Work around for #8462 ee10 handling of %2F

This is a provisional workaround for #8462 that fixes the bugs in URIUtil that were preventing encoded %2F being seen as an alias. However, the better ultimate fix would be to see an encoded request as a request for a path segment that includes %2F.
2022-08-15 13:58:29 +10:00 · 2022-08-15 13:58:29 +10:00 · edba0c36c7
parent db359ff8a5
commit edba0c36c7
3 changed files with 21 additions and 7 deletions
--- a/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/URIUtil.java
+++ b/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/URIUtil.java
@ -1638,7 +1638,7 @@ public final class URIUtil
        else if (!uriA.getAuthority().equals(uriB.getAuthority()))
            return false;

-        return equalsIgnoreEncodings(uriA.getPath(), uriB.getPath());
+        return equalsIgnoreEncodings(uriA.getRawPath(), uriB.getRawPath());
    }

    /**
--- a/jetty-core/jetty-util/src/test/java/org/eclipse/jetty/util/URIUtilTest.java
+++ b/jetty-core/jetty-util/src/test/java/org/eclipse/jetty/util/URIUtilTest.java
@ -502,6 +502,10 @@ public class URIUtilTest
    public static Stream<Arguments> equalsIgnoreEncodingURITrueSource()
    {
        return Stream.of(
+            Arguments.of(
+                URI.create("HTTP:/foo/b%61r"),
+                URI.create("http:/f%6Fo/bar")
+            ),
            Arguments.of(
                URI.create("jar:file:/path/to/main.jar!/META-INF/versions/"),
                URI.create("jar:file:/path/to/main.jar!/META-INF/%76ersions/")
@ -513,11 +517,21 @@ public class URIUtilTest
        );
    }

-    @ParameterizedTest
-    @MethodSource("equalsIgnoreEncodingURITrueSource")
-    public void testEqualsIgnoreEncodingURITrue(URI uriA, URI uriB)
+    public static Stream<Arguments> equalsIgnoreEncodingURIFalseSource()
    {
-        assertTrue(URIUtil.equalsIgnoreEncodings(uriA, uriB));
+        return Stream.of(
+            Arguments.of(
+                URI.create("/foo%2Fbar"),
+                URI.create("/foo/bar")
+            )
+        );
+    }
+
+    @ParameterizedTest
+    @MethodSource("equalsIgnoreEncodingURIFalseSource")
+    public void testEqualsIgnoreEncodingURIFalse(URI uriA, URI uriB)
+    {
+        assertFalse(URIUtil.equalsIgnoreEncodings(uriA, uriB));
    }

    public static Stream<Arguments> correctBadFileURICases()
--- a/jetty-ee10/jetty-ee10-webapp/src/test/java/org/eclipse/jetty/ee10/webapp/WebAppContextTest.java
+++ b/jetty-ee10/jetty-ee10-webapp/src/test/java/org/eclipse/jetty/ee10/webapp/WebAppContextTest.java
@ -351,10 +351,10 @@ public class WebAppContextTest
        "/foo/%u002e%u002e/WEB-INF/test.xml",
        "/%2E/WEB-INF/test.xml",
        "/%u002E/WEB-INF/test.xml",
-        "//WEB-INF/test.xml" /* TODO,
+        "//WEB-INF/test.xml",
        "/WEB-INF%2Ftest.xml",
        "/WEB-INF%u002Ftest.xml",
-        "/WEB-INF%2ftest.xml" */
+        "/WEB-INF%2ftest.xml"
    })
    public void testProtectedTarget(String target) throws Exception
    {