Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid encoded request URI should return 400 instead of 500 #27620

Closed
pmd1nh opened this issue Feb 10, 2024 · 3 comments · Fixed by #27621
Closed

Invalid encoded request URI should return 400 instead of 500 #27620

pmd1nh opened this issue Feb 10, 2024 · 3 comments · Fixed by #27621
Assignees
@pmd1nh
Labels
in:Web Components release bug This bug is present in a released version of Open Liberty release:24004 team:Sirius
Projects
Web Tier Team
Milestone
[Iteration 24.7] ...

Comments

@pmd1nh
Copy link
Member

pmd1nh commented Feb 10, 2024
edited by pnicolucci
Loading

Describe the bug
500 status code returns for an invalid encoded URI. It also creates a FFDC log. It can cause a false alarm for the server administrator. A 400 Bad Request should be returned.

Steps to Reproduce
Send a bad encoded URI to an existing application (i.e context root). For example:

http://host:port/%5%20C..

Expected behavior
Return 400 Bad Request response without any FFDC.

Diagnostic information:

  • OpenLiberty Version: all version until this is fixed.
  • Affected feature(s) [servlet]
  • Java Version: [11]
  • server.xml configuration (WITHOUT sensitive information like passwords)
  • If it would be useful, upload the messages.log file found in $WLP_OUTPUT_DIR/messages.log

Additional context
None
@pmd1nh pmd1nh self-assigned this Feb 10, 2024
@pmd1nh pmd1nh added team:Sirius in:Web Components release bug This bug is present in a released version of Open Liberty labels Feb 10, 2024
@pmd1nh pmd1nh mentioned this issue Feb 10, 2024
Merged
@pnicolucci pnicolucci added this to General Issues in Web Tier Team via automation Feb 12, 2024
@pmd1nh
Copy link
Member Author

pmd1nh commented Feb 12, 2024
edited
Loading

Describe the bug
500 status code returns for an invalid encoded URI. It also creates a FFDC log. It can cause a false alarm for the server administrator. A 400 Bad Request should be returned.

Steps to Reproduce
Send a bad encoded URI to an existing application (i.e context root). For example:

http://host:port/%5%20C..

Expected behavior
Return 400 Bad Request response without any FFDC.

Diagnostic information:

  • OpenLiberty Version: all version until this is fixed.
  • Affected feature(s) [servlet]
  • Java Version: [11]
  • server.xml configuration (WITHOUT sensitive information like passwords)
  • If it would be useful, upload the messages.log file found in $WLP_OUTPUT_DIR/messages.log

Additional context
None

@pnicolucci
Copy link
Member

I'm adding the original description of this bug as a comment and updated the top-level comment with the release bug template:

The server returns a 500 and logs a FFDC for a request that contains invalid encoded character. It should return a 400 Bad Request instead.

Example: http://host:port/%5%20C..

Note: Most of the front-servers (i.e load balancer, web server...) may have filtered out these requests prior to the application server.

@pmd1nh
Copy link
Member Author

pmd1nh commented Apr 1, 2024

Update tests to accommodate this change

https://github.ibm.com/websphere/WS-CD-Open/pull/31571

To avoid combined builds, the lWAS tests are disabled temporary until this PR is merged then reactive.

Web Tier Team automation moved this from General Issues to Completed Tasks Apr 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pmd1nh pmd1nh

Labels
in:Web Components release bug This bug is present in a released version of Open Liberty release:24004 team:Sirius
Projects
Web Tier Team
Archived in project
Web Tier Team
  
Completed Tasks
Milestone
[Iteration 24.7] Apr 1 - Apr 12
Development

Successfully merging a pull request may close this issue.

Return 400 for invalid encoded request URI pmd1nh/open-liberty
3 participants
@pnicolucci @LibbyBot @pmd1nh