You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2021/02/10 21:21:36 UTC
[httpcomponents-core] 02/03: RFC 3986 conformance: BasicHttpRequest
to reject requests whose path component begins with multiple slashes
This is an automated email from the ASF dual-hosted git repository.
olegk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/httpcomponents-core.git
commit eddbc1acbe029c95ff86ea7b45bdb7cd1bd803da
Author: Oleg Kalnichevski <ol...@apache.org>
AuthorDate: Tue Feb 9 17:53:34 2021 +0100
RFC 3986 conformance: BasicHttpRequest to reject requests whose path component begins with multiple slashes
---
.../org/apache/hc/core5/testing/framework/TestTestingFramework.java | 2 +-
.../main/java/org/apache/hc/core5/http/message/BasicHttpRequest.java | 4 ++++
.../java/org/apache/hc/core5/http/message/TestBasicMessages.java | 5 +++++
3 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/framework/TestTestingFramework.java b/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/framework/TestTestingFramework.java
index 5877106..2999fbf 100644
--- a/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/framework/TestTestingFramework.java
+++ b/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/framework/TestTestingFramework.java
@@ -1029,7 +1029,7 @@ public class TestTestingFramework {
final Map<String, Object> request = new HashMap<>();
test.put(REQUEST, request);
- request.put(PATH, "/stuff");
+ request.put(PATH, "stuff");
final Map<String, Object> queryMap = new HashMap<>();
request.put(QUERY, queryMap);
diff --git a/httpcore5/src/main/java/org/apache/hc/core5/http/message/BasicHttpRequest.java b/httpcore5/src/main/java/org/apache/hc/core5/http/message/BasicHttpRequest.java
index d83a83e..ac93392 100644
--- a/httpcore5/src/main/java/org/apache/hc/core5/http/message/BasicHttpRequest.java
+++ b/httpcore5/src/main/java/org/apache/hc/core5/http/message/BasicHttpRequest.java
@@ -189,6 +189,9 @@ public class BasicHttpRequest extends HeaderGroup implements HttpRequest {
@Override
public void setPath(final String path) {
+ if (path != null) {
+ Args.check(!path.startsWith("//"), "URI path begins with multiple slashes");
+ }
this.path = path;
this.requestUri = null;
}
@@ -238,6 +241,7 @@ public class BasicHttpRequest extends HeaderGroup implements HttpRequest {
final StringBuilder buf = new StringBuilder();
final String rawPath = requestUri.getRawPath();
if (!TextUtils.isBlank(rawPath)) {
+ Args.check(!rawPath.startsWith("//"), "URI path begins with multiple slashes");
buf.append(rawPath);
} else {
buf.append("/");
diff --git a/httpcore5/src/test/java/org/apache/hc/core5/http/message/TestBasicMessages.java b/httpcore5/src/test/java/org/apache/hc/core5/http/message/TestBasicMessages.java
index 1b3937c..86d3c96 100644
--- a/httpcore5/src/test/java/org/apache/hc/core5/http/message/TestBasicMessages.java
+++ b/httpcore5/src/test/java/org/apache/hc/core5/http/message/TestBasicMessages.java
@@ -214,5 +214,10 @@ public class TestBasicMessages {
Assert.assertEquals(new URI("http://%21example%21.com/stuff"), request.getUri());
}
+ @Test(expected = IllegalArgumentException.class)
+ public void testRequestPathWithMultipleLeadingSlashes() throws Exception {
+ new BasicHttpRequest(Method.GET, URI.create("http://host//stuff"));
+ }
+
}