From a8255257e0174f7d3b014a1add591c3b83b83388 Mon Sep 17 00:00:00 2001 From: gregw Date: Mon, 8 Jul 2024 13:54:08 +1000 Subject: [PATCH 1/3] Added a UriCompliance.Violation to deprecate user info in `HttpURI` As per [RFC9110](https://datatracker.ietf.org/doc/html/rfc9110#name-deprecation-of-userinfo-in-) user info is deprecated in server implementations. The new violation for USER_DATA is included by default in 12.0.x, but will be removed in 12.1.x --- .../java/org/eclipse/jetty/http/HttpURI.java | 191 +++++++++++++----- .../org/eclipse/jetty/http/UriCompliance.java | 10 +- .../org/eclipse/jetty/http/HttpURITest.java | 44 +++- .../jetty/server/HttpConfiguration.java | 15 ++ .../org/eclipse/jetty/server/Response.java | 49 +++-- .../org/eclipse/jetty/server/RequestTest.java | 57 ++++++ .../eclipse/jetty/server/ResponseTest.java | 82 ++++++++ 7 files changed, 372 insertions(+), 76 deletions(-) diff --git a/jetty-core/jetty-http/src/main/java/org/eclipse/jetty/http/HttpURI.java b/jetty-core/jetty-http/src/main/java/org/eclipse/jetty/http/HttpURI.java index 0d1eae72c18b..6db99245a561 100644 --- a/jetty-core/jetty-http/src/main/java/org/eclipse/jetty/http/HttpURI.java +++ b/jetty-core/jetty-http/src/main/java/org/eclipse/jetty/http/HttpURI.java @@ -16,7 +16,6 @@ import java.io.Serial; import java.io.Serializable; import java.net.URI; -import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.EnumSet; @@ -65,12 +64,15 @@ * Thus this class avoid and/or detects such ambiguities. Furthermore, by decoding characters and * removing parameters before relative path normalization, ambiguous paths will be resolved in such * a way to be non-standard-but-non-ambiguous to down stream interpretation of the decoded path string. - * The violations are recorded and available by API such as {@link #hasAmbiguousSegment()} so that requests - * containing them may be rejected in case the non-standard-but-non-ambiguous interpretations - * are not satisfactory for a given compliance configuration. *

*

- * Implementations that wish to process ambiguous URI paths must configure the compliance modes + * This class collates any {@link UriCompliance.Violation violations} against the specification + * and/or best practises in the {@link #getViolations()}. Users of this class should check against a + * configured {@link UriCompliance} mode if the {@code HttpURI} is suitable for use + * (see {@link UriCompliance#checkUriCompliance(UriCompliance, HttpURI, ComplianceViolation.Listener)}). + *

+ *

+ * For example, implementations that wish to process ambiguous URI paths must configure the compliance modes * to accept them and then perform their own decoding of {@link #getPath()}. *

*

@@ -549,16 +551,41 @@ private enum State .with("%u002e%u002e", Boolean.TRUE) .build(); - /** - * Encoded character sequences that violate the Servlet 6.0 spec - * https://jakarta.ee/specifications/servlet/6.0/jakarta-servlet-spec-6.0.html#uri-path-canonicalization - */ private static final boolean[] __suspiciousPathCharacters; - /** - * Unencoded US-ASCII character sequences not allowed by HTTP or URI specs in path segments. - */ - private static final boolean[] __illegalPathCharacters; + private static final boolean[] __unreservedPctEncodedSubDelims; + + private static final boolean[] __pathCharacters; + + private static boolean isDigit(char c) + { + return (c >= '0') && (c <= '9'); + } + + private static boolean isHexDigit(char c) + { + return (((c >= 'a') && (c <= 'f')) || // ALPHA (lower) + ((c >= 'A') && (c <= 'F')) || // ALPHA (upper) + ((c >= '0') && (c <= '9'))); + } + + private static boolean isUnreserved(char c) + { + return (((c >= 'a') && (c <= 'z')) || // ALPHA (lower) + ((c >= 'A') && (c <= 'Z')) || // ALPHA (upper) + ((c >= '0') && (c <= '9')) || // DIGIT + (c == '-') || (c == '.') || (c == '_') || (c == '~')); + } + + private static boolean isSubDelim(char c) + { + return c == '!' || c == '$' || c == '&' || c == '\'' || c == '(' || c == ')' || c == '*' || c == '+' || c == ',' || c == ';' || c == '='; + } + + static boolean isUnreservedPctEncodedOrSubDelim(char c) + { + return c < __unreservedPctEncodedSubDelims.length && __unreservedPctEncodedSubDelims[c]; + } static { @@ -588,39 +615,32 @@ private enum State // gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@" // sub-delims = "!" / "$" / "&" / "'" / "(" / ")" // / "*" / "+" / "," / ";" / "=" - + // + // authority = [ userinfo "@" ] host [ ":" port ] + // userinfo = *( unreserved / pct-encoded / sub-delims / ":" ) + // host = IP-literal / IPv4address / reg-name + // port = *DIGIT + // + // reg-name = *( unreserved / pct-encoded / sub-delims ) + // // we are limited to US-ASCII per https://datatracker.ietf.org/doc/html/rfc3986#section-2 - boolean[] illegalChars = new boolean[128]; - Arrays.fill(illegalChars, true); - // pct-encoded - illegalChars['%'] = false; - // unreserved - for (int i = 0; i < illegalChars.length; i++) + __unreservedPctEncodedSubDelims = new boolean[128]; + __pathCharacters = new boolean[128]; + + for (int i = 0; i < __pathCharacters.length; i++) { - if (((i >= 'a') && (i <= 'z')) || // ALPHA (lower) - ((i >= 'A') && (i <= 'Z')) || // ALPHA (upper) - ((i >= '0') && (i <= '9')) || // DIGIT - (i == '-') || (i == '.') || (i == '_') || (i == '_') || (i == '~') - ) - { - illegalChars[i] = false; - } + char c = (char)i; + + __unreservedPctEncodedSubDelims[i] = isUnreserved(c) || c == '%' || isSubDelim(c); + __pathCharacters[i] = __unreservedPctEncodedSubDelims[i] || c == ':' || c == '@'; } - // reserved - String reserved = ":/?#[]@!$&'()*+,="; - for (char c: reserved.toCharArray()) - illegalChars[c] = false; - __illegalPathCharacters = illegalChars; - // anything else in the US-ASCII space is not allowed // suspicious path characters - boolean[] suspicious = new boolean[128]; - Arrays.fill(suspicious, false); - suspicious['\\'] = true; - suspicious[0x7F] = true; + __suspiciousPathCharacters = new boolean[128]; + __suspiciousPathCharacters['\\'] = true; + __suspiciousPathCharacters[0x7F] = true; for (int i = 0; i <= 0x1F; i++) - suspicious[i] = true; - __suspiciousPathCharacters = suspicious; + __suspiciousPathCharacters[i] = true; } private String _scheme; @@ -650,6 +670,8 @@ private Mutable(HttpURI baseURI, String pathQuery) _uri = null; _scheme = baseURI.getScheme(); _user = baseURI.getUser(); + if (_user != null) + _violations = EnumSet.of(Violation.USER_INFO); _host = baseURI.getHost(); _port = baseURI.getPort(); if (pathQuery != null) @@ -661,6 +683,8 @@ private Mutable(HttpURI baseURI, String path, String param, String query) _uri = null; _scheme = baseURI.getScheme(); _user = baseURI.getUser(); + if (_user != null) + _violations = EnumSet.of(Violation.USER_INFO); _host = baseURI.getHost(); _port = baseURI.getPort(); if (path != null) @@ -686,6 +710,8 @@ private Mutable(URI uri) _host = ""; _port = uri.getPort(); _user = uri.getUserInfo(); + if (_user != null) + _violations = EnumSet.of(Violation.USER_INFO); String path = uri.getRawPath(); if (path != null) parse(State.PATH, path); @@ -1086,6 +1112,10 @@ public Mutable uri(String uri, int offset, int length) public Mutable user(String user) { _user = user; + if (user == null) + removeViolation(Violation.USER_INFO); + else + addViolation(Violation.USER_INFO); _uri = null; return this; } @@ -1095,12 +1125,13 @@ private void parse(State state, final String uri) int mark = 0; // the start of the current section being parsed int pathMark = 0; // the start of the path section int segment = 0; // the start of the current segment within the path - boolean encodedPath = false; // set to true if the path contains % encoded characters + boolean encoded = false; // set to true if the string contains % encoded characters boolean encodedUtf16 = false; // Is the current encoding for UTF16? int encodedCharacters = 0; // partial state of parsing a % encoded character int encodedValue = 0; // the partial encoded value boolean dot = false; // set to true if the path contains . or .. segments int end = uri.length(); + boolean password = false; _emptySegment = false; for (int i = 0; i < end; i++) { @@ -1140,7 +1171,7 @@ private void parse(State state, final String uri) state = State.ASTERISK; break; case '%': - encodedPath = true; + encoded = true; encodedCharacters = 2; encodedValue = 0; mark = pathMark = segment = i; @@ -1194,7 +1225,7 @@ private void parse(State state, final String uri) break; case '%': // must have been in an encoded path - encodedPath = true; + encoded = true; encodedCharacters = 2; encodedValue = 0; state = State.PATH; @@ -1244,27 +1275,53 @@ private void parse(State state, final String uri) switch (c) { case '/': + if (encodedCharacters > 0 || password) + throw new IllegalArgumentException("Bad authority"); _host = uri.substring(mark, i); pathMark = mark = i; segment = mark + 1; state = State.PATH; + encoded = false; break; case ':': + if (encodedCharacters > 0 || password) + throw new IllegalArgumentException("Bad authority"); if (i > mark) _host = uri.substring(mark, i); mark = i + 1; state = State.PORT; break; case '@': - if (_user != null) + if (encodedCharacters > 0) throw new IllegalArgumentException("Bad authority"); _user = uri.substring(mark, i); + addViolation(Violation.USER_INFO); + password = false; + encoded = false; mark = i + 1; break; case '[': + if (i != mark) + throw new IllegalArgumentException("Bad authority"); state = State.IPV6; break; + case '%': + if (encodedCharacters > 0) + throw new IllegalArgumentException("Bad authority"); + encoded = true; + encodedCharacters = 2; + break; default: + if (encodedCharacters > 0) + { + encodedCharacters--; + if (!isHexDigit(c)) + throw new IllegalArgumentException("Bad authority"); + } + else if (!isUnreservedPctEncodedOrSubDelim(c)) + { + throw new IllegalArgumentException("Bad authority"); + } break; } break; @@ -1289,7 +1346,11 @@ private void parse(State state, final String uri) state = State.PATH; } break; + case ':': + break; default: + if (!isHexDigit(c)) + throw new IllegalArgumentException("Bad authority"); break; } break; @@ -1302,6 +1363,7 @@ private void parse(State state, final String uri) throw new IllegalArgumentException("Bad authority"); // It wasn't a port, but a password! _user = _host + ":" + uri.substring(mark, i); + addViolation(Violation.USER_INFO); mark = i + 1; state = State.HOST; } @@ -1312,6 +1374,22 @@ else if (c == '/') segment = i + 1; state = State.PATH; } + else if (!isDigit(c)) + { + if (isUnreservedPctEncodedOrSubDelim(c)) + { + // must be a password + password = true; + state = State.HOST; + if (_host != null) + { + mark = mark - _host.length() - 1; + _host = null; + } + break; + } + throw new IllegalArgumentException("Bad authority"); + } break; } case PATH: @@ -1353,18 +1431,18 @@ else if (c == '/') switch (c) { case ';': - checkSegment(uri, dot || encodedPath, segment, i, true); + checkSegment(uri, dot || encoded, segment, i, true); mark = i + 1; state = State.PARAM; break; case '?': - checkSegment(uri, dot || encodedPath, segment, i, false); + checkSegment(uri, dot || encoded, segment, i, false); _path = uri.substring(pathMark, i); mark = i + 1; state = State.QUERY; break; case '#': - checkSegment(uri, dot || encodedPath, segment, i, false); + checkSegment(uri, dot || encoded, segment, i, false); _path = uri.substring(pathMark, i); mark = i + 1; state = State.FRAGMENT; @@ -1372,21 +1450,21 @@ else if (c == '/') case '/': // There is no leading segment when parsing only a path that starts with slash. if (i != 0) - checkSegment(uri, dot || encodedPath, segment, i, false); + checkSegment(uri, dot || encoded, segment, i, false); segment = i + 1; break; case '.': dot |= segment == i; break; case '%': - encodedPath = true; + encoded = true; encodedUtf16 = false; encodedCharacters = 2; encodedValue = 0; break; default: // The RFC does not allow unencoded path characters that are outside the ABNF - if (c > __illegalPathCharacters.length || __illegalPathCharacters[c]) + if (c > __pathCharacters.length || !__pathCharacters[c]) addViolation(Violation.ILLEGAL_PATH_CHARACTERS); if (c < __suspiciousPathCharacters.length && __suspiciousPathCharacters[c]) addViolation(Violation.SUSPICIOUS_PATH_CHARACTERS); @@ -1412,7 +1490,7 @@ else if (c == '/') state = State.FRAGMENT; break; case '/': - encodedPath = true; + encoded = true; segment = i + 1; state = State.PATH; break; @@ -1477,7 +1555,7 @@ else if (c == '/') _param = uri.substring(mark, end); break; case PATH: - checkSegment(uri, dot || encodedPath, segment, end, false); + checkSegment(uri, dot || encoded, segment, end, false); _path = uri.substring(pathMark, end); break; case QUERY: @@ -1490,7 +1568,7 @@ else if (c == '/') throw new IllegalStateException(state.toString()); } - if (!encodedPath && !dot) + if (!encoded && !dot) { if (_param == null) _canonicalPath = _path; @@ -1576,5 +1654,12 @@ private void addViolation(Violation violation) else _violations.add(violation); } + + private void removeViolation(Violation violation) + { + if (_violations == null) + return; + _violations.remove(violation); + } } } diff --git a/jetty-core/jetty-http/src/main/java/org/eclipse/jetty/http/UriCompliance.java b/jetty-core/jetty-http/src/main/java/org/eclipse/jetty/http/UriCompliance.java index 574530ddb098..183a283c9e0c 100644 --- a/jetty-core/jetty-http/src/main/java/org/eclipse/jetty/http/UriCompliance.java +++ b/jetty-core/jetty-http/src/main/java/org/eclipse/jetty/http/UriCompliance.java @@ -109,7 +109,12 @@ public enum Violation implements ComplianceViolation * Allow path characters not allowed in the path portion of the URI and HTTP specs. *

