HttpPostMultipartRequestDecoder should decode header field parameters

[dminkovsky]

Motivation:

I am receiving a mutlipart/form_data upload from a Mailgun webhook. This webhook used to send parts like this:

--74e78d11b0214bdcbc2f86491eeb4902
Content-Disposition: form-data; name="attachment-2"; filename="attached_�айл.txt"
Content-Type: text/plain
Content-Length: 32

This is the content of the file

--74e78d11b0214bdcbc2f86491eeb4902--

but now it posts parts like this:

--74e78d11b0214bdcbc2f86491eeb4902
Content-Disposition: form-data; name="attachment-2"; filename*=utf-8''attached_%D1%84%D0%B0%D0%B9%D0%BB.txt

This is the content of the file

--74e78d11b0214bdcbc2f86491eeb4902--

This new format uses field parameter encoding described in RFC 5987. More about this encoding can be found here.

Netty does not parse this format. The result is the filename is not decoded and the part is not parsed into a FileUpload.

Modification:

• Added failing test in HttpPostRequestDecoderTest.java and updated HttpPostMultipartRequestDecoder.java
• Refactored to please Netkins

Result:

Fixes #7265 (this):

• HttpPostMultipartRequestDecoder identifies the RFC 5987 format and parses it.
• Previous functionality is retained.

[dminkovsky]

First commit on PR is the actual patch.

Second commit was required to please netkins. I was already 5 indents in.

[fenik17]

Consider replacing String#split with use precompiled Pattern constant or a value.indexOf("''").

[dminkovsky]

Thank you. I don't have much experience in performant Java string work, so I was following the lead of existing code a few lines up where you have value.split("=", 2). Does the compiler/runtime optimize this case because it's a unit-length string and therefore effectively a char?

[fenik17]

Yep. For one-char string a String.split in OpenJDK doesn't use Pattern. But the string "''" has two chars.

[dminkovsky]

Ah okay thanks. I opted for the precompiled pattern because it seemed simpler.

[fenik17]

Why is it necessary to declare the attribute here?

[dminkovsky]

That is how it was before my patch on 4.1. For the actual test/patch, please see my first commit (e4a9853). My second commit, which this comes from, was done because Netkins complained I had gone above 5 indents and should refactor. So I extracted that whole block as its own private function. I would rather not include this second commit in this PR because it obfuscates the patch. But I wanted the green check mark in the list of PRs.

[fenik17]

Ok. But now there is no need for this. Just use fast return without variable:

    return factory.createAttribute(request, name, value);

[dminkovsky]

Yes of course. Fixed this.

[fenik17]

IIUC the RFC 5987 prescribe decoding not only filename header value? Otherwise we should not cut * from name for other headers..

[dminkovsky]

I thought about that too. But I'm not sure that's the case (what other headers are there? they aren't being tested for flow control in this code). I decided to just cover this case and establish how it might be done if someone encountered this problem with other headers.

[fenik17]

I mean, if we want apply new RFC only for filename header, we should not change the name attribute for other headers. But now you are doing this: name = name.substring(0, last);

[dminkovsky]

Ah yes that makes sense. I think I avoid this now. Could add a test for it...

[fenik17]

final

[fenik17]

Would be better to reduce the possible allocations using filename* constant. Something like this:

    private static final String FILENAME_ENCODED = HttpHeaderValues.FILENAME.toString() + '*';

    private Attribute getContentDispositionAttribute(String... values) {
        String name = cleanString(values[0]);
        String value = values[1];

        // See http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html
        if (HttpHeaderValues.FILENAME.contentEquals(name)) {
            // filename value is quoted string so strip them
            value = value.substring(1, value.length() - 1);
        } else if (FILENAME_ENCODED.equals(name)) {
            // filename value is encoded. See https://tools.ietf.org/html/rfc5987
            name = name.substring(0, name.length() - 1);
            String[] split = doubleSingleQuote.split(value, 2);
            value = QueryStringDecoder.decodeComponent(split[1], Charset.forName(split[0]));
        } else {
            // otherwise we need to clean the value
            value = cleanString(value);
        }
        return factory.createAttribute(request, name, value);
    }

[dminkovsky]

Thanks. Pushed this version.

[fenik17]

@dminkovsky RFC says that ext-value can optional contains language information:

foo: bar; title*=iso-8859-1'en'%A3%20rates

Maybe it makes sense to support for this too? At least, take this into account when parsing the value.

[dminkovsky]

Yes, I thought about that, but what would we do with it? Add a FileUpload attribute?

[fenik17]

Yes, I thought about that, but what would we do with it?

Ignoring? Just split value through single quote "'".

String[] split = value.split("'", 3);
value = QueryStringDecoder.decodeComponent(split[2], Charset.forName(split[0]))

[dminkovsky]

I’m sorry that’s not what I meant. I meant: if we got the language code value—like you said by splitting a different way—then what would we do with that value? пн, 2 окт. 2017 г. в 1:12, Nikolay Fedorovskikh <notifications@github.com>:

…

Yes, I thought about that, but what would we do with it? Ignoring? Just split value through single quote "'". String[] split = value.split("'", 3); value = QueryStringDecoder.decodeComponent(split[2], Charset.forName(split[0])) — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#7265 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AANWZe8g7ShFao2EoClhhRKBF-EGuxlNks5soHCvgaJpZM4PpUdL> .

[fenik17]

I suggest not doing anything with the language field. Just skip this.
But the possibility of its presence compels us to split the header value through single quote into three parts.

[normanmaurer]

LGTM

[carl-mastrangelo]

consider checking that the first and last chars are actually quotes.

[dminkovsky]

this was here before this PR. should i modify this behavior in this PR?

[dminkovsky]

Adding this check too.

[carl-mastrangelo]

Here too, you might consider check that the array size is 2 so that you don't throw an NPE.

[dminkovsky]

Considered this, but if not an NPE, then what? There are other spots in the code around this PR that split and don't check.

[carl-mastrangelo]

add a negative case? perhaps a malformed header?

[dminkovsky]

Yes, makes sense. Will do.

[dminkovsky]

Added a few tests.

[dminkovsky]

@fenik17 just looked again at your previous comment and yes, of course, it's much better this way. thank you for your reviews!

[carl-mastrangelo]

One comment but otherwise LGTM

[carl-mastrangelo]

@normanmaurer do your tests require you to deref all buffers?

[normanmaurer]

yep I think we should call req.release()

[normanmaurer]

@dminkovsky please address this

[dminkovsky]

@normanmaurer done. Please have a look. Thank you.

[fenik17]

if (last > 0 && ...

[dminkovsky]

Ah yes, thank you

value         = token / quoted-string

https://tools.ietf.org/html/rfc5987#section-3.2.1

[fenik17]

We can avoid an extra allocation:

name = HttpHeaderValues.FILENAME.toString();

[dminkovsky]

Yes, makes sense. Fixed. Thanks.

[dminkovsky]

By the way, could this make 4.1.17? I see only a 4.0 tag. I am wondering because I am on 4.1

[normanmaurer]

Everything that is merged into 4.0 will also be merged Into 4.1

[dminkovsky]

Good to hear. Thank you.

[normanmaurer]

Cherry-picked into 4.1 (8aeba78) and 4.0 (82b7103).

@dminkovsky thanks!

[fenik17]

@normanmaurer this is not pushed into 4.0?

[normanmaurer]

@fenik17 somehow I did not... Thanks for pinging. Cherry-picked as 82b7103