Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return a 400 response for a request with an invalid URL #796

Merged
merged 2 commits into from Jun 18, 2019
Merged

Return a 400 response for a request with an invalid URL #796

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
39deb03
Return a 400 response for a request with an invalid URL. URL validati…
spericas Jun 18, 2019
530b207
Fixed import order.
spericas Jun 18, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 3 additions & 1 deletion webserver/webserver/src/main/java/io/helidon/webserver/BareRequestImpl.java
View file
Open in desktop
Expand Up @@ -44,6 +44,7 @@ class BareRequestImpl implements BareRequest {
private final ChannelHandlerContext ctx;
private final SSLEngine sslEngine;
private final long requestId;
private final URI uri;

BareRequestImpl(HttpRequest request,
Flow.Publisher<DataChunk> publisher,
Expand All @@ -57,6 +58,7 @@ class BareRequestImpl implements BareRequest {
this.ctx = ctx;
this.sslEngine = sslEngine;
this.requestId = requestId;
this.uri = URI.create(nettyRequest.uri());
}

@Override
Expand All @@ -76,7 +78,7 @@ public Http.Version version() {

@Override
public URI uri() {
return URI.create(nettyRequest.uri());
return uri;
}

@Override
Expand Down
33 changes: 29 additions & 4 deletions webserver/webserver/src/main/java/io/helidon/webserver/ForwardingHandler.java
View file
Open in desktop
Expand Up @@ -16,23 +16,27 @@

package io.helidon.webserver;

import java.nio.charset.StandardCharsets;
import java.util.Queue;
import java.util.concurrent.atomic.AtomicLong;
import java.util.logging.Logger;

import javax.net.ssl.SSLEngine;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.SimpleChannelInboundHandler;
import io.netty.handler.codec.http.DefaultFullHttpResponse;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpContent;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.HttpUtil;
import io.netty.handler.codec.http.LastHttpContent;

import static io.netty.handler.codec.http.HttpResponseStatus.BAD_REQUEST;
import static io.netty.handler.codec.http.HttpResponseStatus.CONTINUE;
import static io.netty.handler.codec.http.HttpVersion.HTTP_1_1;

Expand Down Expand Up @@ -97,11 +101,18 @@ protected void channelRead0(ChannelHandlerContext ctx, Object msg) {
HttpRequestScopedPublisher publisherRef = requestContext.publisher();
long requestId = REQUEST_ID_GENERATOR.incrementAndGet();

BareRequestImpl bareRequest =
new BareRequestImpl((HttpRequest) msg, requestContext.publisher(), webServer, ctx, sslEngine, requestId);
BareResponseImpl bareResponse =
new BareResponseImpl(ctx, request, publisherRef::isCompleted, Thread.currentThread(), requestId);
// If a problem with the request URI, return 400 response
BareRequestImpl bareRequest;
try {
bareRequest = new BareRequestImpl((HttpRequest) msg, requestContext.publisher(),
webServer, ctx, sslEngine, requestId);
} catch (IllegalArgumentException e) {
send400BadRequest(ctx, e.getMessage());
return;
}

BareResponseImpl bareResponse =
new BareResponseImpl(ctx, request, publisherRef::isCompleted, Thread.currentThread(), requestId);
bareResponse.whenCompleted()
.thenRun(() -> {
RequestContext requestContext = this.requestContext;
Expand Down Expand Up @@ -177,6 +188,20 @@ private static void send100Continue(ChannelHandlerContext ctx) {
ctx.write(response);
}

/**
* Returns a 400 (Bad Request) response with a message as content.
*
* @param ctx Channel context.
* @param message The message.
*/
private static void send400BadRequest(ChannelHandlerContext ctx, String message) {
byte[] entity = message.getBytes(StandardCharsets.UTF_8);
FullHttpResponse response = new DefaultFullHttpResponse(HTTP_1_1, BAD_REQUEST, Unpooled.wrappedBuffer(entity));
response.headers().add(HttpHeaderNames.CONTENT_TYPE, "text/plain");
response.headers().add(HttpHeaderNames.CONTENT_LENGTH, entity.length);
ctx.write(response);
}

@Override
public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
if (requestContext != null) {
Expand Down
14 changes: 14 additions & 0 deletions webserver/webserver/src/test/java/io/helidon/webserver/PlainTest.java
View file
Open in desktop
Expand Up @@ -362,6 +362,20 @@ public void testConnectionCloseHeader() throws Exception {
assertThat(headers, not(IsMapContaining.hasKey("connection")));
}

@Test
public void testBadURL() throws Exception {
String s = SocketHttpClient.sendAndReceive("/?p=|",
Http.Method.GET,
null,
CollectionsHelper.listOf("Connection: close"),
webServer);
assertThat(s, containsString("400 Bad Request"));
Map<String, String> headers = cutHeaders(s);
assertThat(headers, IsMapContaining.hasKey("content-type"));
assertThat(headers, IsMapContaining.hasKey("content-length"));
}


private Map<String, String> cutHeaders(String response) {
assertThat(response, notNullValue());
int index = response.indexOf("\n\n");
Expand Down