This would allow characters that fall outside of the {@code unreserved / pct-encoded / sub-delims / ":" / "@"} ABNF

*/ - ILLEGAL_PATH_CHARACTERS("https://datatracker.ietf.org/doc/html/rfc3986#section-3.3", "Illegal Path Character"); + ILLEGAL_PATH_CHARACTERS("https://datatracker.ietf.org/doc/html/rfc3986#section-3.3", "Illegal Path Character"), + + /** + * Allow user info in the authority portion of the URI and HTTP specs. + */ + USER_INFO("https://datatracker.ietf.org/doc/html/rfc9110#name-deprecation-of-userinfo-in-", "Deprecated User Info"); private final String _url; private final String _description; @@ -175,7 +180,8 @@ public String getDescription() Violation.AMBIGUOUS_PATH_SEPARATOR, Violation.AMBIGUOUS_PATH_ENCODING, Violation.AMBIGUOUS_EMPTY_SEGMENT, - Violation.UTF16_ENCODINGS)); + Violation.UTF16_ENCODINGS, + Violation.USER_INFO)); /** * Compliance mode that allows all URI Violations, including allowing ambiguous paths in non-canonical form, and illegal characters diff --git a/jetty-core/jetty-http/src/test/java/org/eclipse/jetty/http/HttpURITest.java b/jetty-core/jetty-http/src/test/java/org/eclipse/jetty/http/HttpURITest.java index be00b41d00c6..228584785a45 100644 --- a/jetty-core/jetty-http/src/test/java/org/eclipse/jetty/http/HttpURITest.java +++ b/jetty-core/jetty-http/src/test/java/org/eclipse/jetty/http/HttpURITest.java @@ -34,6 +34,7 @@ import static org.hamcrest.Matchers.nullValue; import static org.hamcrest.Matchers.sameInstance; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; @@ -59,6 +60,7 @@ public void testBuilder() assertThat(uri.getScheme(), is("http")); assertThat(uri.getUser(), is("user:password")); + assertTrue(uri.hasViolation(Violation.USER_INFO)); assertThat(uri.getHost(), is("host")); assertThat(uri.getPort(), is(8888)); assertThat(uri.getPath(), is("/ignored/../p%61th;ignored/info;param")); @@ -81,6 +83,7 @@ public void testBuilder() assertThat(uri.getScheme(), is("https")); assertThat(uri.getUser(), nullValue()); + assertFalse(uri.hasViolation(Violation.USER_INFO)); assertThat(uri.getHost(), is("[::1]")); assertThat(uri.getPort(), is(8080)); assertThat(uri.getPath(), is("/some%20encoded/evening;id=12345")); @@ -98,6 +101,7 @@ public void testExample() assertThat(uri.getScheme(), is("http")); assertThat(uri.getUser(), is("user:password")); + assertTrue(uri.hasViolation(Violation.USER_INFO)); assertThat(uri.getHost(), is("host")); assertThat(uri.getPort(), is(8888)); assertThat(uri.getPath(), is("/ignored/../p%61th;ignored/info;param")); @@ -155,11 +159,8 @@ public void testParse() assertThat(uri.getHost(), is("foo")); assertThat(uri.getPath(), is("/bar")); - // We do allow nulls if not encoded. This can be used for testing 2nd line of defence. - builder.uri("http://fo\000/bar"); - uri = builder.asImmutable(); - assertThat(uri.getHost(), is("fo\000")); - assertThat(uri.getPath(), is("/bar")); + // We do not allow nulls if not encoded. + assertThrows(IllegalArgumentException.class, () -> builder.uri("http://fo\000/bar").asImmutable()); } @Test @@ -327,6 +328,7 @@ public void testBasicAuthCredentials() assertEquals("http://user:password@example.com:8888/blah", uri.toString()); assertEquals(uri.getAuthority(), "example.com:8888"); assertEquals(uri.getUser(), "user:password"); + assertTrue(uri.hasViolation(Violation.USER_INFO)); } @Test @@ -1198,4 +1200,36 @@ public void testFromBad(String scheme, String server, int port, String expectedS HttpURI httpURI = HttpURI.from(scheme, server, port, null); assertThat(httpURI.asString(), is(expectedStr)); } + + public static Stream badAuthorities() + { + return Stream.of( + "http://#host/path", + "https:// host/path", + "https://h