From edba0c36c7449fa60fcffe54d5ad049f20baafe2 Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Mon, 15 Aug 2022 13:58:29 +1000 Subject: [PATCH] Work around for #8462 ee10 handling of %2F This is a provisional workaround for #8462 that fixes the bugs in URIUtil that were preventing encoded %2F being seen as an alias. However, the better ultimate fix would be to see an encoded request as a request for a path segment that includes %2F. --- .../java/org/eclipse/jetty/util/URIUtil.java | 2 +- .../org/eclipse/jetty/util/URIUtilTest.java | 22 +++++++++++++++---- .../jetty/ee10/webapp/WebAppContextTest.java | 4 ++-- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/URIUtil.java b/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/URIUtil.java index 47aed6922e9..9ce4399e0b6 100644 --- a/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/URIUtil.java +++ b/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/URIUtil.java @@ -1638,7 +1638,7 @@ public final class URIUtil else if (!uriA.getAuthority().equals(uriB.getAuthority())) return false; - return equalsIgnoreEncodings(uriA.getPath(), uriB.getPath()); + return equalsIgnoreEncodings(uriA.getRawPath(), uriB.getRawPath()); } /** diff --git a/jetty-core/jetty-util/src/test/java/org/eclipse/jetty/util/URIUtilTest.java b/jetty-core/jetty-util/src/test/java/org/eclipse/jetty/util/URIUtilTest.java index 0ae45d9c0fd..fa73f27160d 100644 --- a/jetty-core/jetty-util/src/test/java/org/eclipse/jetty/util/URIUtilTest.java +++ b/jetty-core/jetty-util/src/test/java/org/eclipse/jetty/util/URIUtilTest.java @@ -502,6 +502,10 @@ public class URIUtilTest public static Stream equalsIgnoreEncodingURITrueSource() { return Stream.of( + Arguments.of( + URI.create("HTTP:/foo/b%61r"), + URI.create("http:/f%6Fo/bar") + ), Arguments.of( URI.create("jar:file:/path/to/main.jar!/META-INF/versions/"), URI.create("jar:file:/path/to/main.jar!/META-INF/%76ersions/") @@ -513,11 +517,21 @@ public class URIUtilTest ); } - @ParameterizedTest - @MethodSource("equalsIgnoreEncodingURITrueSource") - public void testEqualsIgnoreEncodingURITrue(URI uriA, URI uriB) + public static Stream equalsIgnoreEncodingURIFalseSource() { - assertTrue(URIUtil.equalsIgnoreEncodings(uriA, uriB)); + return Stream.of( + Arguments.of( + URI.create("/foo%2Fbar"), + URI.create("/foo/bar") + ) + ); + } + + @ParameterizedTest + @MethodSource("equalsIgnoreEncodingURIFalseSource") + public void testEqualsIgnoreEncodingURIFalse(URI uriA, URI uriB) + { + assertFalse(URIUtil.equalsIgnoreEncodings(uriA, uriB)); } public static Stream correctBadFileURICases() diff --git a/jetty-ee10/jetty-ee10-webapp/src/test/java/org/eclipse/jetty/ee10/webapp/WebAppContextTest.java b/jetty-ee10/jetty-ee10-webapp/src/test/java/org/eclipse/jetty/ee10/webapp/WebAppContextTest.java index 1bf944ece46..081d434ab1b 100644 --- a/jetty-ee10/jetty-ee10-webapp/src/test/java/org/eclipse/jetty/ee10/webapp/WebAppContextTest.java +++ b/jetty-ee10/jetty-ee10-webapp/src/test/java/org/eclipse/jetty/ee10/webapp/WebAppContextTest.java @@ -351,10 +351,10 @@ public class WebAppContextTest "/foo/%u002e%u002e/WEB-INF/test.xml", "/%2E/WEB-INF/test.xml", "/%u002E/WEB-INF/test.xml", - "//WEB-INF/test.xml" /* TODO, + "//WEB-INF/test.xml", "/WEB-INF%2Ftest.xml", "/WEB-INF%u002Ftest.xml", - "/WEB-INF%2ftest.xml" */ + "/WEB-INF%2ftest.xml" }) public void testProtectedTarget(String target) throws Exception {