fix: use getContentLengthLong instead getContentLength (#10506) (#10540)

vaadin-bot · Denis · web-flow · commit e942bd147896 · 2021-04-01T12:09:37.000+03:00
Use Servlet 3.1 ServletRequest::getContentLengthLong to get the content size as a long value for the big files upload, because getContentLength may return -1 (file size is bigger than int capacity). Fixes #10392 Co-authored-by: Denis <denis@vaadin.com>
diff --git a/flow-server/src/main/java/com/vaadin/flow/server/VaadinRequest.java b/flow-server/src/main/java/com/vaadin/flow/server/VaadinRequest.java
@@ -16,6 +16,10 @@
 
 package com.vaadin.flow.server;
 
+import javax.servlet.ServletRequest;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStream;
@@ -25,10 +29,6 @@
 import java.util.Locale;
 import java.util.Map;
 
-import javax.servlet.ServletRequest;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-
 import com.vaadin.flow.internal.CurrentInstance;
 
 /**
@@ -74,6 +74,19 @@ public interface VaadinRequest {
      */
     int getContentLength();
 
+    /**
+     * Returns the length of the request content that can be read from the input
+     * stream returned by {@link #getInputStream()}.
+     *
+     * @see javax.servlet.ServletRequest#getContentLengthLong()
+     *
+     * @return a long containing the length of the request body or -1L if the
+     *         length is not known
+     */
+    default long getContentLengthLong() {
+        return getContentLength();
+    }
+
     /**
      * Returns an input stream from which the request content can be read. The
      * request content length can be obtained with {@link #getContentLength()}
diff --git a/flow-server/src/main/java/com/vaadin/flow/server/communication/StreamReceiverHandler.java b/flow-server/src/main/java/com/vaadin/flow/server/communication/StreamReceiverHandler.java
@@ -18,6 +18,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.Part;
+
 import java.io.BufferedWriter;
 import java.io.IOException;
 import java.io.InputStream;
@@ -237,7 +238,7 @@ private boolean handleMultipartFileUploadFromInputStream(VaadinSession session,
             VaadinRequest request, StreamReceiver streamReceiver,
             StateNode owner) throws IOException {
         boolean success = true;
-        long contentLength = request.getContentLength();
+        long contentLength = getContentLength(request);
         // Parse the request
         FileItemIterator iter;
         try {
@@ -554,13 +555,12 @@ private long updateProgress(VaadinSession session,
      * The request.getContentLength() is limited to "int" by the Servlet
      * specification. To support larger file uploads manually evaluate the
      * Content-Length header which can contain long values.
+     * 
+     * @deprecated use {@link VaadinRequest#getContentLengthLong()} instead
      */
+    @Deprecated
     protected long getContentLength(VaadinRequest request) {
-        try {
-            return Long.parseLong(request.getHeader("Content-Length"));
-        } catch (NumberFormatException e) {
-            return -1l;
-        }
+        return request.getContentLengthLong();
     }
 
     protected boolean isMultipartUpload(VaadinRequest request) {
diff --git a/flow-server/src/test/java/com/vaadin/flow/server/VaadinRequestTest.java b/flow-server/src/test/java/com/vaadin/flow/server/VaadinRequestTest.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2000-2021 Vaadin Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package com.vaadin.flow.server;
+
+import org.junit.Test;
+import org.mockito.Mockito;
+
+public class VaadinRequestTest {
+
+    public static abstract class TestVaadinRequest implements VaadinRequest {
+
+    }
+
+    @Test
+    public void getContentLengthLong_delegateToGetContentLength() {
+        TestVaadinRequest request = Mockito.spy(TestVaadinRequest.class);
+        request.getContentLengthLong();
+        Mockito.verify(request).getContentLength();
+    }
+
+}
diff --git a/flow-server/src/test/java/com/vaadin/flow/server/VaadinServletRequestTest.java b/flow-server/src/test/java/com/vaadin/flow/server/VaadinServletRequestTest.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2000-2021 Vaadin Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package com.vaadin.flow.server;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.junit.Test;
+import org.mockito.Mockito;
+
+public class VaadinServletRequestTest {
+
+    @Test
+    public void getContentLengthLong_delegateToServletRequestGetContentLengthLong() {
+        HttpServletRequest servletRequest = Mockito
+                .mock(HttpServletRequest.class);
+
+        VaadinServletRequest request = new VaadinServletRequest(servletRequest,
+                null);
+        request.getContentLengthLong();
+        Mockito.verify(servletRequest).getContentLengthLong();
+    }
+}
diff --git a/flow-server/src/test/java/com/vaadin/flow/server/communication/StreamReceiverHandlerTest.java b/flow-server/src/test/java/com/vaadin/flow/server/communication/StreamReceiverHandlerTest.java
@@ -86,6 +86,8 @@ public class StreamReceiverHandlerTest {
     private String contentType;
     private List<Part> parts;
 
+    private boolean isGetContentLengthLongCalled;
+
     @Before
     public void setup() throws Exception {
         contentLength = "6";
@@ -175,6 +177,12 @@ public Collection<Part> getParts()
                     throws IOException, ServletException {
                 return parts;
             }
+
+            @Override
+            public long getContentLengthLong() {
+                isGetContentLengthLongCalled = true;
+                return 0;
+            }
         };
     }
 
@@ -274,14 +282,15 @@ public void doHandleXhrFilePost_happyPath_setContentTypeNoExplicitSetStatus()
     }
 
     @Test
-    public void doHandleMultipartFileUpload_noPart_uploadFailed_responseStatusIs500()
+    public void doHandleMultipartFileUpload_noPart_uploadFailed_responseStatusIs500_getContentLengthLongCalled()
             throws IOException {
 
         handler.doHandleMultipartFileUpload(session, request, response,
                 streamReceiver, stateNode);
 
         Mockito.verify(response)
                 .setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        Assert.assertTrue(isGetContentLengthLongCalled);
     }
 
     @Test