st/path", + "https://h\000st/path", + "https://h%GGst/path", + "https://host%/path", + "https://host%0/path", + "https://host%u001f/path", + "https://host%:8080/path", + "https://host%0:8080/path", + "https://user%@host/path", + "https://user%0@host/path", + "https://host:notport/path", + "https://user@host:notport/path", + "https://user:password@host:notport/path", + "https://user @host.com/", + "https://user#@host.com/", + "https://[notIpv6]/", + "https://bad[0::1::2::3::4]/" + ); + } + + @ParameterizedTest + @MethodSource("badAuthorities") + public void testBadAuthority(String uri) + { + assertThrows(IllegalArgumentException.class, () -> HttpURI.from(uri)); + } } diff --git a/jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/HttpConfiguration.java b/jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/HttpConfiguration.java index 69d9396470e2..70360dac03c4 100644 --- a/jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/HttpConfiguration.java +++ b/jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/HttpConfiguration.java @@ -79,6 +79,7 @@ public class HttpConfiguration implements Dumpable private long _minResponseDataRate; private HttpCompliance _httpCompliance = HttpCompliance.RFC7230; private UriCompliance _uriCompliance = UriCompliance.DEFAULT; + private UriCompliance _redirectUriCompliance = null; // TODO default to UriCompliance.DEFAULT in 12.1 ?; private CookieCompliance _requestCookieCompliance = CookieCompliance.RFC6265; private CookieCompliance _responseCookieCompliance = CookieCompliance.RFC6265; private MultiPartCompliance _multiPartCompliance = MultiPartCompliance.RFC7578; @@ -159,6 +160,7 @@ public HttpConfiguration(HttpConfiguration config) _notifyRemoteAsyncErrors = config._notifyRemoteAsyncErrors; _relativeRedirectAllowed = config._relativeRedirectAllowed; _uriCompliance = config._uriCompliance; + _redirectUriCompliance = config._redirectUriCompliance; _serverAuthority = config._serverAuthority; _localAddress = config._localAddress; } @@ -598,11 +600,24 @@ public UriCompliance getUriCompliance() return _uriCompliance; } + public UriCompliance getRedirectUriCompliance() + { + return _redirectUriCompliance; + } + public void setUriCompliance(UriCompliance uriCompliance) { _uriCompliance = uriCompliance; } + /** + * @param uriCompliance The {@link UriCompliance} to apply in {@link Response#toRedirectURI(Request, String)} or {@code null}. + */ + public void setRedirectUriCompliance(UriCompliance uriCompliance) + { + _redirectUriCompliance = uriCompliance; + } + /** * @return The CookieCompliance used for parsing request {@code Cookie} headers. * @see #getResponseCookieCompliance() diff --git a/jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java b/jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java index 4e8b26a322ab..9d37ad0bdabd 100644 --- a/jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java +++ b/jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java @@ -33,6 +33,7 @@ import org.eclipse.jetty.http.HttpURI; import org.eclipse.jetty.http.HttpVersion; import org.eclipse.jetty.http.Trailers; +import org.eclipse.jetty.http.UriCompliance; import org.eclipse.jetty.io.ByteBufferPool; import org.eclipse.jetty.io.Content; import org.eclipse.jetty.io.QuietException; @@ -301,25 +302,32 @@ static void sendRedirect(Request request, Response response, Callback callback, return; } - if (consumeAvailable) + try { - while (true) + if (consumeAvailable) { - Content.Chunk chunk = response.getRequest().read(); - if (chunk == null) + while (true) { - response.getHeaders().put(HttpHeader.CONNECTION, HttpHeaderValue.CLOSE); - break; + Content.Chunk chunk = response.getRequest().read(); + if (chunk == null) + { + response.getHeaders().put(HttpHeader.CONNECTION, HttpHeaderValue.CLOSE); + break; + } + chunk.release(); + if (chunk.isLast()) + break; } - chunk.release(); - if (chunk.isLast()) - break; } - } - response.getHeaders().put(HttpHeader.LOCATION, toRedirectURI(request, location)); - response.setStatus(code); - response.write(true, null, callback); + response.getHeaders().put(HttpHeader.LOCATION, toRedirectURI(request, location)); + response.setStatus(code); + response.write(true, null, callback); + } + catch (Throwable failure) + { + callback.failed(failure); + } } /** @@ -333,6 +341,8 @@ static void sendRedirect(Request request, Response response, Callback