From f34663282c694b8dffa3a9c5899288444058f28a Mon Sep 17 00:00:00 2001 From: Jay Modi Date: Fri, 5 Apr 2019 12:06:06 -0600 Subject: [PATCH] Update apache httpclient to version 4.5.8 (#40875) This change updates our version of httpclient to version 4.5.8, which contains the fix for HTTPCLIENT-1968, which is a bug where the client started re-writing paths that contained encoded reserved characters with their unreserved form. --- buildSrc/version.properties | 2 +- .../rest/licenses/httpclient-4.5.7.jar.sha1 | 1 - .../rest/licenses/httpclient-4.5.8.jar.sha1 | 1 + .../licenses/httpclient-4.5.7.jar.sha1 | 1 - .../licenses/httpclient-4.5.8.jar.sha1 | 1 + .../licenses/httpclient-4.5.7.jar.sha1 | 1 - .../licenses/httpclient-4.5.8.jar.sha1 | 1 + .../licenses/httpclient-4.5.7.jar.sha1 | 1 - .../licenses/httpclient-4.5.8.jar.sha1 | 1 + .../licenses/httpclient-4.5.7.jar.sha1 | 1 - .../licenses/httpclient-4.5.8.jar.sha1 | 1 + .../licenses/httpclient-4.5.7.jar.sha1 | 1 - .../licenses/httpclient-4.5.8.jar.sha1 | 1 + .../licenses/httpclient-4.5.7.jar.sha1 | 1 - .../licenses/httpclient-4.5.8.jar.sha1 | 1 + .../core/licenses/httpclient-4.5.7.jar.sha1 | 1 - .../core/licenses/httpclient-4.5.8.jar.sha1 | 1 + .../licenses/httpclient-cache-4.5.7.jar.sha1 | 1 - .../licenses/httpclient-cache-4.5.8.jar.sha1 | 1 + .../xpack/watcher/common/http/HttpClient.java | 46 ++++++++++--------- 20 files changed, 34 insertions(+), 32 deletions(-) delete mode 100644 client/rest/licenses/httpclient-4.5.7.jar.sha1 create mode 100644 client/rest/licenses/httpclient-4.5.8.jar.sha1 delete mode 100644 client/sniffer/licenses/httpclient-4.5.7.jar.sha1 create mode 100644 client/sniffer/licenses/httpclient-4.5.8.jar.sha1 delete mode 100644 plugins/discovery-azure-classic/licenses/httpclient-4.5.7.jar.sha1 create mode 100644 plugins/discovery-azure-classic/licenses/httpclient-4.5.8.jar.sha1 delete mode 100644 plugins/discovery-ec2/licenses/httpclient-4.5.7.jar.sha1 create mode 100644 plugins/discovery-ec2/licenses/httpclient-4.5.8.jar.sha1 delete mode 100644 plugins/discovery-gce/licenses/httpclient-4.5.7.jar.sha1 create mode 100644 plugins/discovery-gce/licenses/httpclient-4.5.8.jar.sha1 delete mode 100644 plugins/repository-gcs/licenses/httpclient-4.5.7.jar.sha1 create mode 100644 plugins/repository-gcs/licenses/httpclient-4.5.8.jar.sha1 delete mode 100644 plugins/repository-s3/licenses/httpclient-4.5.7.jar.sha1 create mode 100644 plugins/repository-s3/licenses/httpclient-4.5.8.jar.sha1 delete mode 100644 x-pack/plugin/core/licenses/httpclient-4.5.7.jar.sha1 create mode 100644 x-pack/plugin/core/licenses/httpclient-4.5.8.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/httpclient-cache-4.5.7.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/httpclient-cache-4.5.8.jar.sha1 diff --git a/buildSrc/version.properties b/buildSrc/version.properties index f026e1603d6..59db828eb0a 100644 --- a/buildSrc/version.properties +++ b/buildSrc/version.properties @@ -32,7 +32,7 @@ bouncycastle = 1.61 # test dependencies randomizedrunner = 2.7.1 junit = 4.12 -httpclient = 4.5.7 +httpclient = 4.5.8 httpcore = 4.4.11 httpasyncclient = 4.1.4 commonslogging = 1.1.3 diff --git a/client/rest/licenses/httpclient-4.5.7.jar.sha1 b/client/rest/licenses/httpclient-4.5.7.jar.sha1 deleted file mode 100644 index a8b7cc0d994..00000000000 --- a/client/rest/licenses/httpclient-4.5.7.