+msg);
synchronized(_buffer)
{
tag(d,ms,":INFO:");
format(msg);
System.err.println(_buffer.toString());
}
}
public void info(String msg,Object arg0, Object arg1)
{
String d=_dateCache.now();
int ms=_dateCache.lastMs();
System.err.println(d+(ms>99?".":(ms>0?".0":".00"))+ms+":INFO:"+_name+":"+format(msg,arg0,arg1));
synchronized(_buffer)
{
tag(d,ms,":INFO:");
format(msg,arg0,arg1);
System.err.println(_buffer.toString());
}
}
public void debug(String msg,Throwable th)
@ -115,13 +126,15 @@ public class StdErrLog implements Logger
{
String d=_dateCache.now();
int ms=_dateCache.lastMs();
System.err.println(d+(ms>99?".":(ms>0?".0":".00"))+ms+":DBUG:"+_name+":"+msg);
if (th!=null)
synchronized(_buffer)
{
tag(d,ms,":DBUG:");
format(msg);
if (_hideStacks)
System.err.println(th);
format(th.toString());
else
th.printStackTrace();
format(th);
System.err.println(_buffer.toString());
}
}
}
@ -132,7 +145,12 @@ public class StdErrLog implements Logger
{
String d=_dateCache.now();
int ms=_dateCache.lastMs();
System.err.println(d+(ms>99?".":(ms>0?".0":".00"))+ms+":DBUG:"+_name+":"+msg);
synchronized(_buffer)
{
tag(d,ms,":DBUG:");
format(msg);
System.err.println(_buffer.toString());
}
}
}
@ -142,7 +160,12 @@ public class StdErrLog implements Logger
{
String d=_dateCache.now();
int ms=_dateCache.lastMs();
System.err.println(d+(ms>99?".":(ms>0?".0":".00"))+ms+":DBUG:"+_name+":"+format(msg,arg0,arg1));
synchronized(_buffer)
{
tag(d,ms,":DBUG:");
format(msg,arg0,arg1);
System.err.println(_buffer.toString());
}
}
}
@ -150,40 +173,127 @@ public class StdErrLog implements Logger
{
String d=_dateCache.now();
int ms=_dateCache.lastMs();
System.err.println(d+(ms>99?".":(ms>0?".0":".00"))+ms+":WARN:"+_name+":"+msg);
synchronized(_buffer)
{
tag(d,ms,":WARN:");
format(msg);
System.err.println(_buffer.toString());
}
}
public void warn(String msg,Object arg0, Object arg1)
{
String d=_dateCache.now();
int ms=_dateCache.lastMs();
System.err.println(d+(ms>99?".":(ms>0?".0":".00"))+ms+":WARN:"+_name+":"+format(msg,arg0,arg1));
synchronized(_buffer)
{
tag(d,ms,":WARN:");
format(msg,arg0,arg1);
System.err.println(_buffer.toString());
}
}
public void warn(String msg, Throwable th)
{
String d=_dateCache.now();
int ms=_dateCache.lastMs();
System.err.println(d+(ms>99?".":(ms>0?".0":".00"))+ms+":WARN:"+_name+":"+msg);
if (th!=null)
int ms=_dateCache.lastMs();
synchronized(_buffer)
{
tag(d,ms,":WARN:");
format(msg);
if (_hideStacks)
System.err.println(th);
format(th.toString());
else
th.printStackTrace();
}
format(th);
System.err.println(_buffer.toString());
}
}
private String format(String msg, Object arg0, Object arg1)
private void tag(String d,int ms,String tag)
{
_buffer.setLength(0);
_buffer.append(d);
if (ms>99)
_buffer.append('.');
else if (ms>9)
_buffer.append(".0");
else
_buffer.append(".00");
_buffer.append(ms).append(tag).append(_name).append(':');
}
private void format(String msg, Object arg0, Object arg1)
{
int i0=msg.indexOf("{}");
int i1=i0<0?-1:msg.indexOf("{}",i0+2);
if (arg1!=null && i1>=0)
msg=msg.substring(0,i1)+arg1+msg.substring(i1+2);
if (arg0!=null && i0>=0)
msg=msg.substring(0,i0)+arg0+msg.substring(i0+2);
return msg;
if (i0>=0)
{
format(msg.substring(0,i0));
format(String.valueOf(arg0));
if (i1>=0)
{
format(msg.substring(i0+2,i1));
format(String.valueOf(arg1));
format(msg.substring(i1+2));
}
else
{
format(msg.substring(i1+2));
if (arg1!=null)
{
_buffer.append(' ');
format(String.valueOf(arg1));
}
}
}
else
{
format(msg);
if (arg0!=null)
{
_buffer.append(' ');
format(String.valueOf(arg0));
}
if (arg1!=null)
{
_buffer.append(' ');
format(String.valueOf(arg1));
}
}
}
private void format(String msg)
{
for (int i=0;i<msg.length();i++)
{
char c=msg.charAt(i);
if (Character.isISOControl(c))
{
if (c=='\n')
_buffer.append('|');
else if (c=='\r')
_buffer.append('<');
else
_buffer.append('?');
}
else
_buffer.append(c);
}
}
private void format(Throwable th)
{
_buffer.append('\n');
format(th.toString());
StackTraceElement[] elements = th.getStackTrace();
for (int i=0;elements!=null && i<elements.length;i++)
{
_buffer.append("\n\tat ");
format(elements[i].toString());
}
}
public Logger getLogger(String name)