callback, */ static String toRedirectURI(Request request, String location) { + HttpConfiguration httpConfiguration = request.getConnectionMetaData().getHttpConfiguration(); + // is the URI absolute already? if (!URIUtil.hasScheme(location)) { @@ -353,12 +363,19 @@ static String toRedirectURI(Request request, String location) throw new IllegalStateException("redirect path cannot be above root"); // if relative redirects are not allowed? - if (!request.getConnectionMetaData().getHttpConfiguration().isRelativeRedirectAllowed()) - { + if (!httpConfiguration.isRelativeRedirectAllowed()) // make the location an absolute URI location = URIUtil.newURI(uri.getScheme(), Request.getServerName(request), Request.getServerPort(request), location, null); - } } + + UriCompliance redirectCompliance = httpConfiguration.getRedirectUriCompliance(); + if (redirectCompliance != null) + { + String violations = UriCompliance.checkUriCompliance(redirectCompliance, HttpURI.from(location), null); + if (StringUtil.isNotBlank(violations)) + throw new IllegalArgumentException(violations); + } + return location; } diff --git a/jetty-core/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java b/jetty-core/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java index 14010cd6c7fc..13a1b4d98bc0 100644 --- a/jetty-core/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java +++ b/jetty-core/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java @@ -100,6 +100,63 @@ public void testEncodedPath() throws Exception assertEquals(HttpStatus.BAD_REQUEST_400, response.getStatus()); } + public static Stream getUriTests() + { + return Stream.of( + Arguments.of(UriCompliance.DEFAULT, "/", 200, "local"), + Arguments.of(UriCompliance.DEFAULT, "https://local/", 200, "local"), + Arguments.of(UriCompliance.DEFAULT, "https://other/", 400, "Authority!=Host"), + Arguments.of(UriCompliance.DEFAULT, "https://user@local/", 400, "Deprecated User Info"), + Arguments.of(UriCompliance.LEGACY, "https://user@local/", 200, "local"), + Arguments.of(UriCompliance.DEFAULT, "/%2F/", 400, "Ambiguous URI path separator"), + Arguments.of(UriCompliance.UNSAFE, "/%2F/", 200, "local") + ); + } + + @ParameterizedTest + @MethodSource("getUriTests") + public void testGETUris(UriCompliance compliance, String uri, int status, String content) throws Exception + { + server.stop(); + for (Connector connector: server.getConnectors()) + { + HttpConnectionFactory httpConnectionFactory = connector.getConnectionFactory(HttpConnectionFactory.class); + if (httpConnectionFactory != null) + { + HttpConfiguration httpConfiguration = httpConnectionFactory.getHttpConfiguration(); + httpConfiguration.setUriCompliance(compliance); + } + } + + server.setHandler(new Handler.Abstract() + { + @Override + public boolean handle(Request request, Response response, Callback callback) + { + String msg = String.format("authority=\"%s\"", request.getHttpURI().getAuthority()); + response.getHeaders().put(HttpHeader.CONTENT_TYPE, "text/plain;charset=utf-8"); + Content.Sink.write(response, true, msg, callback); + return true; + } + }); + server.start(); + String request = """ + GET %s HTTP/1.1\r + Host: local\r + Connection: close\r + \r + """.formatted(uri); + HttpTester.Response response = HttpTester.parseResponse(connector.getResponse(request)); + assertThat(response.getStatus(), is(status)); + if (content != null) + { + if (status == 200) + assertThat(response.getContent(), is("authority=\"%s\"".formatted(content))); + else + assertThat(response.getContent(), containsString(content)); + } + } + @Test public void testAmbiguousPathSep() throws Exception { diff --git a/jetty-core/jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java b/jetty-core/jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java index 15484e0409a9..3529615c73d1 100644 --- a/jetty-core/jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java +++ b/jetty-core/jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java @@ -16,6 +16,7 @@ import java.util.Iterator; import java.util.List; import java.util.ListIterator; +import java.util.stream.Stream; import org.eclipse.jetty.http.HttpCookie; import org.eclipse.jetty.http.HttpField; @@ -24,15 +25,21 @@ import org.eclipse.jetty.http.HttpStatus; import org.eclipse.jetty.http.HttpTester; import org.eclipse.jetty.http.SetCookieParser; +import