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -dda059f4908e1b548b7ba68d81a3b05897f27cb0 \ No newline at end of file diff --git a/client/rest/licenses/httpclient-4.5.8.jar.sha1 b/client/rest/licenses/httpclient-4.5.8.jar.sha1 new file mode 100644 index 00000000000..73f0d30c709 --- /dev/null +++ b/client/rest/licenses/httpclient-4.5.8.jar.sha1 @@ -0,0 +1 @@ +c27c9d6f15435dc2b6947112027b418b0eef32b9 \ No newline at end of file diff --git a/client/sniffer/licenses/httpclient-4.5.7.jar.sha1 b/client/sniffer/licenses/httpclient-4.5.7.jar.sha1 deleted file mode 100644 index a8b7cc0d994..00000000000 --- a/client/sniffer/licenses/httpclient-4.5.7.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -dda059f4908e1b548b7ba68d81a3b05897f27cb0 \ No newline at end of file diff --git a/client/sniffer/licenses/httpclient-4.5.8.jar.sha1 b/client/sniffer/licenses/httpclient-4.5.8.jar.sha1 new file mode 100644 index 00000000000..73f0d30c709 --- /dev/null +++ b/client/sniffer/licenses/httpclient-4.5.8.jar.sha1 @@ -0,0 +1 @@ +c27c9d6f15435dc2b6947112027b418b0eef32b9 \ No newline at end of file diff --git a/plugins/discovery-azure-classic/licenses/httpclient-4.5.7.jar.sha1 b/plugins/discovery-azure-classic/licenses/httpclient-4.5.7.jar.sha1 deleted file mode 100644 index a8b7cc0d994..00000000000 --- a/plugins/discovery-azure-classic/licenses/httpclient-4.5.7.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -dda059f4908e1b548b7ba68d81a3b05897f27cb0 \ No newline at end of file diff --git a/plugins/discovery-azure-classic/licenses/httpclient-4.5.8.jar.sha1 b/plugins/discovery-azure-classic/licenses/httpclient-4.5.8.jar.sha1 new file mode 100644 index 00000000000..73f0d30c709 --- /dev/null +++ b/plugins/discovery-azure-classic/licenses/httpclient-4.5.8.jar.sha1 @@ -0,0 +1 @@ +c27c9d6f15435dc2b6947112027b418b0eef32b9 \ No newline at end of file diff --git a/plugins/discovery-ec2/licenses/httpclient-4.5.7.jar.sha1 b/plugins/discovery-ec2/licenses/httpclient-4.5.7.jar.sha1 deleted file mode 100644 index a8b7cc0d994..00000000000 --- a/plugins/discovery-ec2/licenses/httpclient-4.5.7.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -dda059f4908e1b548b7ba68d81a3b05897f27cb0 \ No newline at end of file diff --git a/plugins/discovery-ec2/licenses/httpclient-4.5.8.jar.sha1 b/plugins/discovery-ec2/licenses/httpclient-4.5.8.jar.sha1 new file mode 100644 index 00000000000..73f0d30c709 --- /dev/null +++ b/plugins/discovery-ec2/licenses/httpclient-4.5.8.jar.sha1 @@ -0,0 +1 @@ +c27c9d6f15435dc2b6947112027b418b0eef32b9 \ No newline at end of file diff --git a/plugins/discovery-gce/licenses/httpclient-4.5.7.jar.sha1 b/plugins/discovery-gce/licenses/httpclient-4.5.7.jar.sha1 deleted file mode 100644 index a8b7cc0d994..00000000000 --- a/plugins/discovery-gce/licenses/httpclient-4.5.7.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -dda059f4908e1b548b7ba68d81a3b05897f27cb0 \ No newline at end of file diff --git a/plugins/discovery-gce/licenses/httpclient-4.5.8.jar.sha1 b/plugins/discovery-gce/licenses/httpclient-4.5.8.jar.sha1 new file mode 100644 index 00000000000..73f0d30c709 --- /dev/null +++ b/plugins/discovery-gce/licenses/httpclient-4.5.8.jar.sha1 @@ -0,0 +1 @@ +c27c9d6f15435dc2b6947112027b418b0eef32b9 \ No newline at end of file diff --git a/plugins/repository-gcs/licenses/httpclient-4.5.7.jar.sha1 b/plugins/repository-gcs/licenses/httpclient-4.5.7.jar.sha1 deleted file mode 100644 index a8b7cc0d994..00000000000 --- a/plugins/repository-gcs/licenses/httpclient-4.5.7.