From a0e3335ab1d46fbe7ca7a0391fdf864c12d15f01 Mon Sep 17 00:00:00 2001
From: John Wagenleitner <jwagenleitner@apache.org>
Date: Sat, 18 Feb 2017 16:22:49 -0800
Subject: [PATCH] GROOVY-8056: GroovyCodeSource(URL) can leak a file handler

URLConnect.getContentEncoding returns the Content-Encoding
HTTP Header [1] which is not a charset.  Since this method would
have either returned null or an invalid charset, the code path
specifying the encoding would normally not have been executed.
The charset may be contained in the Content-Type header, but
rather than attempt to parse that string which would require
closing the connection, this fix avoids opening the connection.

[1] https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11
---
 src/main/groovy/lang/GroovyCodeSource.java                 | 7 +------
 src/main/groovy/util/GroovyScriptEngine.java               | 3 +--
 .../groovy/util/GroovyScriptEngineReloadingTest.groovy     | 4 ----
 3 files changed, 2 insertions(+), 12 deletions(-)

diff --git a/src/main/groovy/lang/GroovyCodeSource.java b/src/main/groovy/lang/GroovyCodeSource.java
index 13660c002d3..fa8879f22d7 100644
--- a/src/main/groovy/lang/GroovyCodeSource.java
+++ b/src/main/groovy/lang/GroovyCodeSource.java
@@ -173,12 +173,7 @@ public GroovyCodeSource(URL url) {
         this.name = url.toExternalForm();
         this.codeSource = new CodeSource(url, (java.security.cert.Certificate[]) null);
         try {
-            String contentEncoding = url.openConnection().getContentEncoding();
-            if (contentEncoding != null) {
-                this.scriptText = ResourceGroovyMethods.getText(url, contentEncoding);
-            } else {
-                this.scriptText = ResourceGroovyMethods.getText(url); // falls-back on default encoding
-            }
+            this.scriptText = ResourceGroovyMethods.getText(url); // default encoding
         } catch (IOException e) {
             throw new RuntimeException("Impossible to read the text content from " + name, e);
         }
diff --git a/src/main/groovy/util/GroovyScriptEngine.java b/src/main/groovy/util/GroovyScriptEngine.java
index 52445019fdd..9d104e1a82c 100644
--- a/src/main/groovy/util/GroovyScriptEngine.java
+++ b/src/main/groovy/util/GroovyScriptEngine.java
@@ -563,8 +563,7 @@ public Class loadScriptByName(String scriptName) throws ResourceException, Scrip
         try {
             if (isSourceNewer(entry)) {
                 try {
-                    String encoding = conn.getContentEncoding() != null ? conn.getContentEncoding() : config.getSourceEncoding();
-                    String content = IOGroovyMethods.getText(conn.getInputStream(), encoding);
+                    String content = IOGroovyMethods.getText(conn.getInputStream(), config.getSourceEncoding());
                     clazz = groovyLoader.parseClass(content, path);
                 } catch (IOException e) {
                     throw new ResourceException(e);
diff --git a/src/test/groovy/util/GroovyScriptEngineReloadingTest.groovy b/src/test/groovy/util/GroovyScriptEngineReloadingTest.groovy
index 1ca7f01e5ce..366769ea969 100644
--- a/src/test/groovy/util/GroovyScriptEngineReloadingTest.groovy
+++ b/src/test/groovy/util/GroovyScriptEngineReloadingTest.groovy
@@ -482,10 +482,6 @@ class GroovyScriptEngineReloadingTest extends GroovyTestCase {
     }
     
     class MapUrlConnection extends URLConnection {
-        String getContentEncoding() {
-            return CHARSET
-        }
-    
         Object getContent() throws IOException {
             return super.content
         }