org.eclipse.jetty.http.UriCompliance; import org.eclipse.jetty.io.Content; +import org.eclipse.jetty.logging.StacklessLogging; import org.eclipse.jetty.util.Callback; import org.eclipse.jetty.util.component.LifeCycle; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.Arguments; +import org.junit.jupiter.params.provider.MethodSource; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.containsInAnyOrder; +import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.notNullValue; import static org.junit.jupiter.api.Assertions.assertEquals; @@ -389,6 +396,81 @@ public boolean handle(Request request, Response response, Callback callback) assertThat(response.get(HttpHeader.LOCATION), is("/somewhere/else")); } + public static Stream redirectComplianceTest() + { + return Stream.of( + Arguments.of(null, "http://[bad]:xyz/", HttpStatus.FOUND_302, null), + Arguments.of(UriCompliance.UNSAFE, "http://[bad]:xyz/", HttpStatus.INTERNAL_SERVER_ERROR_500, "Bad authority"), + Arguments.of(UriCompliance.DEFAULT, "http://[bad]:xyz/", HttpStatus.INTERNAL_SERVER_ERROR_500, "Bad authority"), + Arguments.of(null, "http://user:password@host.com/", HttpStatus.FOUND_302, null), + Arguments.of(UriCompliance.DEFAULT, "http://user:password@host.com/", HttpStatus.INTERNAL_SERVER_ERROR_500, "Deprecated User Info"), + Arguments.of(UriCompliance.LEGACY, "http://user:password@host.com/", HttpStatus.FOUND_302, null), + Arguments.of(null, "http://host.com/very%2Funsafe", HttpStatus.FOUND_302, null), + Arguments.of(UriCompliance.LEGACY, "http://host.com/very%2Funsafe", HttpStatus.FOUND_302, null), + Arguments.of(UriCompliance.DEFAULT, "http://host.com/very%2Funsafe", HttpStatus.INTERNAL_SERVER_ERROR_500, "Ambiguous") + ); + } + + @ParameterizedTest + @MethodSource("redirectComplianceTest") + public void testRedirectCompliance(UriCompliance compliance, String location, int status, String content) throws Exception + { + try (StacklessLogging ignored = new StacklessLogging(Response.class)) + { + server.getConnectors()[0].getConnectionFactory(HttpConnectionFactory.class).getHttpConfiguration().setRedirectUriCompliance(compliance); + server.getConnectors()[0].getConnectionFactory(HttpConnectionFactory.class).getHttpConfiguration().setRelativeRedirectAllowed(true); + server.setHandler(new Handler.Abstract() + { + @Override + public boolean handle(Request request, Response response, Callback callback) + { + Response.sendRedirect(request, response, callback, location); + return true; + } + }); + server.start(); + + String request = """ + GET /path HTTP/1.0\r + Host: hostname\r + \r + """; + HttpTester.Response response = HttpTester.parseResponse(connector.getResponse(request)); + assertThat(response.getStatus(), is(status)); + if (HttpStatus.isRedirection(status)) + assertThat(response.get(HttpHeader.LOCATION), is(location)); + if (content != null) + assertThat(response.getContent(), containsString(content)); + } + } + + @Test + public void testAuthorityUserNotAllowedWithNonRelativeRedirect() throws Exception + { + server.getConnectors()[0].getConnectionFactory(HttpConnectionFactory.class).getHttpConfiguration().setRelativeRedirectAllowed(false); + server.getConnectors()[0].getConnectionFactory(HttpConnectionFactory.class).getHttpConfiguration().setUriCompliance(UriCompliance.LEGACY); + server.getConnectors()[0].getConnectionFactory(HttpConnectionFactory.class).getHttpConfiguration().setRedirectUriCompliance(UriCompliance.DEFAULT); + server.setHandler(new Handler.Abstract() + { + @Override + public boolean handle(Request request, Response response, Callback callback) + { + Response.sendRedirect(request, response, callback, "/somewhere/else"); + return true; + } + }); + server.start(); + + String request = """ + GET http://user:password@hostname:8888/path HTTP/1.0\r + Host: hostname:8888\r + \r + """; + HttpTester.Response response = HttpTester.parseResponse(connector.getResponse(request)); + assertEquals(HttpStatus.MOVED_TEMPORARILY_302, response.getStatus()); + assertThat(response.get(HttpHeader.LOCATION), is("http://hostname:8888/somewhere/else")); + } + @Test public void testXPoweredByDefault() throws Exception { From c5121d0be9ef49c22d04f354e33f2f9037077842 Mon Sep 17 00:00:00 2001 From: gregw Date: Mon, 8 Jul 2024 23:00:53 +1000 Subject: [PATCH 2/3] Updates from review --- .../test/java/org/eclipse/jetty/server/RequestTest.