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -dda059f4908e1b548b7ba68d81a3b05897f27cb0 \ No newline at end of file diff --git a/plugins/repository-gcs/licenses/httpclient-4.5.8.jar.sha1 b/plugins/repository-gcs/licenses/httpclient-4.5.8.jar.sha1 new file mode 100644 index 00000000000..73f0d30c709 --- /dev/null +++ b/plugins/repository-gcs/licenses/httpclient-4.5.8.jar.sha1 @@ -0,0 +1 @@ +c27c9d6f15435dc2b6947112027b418b0eef32b9 \ No newline at end of file diff --git a/plugins/repository-s3/licenses/httpclient-4.5.7.jar.sha1 b/plugins/repository-s3/licenses/httpclient-4.5.7.jar.sha1 deleted file mode 100644 index a8b7cc0d994..00000000000 --- a/plugins/repository-s3/licenses/httpclient-4.5.7.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -dda059f4908e1b548b7ba68d81a3b05897f27cb0 \ No newline at end of file diff --git a/plugins/repository-s3/licenses/httpclient-4.5.8.jar.sha1 b/plugins/repository-s3/licenses/httpclient-4.5.8.jar.sha1 new file mode 100644 index 00000000000..73f0d30c709 --- /dev/null +++ b/plugins/repository-s3/licenses/httpclient-4.5.8.jar.sha1 @@ -0,0 +1 @@ +c27c9d6f15435dc2b6947112027b418b0eef32b9 \ No newline at end of file diff --git a/x-pack/plugin/core/licenses/httpclient-4.5.7.jar.sha1 b/x-pack/plugin/core/licenses/httpclient-4.5.7.jar.sha1 deleted file mode 100644 index a8b7cc0d994..00000000000 --- a/x-pack/plugin/core/licenses/httpclient-4.5.7.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -dda059f4908e1b548b7ba68d81a3b05897f27cb0 \ No newline at end of file diff --git a/x-pack/plugin/core/licenses/httpclient-4.5.8.jar.sha1 b/x-pack/plugin/core/licenses/httpclient-4.5.8.jar.sha1 new file mode 100644 index 00000000000..73f0d30c709 --- /dev/null +++ b/x-pack/plugin/core/licenses/httpclient-4.5.8.jar.sha1 @@ -0,0 +1 @@ +c27c9d6f15435dc2b6947112027b418b0eef32b9 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/httpclient-cache-4.5.7.jar.sha1 b/x-pack/plugin/security/licenses/httpclient-cache-4.5.7.jar.sha1 deleted file mode 100644 index b121bd65421..00000000000 --- a/x-pack/plugin/security/licenses/httpclient-cache-4.5.7.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -c13a0ce27c17831e5e5be6c751842006dcecb270 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/httpclient-cache-4.5.8.jar.sha1 b/x-pack/plugin/security/licenses/httpclient-cache-4.5.8.jar.sha1 new file mode 100644 index 00000000000..87db7aba09e --- /dev/null +++ b/x-pack/plugin/security/licenses/httpclient-cache-4.5.8.jar.sha1 @@ -0,0 +1 @@ +bb984b73da2153285b660f3e278498abd94ccbb5 \ No newline at end of file diff --git a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/common/http/HttpClient.java b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/common/http/HttpClient.java index e0d3129e75f..39340778d33 100644 --- a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/common/http/HttpClient.java +++ b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/common/http/HttpClient.java @@ -23,8 +23,8 @@ import org.apache.http.client.methods.HttpHead; import org.apache.http.client.methods.HttpRequestBase; import org.apache.http.client.methods.HttpRequestWrapper; import