Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7180 from eclipse/jetty-10.0.x-7160-EncodedPercentUri 

Issue #7160 - Add AMBIGUOUS_PATH_ENCODING to default UriCompliance mode.
This commit is contained in:
Lachlan 2021-12-01 10:41:01 +11:00 committed by GitHub
parent 2f5a822f90 7abb1e62f2
commit e409f35bb3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
jetty-http/src/main/java/org/eclipse/jetty/http/UriCompliance.java
View File

@ -104,7 +104,9 @@ public final class UriCompliance implements ComplianceViolation.Mode
* additional violations to avoid most ambiguous URIs. * additional violations to avoid most ambiguous URIs.
* This mode does allow {@link Violation#AMBIGUOUS_PATH_SEPARATOR}, but disallows all out {@link Violation}s. * This mode does allow {@link Violation#AMBIGUOUS_PATH_SEPARATOR}, but disallows all out {@link Violation}s.
*/ */
public static final UriCompliance DEFAULT = new UriCompliance("DEFAULT", of(Violation.AMBIGUOUS_PATH_SEPARATOR)); public static final UriCompliance DEFAULT = new UriCompliance("DEFAULT",
of(Violation.AMBIGUOUS_PATH_SEPARATOR,
Violation.AMBIGUOUS_PATH_ENCODING));
/** /**
* LEGACY compliance mode that models Jetty-9.4 behavior by allowing {@link Violation#AMBIGUOUS_PATH_SEGMENT}, * LEGACY compliance mode that models Jetty-9.4 behavior by allowing {@link Violation#AMBIGUOUS_PATH_SEGMENT},

7
jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java
View File

@ -1812,13 +1812,18 @@ public class RequestTest
"Host: whatever\r\n" + "Host: whatever\r\n" +
"\r\n"; "\r\n";
_connector.getBean(HttpConnectionFactory.class).getHttpConfiguration().setUriCompliance(UriCompliance.DEFAULT); _connector.getBean(HttpConnectionFactory.class).getHttpConfiguration().setUriCompliance(UriCompliance.DEFAULT);
assertThat(_connector.getResponse(request), startsWith("HTTP/1.1 400")); assertThat(_connector.getResponse(request), startsWith("HTTP/1.1 200"));
_connector.getBean(HttpConnectionFactory.class).getHttpConfiguration().setUriCompliance(UriCompliance.LEGACY); _connector.getBean(HttpConnectionFactory.class).getHttpConfiguration().setUriCompliance(UriCompliance.LEGACY);
assertThat(_connector.getResponse(request), startsWith("HTTP/1.1 200")); assertThat(_connector.getResponse(request), startsWith("HTTP/1.1 200"));
_connector.getBean(HttpConnectionFactory.class).getHttpConfiguration().setUriCompliance(UriCompliance.RFC3986); _connector.getBean(HttpConnectionFactory.class).getHttpConfiguration().setUriCompliance(UriCompliance.RFC3986);
assertThat(_connector.getResponse(request), startsWith("HTTP/1.1 200")); assertThat(_connector.getResponse(request), startsWith("HTTP/1.1 200"));
_connector.getBean(HttpConnectionFactory.class).getHttpConfiguration().setUriCompliance(UriCompliance.UNSAFE); _connector.getBean(HttpConnectionFactory.class).getHttpConfiguration().setUriCompliance(UriCompliance.UNSAFE);
assertThat(_connector.getResponse(request), startsWith("HTTP/1.1 200")); assertThat(_connector.getResponse(request), startsWith("HTTP/1.1 200"));
UriCompliance custom = new UriCompliance("Custom", EnumSet.complementOf(
EnumSet.of(UriCompliance.Violation.AMBIGUOUS_PATH_ENCODING)));
_connector.getBean(HttpConnectionFactory.class).getHttpConfiguration().setUriCompliance(custom);
assertThat(_connector.getResponse(request), startsWith("HTTP/1.1 400"));
} }
@Test @Test