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/jetty-core/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java b/jetty-core/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java index 13a1b4d98bc0..5336f770706e 100644 --- a/jetty-core/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java +++ b/jetty-core/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java @@ -108,6 +108,14 @@ public static Stream getUriTests() Arguments.of(UriCompliance.DEFAULT, "https://other/", 400, "Authority!=Host"), Arguments.of(UriCompliance.DEFAULT, "https://user@local/", 400, "Deprecated User Info"), Arguments.of(UriCompliance.LEGACY, "https://user@local/", 200, "local"), + Arguments.of(UriCompliance.LEGACY, "https://user@local:port/", 400, "Bad Request"), + Arguments.of(UriCompliance.LEGACY, "https://user@local:8080/", 400, "Authority!=Host"), + Arguments.of(UriCompliance.DEFAULT, "https://user:password@local/", 400, "Deprecated User Info"), + Arguments.of(UriCompliance.LEGACY, "https://user:password@local/", 200, "local"), + Arguments.of(UriCompliance.DEFAULT, "https://user@other/", 400, "Deprecated User Info"), + Arguments.of(UriCompliance.LEGACY, "https://user@other/", 400, "Authority!=Host"), + Arguments.of(UriCompliance.DEFAULT, "https://user:password@other/", 400, "Deprecated User Info"), + Arguments.of(UriCompliance.LEGACY, "https://user:password@other/", 400, "Authority!=Host"), Arguments.of(UriCompliance.DEFAULT, "/%2F/", 400, "Ambiguous URI path separator"), Arguments.of(UriCompliance.UNSAFE, "/%2F/", 200, "local") ); From 18e8198489a6db22396dbab9c9f346a56e92bd28 Mon Sep 17 00:00:00 2001 From: gregw Date: Mon, 8 Jul 2024 23:04:47 +1000 Subject: [PATCH 3/3] Updates from review --- .../src/test/java/org/eclipse/jetty/server/RequestTest.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/jetty-core/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java b/jetty-core/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java index 5336f770706e..03a8e2763b50 100644 --- a/jetty-core/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java +++ b/jetty-core/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java @@ -22,6 +22,7 @@ import java.util.concurrent.TimeUnit; import java.util.stream.Stream; +import org.eclipse.jetty.http.HttpCompliance; import org.eclipse.jetty.http.HttpCookie; import org.eclipse.jetty.http.HttpHeader; import org.eclipse.jetty.http.HttpStatus; @@ -106,16 +107,19 @@ public static Stream getUriTests() Arguments.of(UriCompliance.DEFAULT, "/", 200, "local"), Arguments.of(UriCompliance.DEFAULT, "https://local/", 200, "local"), Arguments.of(UriCompliance.DEFAULT, "https://other/", 400, "Authority!=Host"), + Arguments.of(UriCompliance.UNSAFE, "https://other/", 200, "other"), Arguments.of(UriCompliance.DEFAULT, "https://user@local/", 400, "Deprecated User Info"), Arguments.of(UriCompliance.LEGACY, "https://user@local/", 200, "local"), Arguments.of(UriCompliance.LEGACY, "https://user@local:port/", 400, "Bad Request"), Arguments.of(UriCompliance.LEGACY, "https://user@local:8080/", 400, "Authority!=Host"), + Arguments.of(UriCompliance.UNSAFE, "https://user@local:8080/", 200, "local:8080"), Arguments.of(UriCompliance.DEFAULT, "https://user:password@local/", 400, "Deprecated User Info"), Arguments.of(UriCompliance.LEGACY, "https://user:password@local/", 200, "local"), Arguments.of(UriCompliance.DEFAULT, "https://user@other/", 400, "Deprecated User Info"), Arguments.of(UriCompliance.LEGACY, "https://user@other/", 400, "Authority!=Host"), Arguments.of(UriCompliance.DEFAULT, "https://user:password@other/", 400, "Deprecated User Info"), Arguments.of(UriCompliance.LEGACY, "https://user:password@other/", 400, "Authority!=Host"), + Arguments.of(UriCompliance.UNSAFE, "https://user:password@other/", 200, "other"), Arguments.of(UriCompliance.DEFAULT, "/%2F/", 400, "Ambiguous URI path separator"), Arguments.of(UriCompliance.UNSAFE, "/%2F/", 200, "local") ); @@ -133,6 +137,8 @@ public void testGETUris(UriCompliance compliance, String uri, int status, String { HttpConfiguration httpConfiguration = httpConnectionFactory.getHttpConfiguration(); httpConfiguration.setUriCompliance(compliance); + if (compliance == UriCompliance.UNSAFE) + httpConfiguration.setHttpCompliance(HttpCompliance.RFC2616_LEGACY); } }