org.apache.http.client.protocol.HttpClientContext; +import org.apache.http.client.utils.URIBuilder; import org.apache.http.client.utils.URIUtils; -import org.apache.http.client.utils.URLEncodedUtils; import org.apache.http.conn.ssl.DefaultHostnameVerifier; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; @@ -65,10 +65,13 @@ import java.io.ByteArrayOutputStream; import java.io.Closeable; import java.io.IOException; import java.io.InputStream; +import java.io.UnsupportedEncodingException; import java.net.URI; import java.net.URISyntaxException; +import java.net.URLDecoder; import java.nio.charset.StandardCharsets; import java.util.ArrayList; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -314,33 +317,32 @@ public class HttpClient implements Closeable { } private Tuple createURI(HttpRequest request) { - // this could be really simple, as the apache http client has a UriBuilder class, however this class is always doing - // url path escaping, and we have done this already, so this would result in double escaping try { List qparams = new ArrayList<>(request.params.size()); request.params.forEach((k, v) -> qparams.add(new BasicNameValuePair(k, v))); - String format = URLEncodedUtils.format(qparams, "UTF-8"); - URI uri = URIUtils.createURI(request.scheme.scheme(), request.host, request.port, request.path, - Strings.isNullOrEmpty(format) ? null : format, null); - - if (uri.isAbsolute() == false) { - throw new IllegalStateException("URI [" + uri.toASCIIString() + "] must be absolute"); - } - final HttpHost httpHost = URIUtils.extractHost(uri); - // what a mess that we need to do this to workaround https://issues.apache.org/jira/browse/HTTPCLIENT-1968 - // in some cases the HttpClient will re-write the URI which drops the escaping for - // slashes within a path. This rewriting is done to obtain a relative URI when - // a proxy is not being used. To avoid this we can handle making it relative ourselves - if (request.path != null && request.path.contains("%2F")) { - final boolean isUsingProxy = (request.proxy != null && request.proxy.equals(HttpProxy.NO_PROXY) == false) || - HttpProxy.NO_PROXY.equals(settingsProxy) == false; - if (isUsingProxy == false) { - // we need a relative uri - uri = URIUtils.createURI(null, null, -1, request.path, Strings.isNullOrEmpty(format) ? null : format, null); + // this could be really simple, as the apache http client has a UriBuilder class, however this class is always doing + // url path escaping, and we have done this already, so this would result in double escaping + final List unescapedPathParts; + if (Strings.isEmpty(request.path)) { + unescapedPathParts = Collections.emptyList(); + } else { + final String[] pathParts = request.path.split("/"); + unescapedPathParts = new ArrayList<>(pathParts.length); + for (String part : pathParts) { + unescapedPathParts.add(URLDecoder.decode(part, StandardCharsets.UTF_8.name())); } } + + final URI uri = new URIBuilder() + .setScheme(request.scheme().scheme()) + .setHost(request.host) + .setPort(request.port) + .setPathSegments(unescapedPathParts) + .setParameters(qparams) + .build(); + final HttpHost httpHost = URIUtils.extractHost(uri); return new Tuple<>(httpHost, uri); - } catch (URISyntaxException e) { + } catch (URISyntaxException | UnsupportedEncodingException e) { throw new IllegalArgumentException(e); } }