* Issue #6473 - Improve alias checking in PathResource.
* Reverted %-escape handling for URI query parts.
* Performing canonicalization in ServletContext.getResource(),
and improving alias checking in ContextHandler.getResource().
* Performing canonicalization checks in Resource.addPath() to avoid
navigation above of the root.
* Test added and fixed.
* Various cleanups.
* Improved javadoc and comments
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
Reduce multiple canonicalPath calls with single alias check in PathResource
Revert to decoding and the normalizing URLs so that subsequent canonicalPath calls are noops.
Co-authored-by: Lachlan Roberts <lachlan@webtide.com>
- Merge from PR #6457.
- Also brought some other ComplianceModes back to disable ambiguous empty segments, and ambiguous encodings.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
FileBufferedResponseHandler adds an HttpOutput.Interceptor to buffer all responses into a file until the output is closed. This allows the commit to be delayed until the response is complete and thus headers and response status can be changed while writing the body.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* More optional etag gzip fixes for #5979
IF no separator defined, do not add a suffix to an etag.
Some cleanup of the implementation.
* More optional etag gzip fixes for #5979
updates from review
* Fix#5979 by allowing a configurable etag separator.
Fix#5979 by allowing a configurable etag separator
* updates from review
* Updates from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Handle URIs by first resolving relative paths and then decoding.
Added compliance mode to return 400 if there are ambiguous path segments.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* enable spotbugs in CI
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
record issues
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
use warning new generation
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
activate errorprone
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
fix Jenkinsfile
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
do not run spotbugs for jetty-runner as we do not want to fix all dependencies bugs :)
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
junit should allow empty results
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
maven console can be use only once...
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
one liner
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
recordissues only once
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
force id
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
aggregate results
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
configure a name for aggregated reports
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
mo more -T3 no need anymore of remote session test profile
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
I want to see what failing tests look like with new report.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
skip spotbugs for jetty-jmh
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
get rid of findbugs as we now have spotbugs
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
Revert "I want to see what failing tests look like with new report."
This reverts commit df0d13e4c53d7461872e1f925ec06bd36e4a66c9.
activate errorProne parser
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
make pmd quiet for CI
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
remove -fae flag and do not display transfer progress
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
try junitParser() to see what it does
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
junit parser is a bad idea...
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
increase timeout
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
no -T2 for javadoc
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
fix skip spotbugs and pmd verbose
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* remove -T options
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* Issue #5605 unconsumed input on sendError
Add Connection:close if content can't be consumed during a sendError. Processed after the request has returned to the container.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Update from review
+ Add close on all uncommitted requests when content cannot be consumed.
* Update from review
+ fixed comment
+ space comma
* Only consume input in COMPLETE if response is >=200 (ie not an upgrade or similar)
* Updated to be less adventurous
I do not think it was valid to always consumeAll in COMPLETE as this could break upgrades with both 101s and 200s
Instead I have reverted to having this consumeAll logic only:
+ in sendError once control has passed back to the container and we are about to generate an error page.
+ in front of all the sendRedirection that we do without calling the application first.
Extra tests also added
* Updated to be less adventurous
reverted test
* Testcase for odd sendError(400) issue.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Fix for odd sendError(400) issue.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Testcase for odd sendError(400) issue.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Always try to consumeAll on all requests
* Refinements after testing in 10
* Refinements after testing in 10
Fixed test
* Fixed comment from review
* Updates from review
+ added redirect methods that consumeAll
+ ensureContentConsumedOrConnectionClose renamed to ensureConsumeAllOrNotPersistent
+ ensureConsumeAllOrNotPersistent now handles HTTP/1.0 and HTTP/1.1 differently
* better consumeAll implementation
* update from review
+ better javadoc
+ filter out keep-alive
+ added more tests
* update from review
+ better javadoc
* update from review
+ fixed form redirection test for http 1.0 and 1.1
* update from review
+ HttpGenerator removes keep-alive if close present
+ Use isRedirection
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Fix#5562 Improve HTTP Field cache allocation
Fix#5562 by initially putting cacheable fields into a inexpensive arraylist.
Only create the Trie (with space and complexity costs) if a second request is received.
* Fixed NPE
* Feedback from review
Create `HttpHeader.isPseudo()`` method
improved clarity with `createFieldCacheIfNeeded()``
* Feedback from review
Only defer Trie creation to first cacheable field, not until next request.
* Updates from review
* Update from review
+ more javadoc
+ empty set return
+ Added all IANA methods
+ Used Trie for most lookups
+ Fixed ArrayTernayTrie lookup
+ optimised GET, POST and HEAD
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #5357 - Updating to https://eclipse.org/
- Removing redundant <url> refs in pom.xml
- Correcting bad indenting from merge
- Correcting mailing list references
- Correcting bugs.eclipse.org references
- Correcting text file references
- Correcting html references
- Correcting further references
- Correcting download.eclipse.org reference
- Adding test for demo-base /proxy/current/
- Ensuring jetty-client is included in javadoc-proxy.war/WEB-INF/lib
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Simone Bordet
Greg Wilkins
Lachlan
Joakim Erdfelt
olivier lamy
Jesse McConnell