jetty-servlet/src/test/java/org/eclipse/jetty/servlet/ComplianceViolations2616Test.java - jetty - Git at Google

 //
 //  ========================================================================
 //  Copyright (c) 1995-2017 Mort Bay Consulting Pty. Ltd.
 //  ------------------------------------------------------------------------
 //  All rights reserved. This program and the accompanying materials
 //  are made available under the terms of the Eclipse Public License v1.0
 //  and Apache License v2.0 which accompanies this distribution.
 //
 //      The Eclipse Public License is available at
 //      http://www.eclipse.org/legal/epl-v10.html
 //
 //      The Apache License v2.0 is available at
 //      http://www.opensource.org/licenses/apache2.0.php
 //
 //  You may elect to redistribute this code under either of these licenses.
 //  ========================================================================
 //

 package org.eclipse.jetty.servlet;

 import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.EnumSet;
 import java.util.List;

 import javax.servlet.DispatcherType;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import org.eclipse.jetty.http.HttpCompliance;
 import org.eclipse.jetty.server.HttpConfiguration;
 import org.eclipse.jetty.server.HttpConnectionFactory;
 import org.eclipse.jetty.server.LocalConnector;
 import org.eclipse.jetty.server.Server;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;

 import static org.hamcrest.Matchers.containsString;
 import static org.junit.Assert.assertThat;

 public class ComplianceViolations2616Test
 {
     private static Server server;
     private static LocalConnector connector;

     public static class ReportViolationsFilter implements Filter
     {
         @Override
         public void init(FilterConfig filterConfig) throws ServletException
         {
         }

         @Override
         public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
         {
             if (request instanceof HttpServletRequest)
             {
                 List<String> violations = (List<String>) request.getAttribute("org.eclipse.jetty.http.compliance.violations");
                 if (violations != null)
                 {
                     HttpServletResponse httpResponse = (HttpServletResponse) response;
                     int i = 0;
                     for (String violation : violations)
                     {
                         httpResponse.setHeader("X-Http-Violation-" + (i++), violation);
                     }
                 }
             }
             chain.doFilter(request, response);
         }

         @Override
         public void destroy()
         {
         }
     }

     public static class DumpRequestHeadersServlet extends HttpServlet
     {
         @Override
         protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
         {
             resp.setContentType("text/plain");
             PrintWriter out = resp.getWriter();
             List<String> headerNames = new ArrayList<>();
             headerNames.addAll(Collections.list(req.getHeaderNames()));
             Collections.sort(headerNames);
             for (String name : headerNames)
             {
                 out.printf("[%s] = [%s]%n", name, req.getHeader(name));
             }
         }
     }

     @BeforeClass
     public static void startServer() throws Exception
     {
         server = new Server();

         HttpConfiguration config = new HttpConfiguration();
         config.setSendServerVersion(false);

         HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(config, HttpCompliance.RFC2616);
         httpConnectionFactory.setRecordHttpComplianceViolations(true);
         connector = new LocalConnector(server, null, null, null, -1, httpConnectionFactory);

         ServletContextHandler context = new ServletContextHandler();
         context.setContextPath("/");
         context.setWelcomeFiles(new String[]{"index.html", "index.jsp", "index.htm"});

         context.addServlet(DumpRequestHeadersServlet.class, "/dump/*");
         context.addFilter(ReportViolationsFilter.class, "/*", EnumSet.of(DispatcherType.REQUEST));

         server.setHandler(context);
         server.addConnector(connector);

         server.start();
     }

     @AfterClass
     public static void stopServer() throws Exception
     {
         server.stop();
         server.join();
     }

     @Test
     public void testNoColonHeader_Middle() throws Exception
     {
         StringBuffer req1 = new StringBuffer();
         req1.append("GET /dump/ HTTP/1.1\r\n");
         req1.append("Name\r\n");
         req1.append("Host: local\r\n");
         req1.append("Accept: */*\r\n");
         req1.append("Connection: close\r\n");
         req1.append("\r\n");

         String response = connector.getResponses(req1.toString());
         assertThat("Response status", response, containsString("HTTP/1.1 200 OK"));
         assertThat("Response headers", response, containsString("X-Http-Violation-0: RFC2616<RFC7230: name only header"));

         assertThat("Response body", response, containsString("[Name] = []"));
     }

     @Test
     public void testNoColonHeader_End() throws Exception
     {
         StringBuffer req1 = new StringBuffer();
         req1.append("GET /dump/ HTTP/1.1\r\n");
         req1.append("Host: local\r\n");
         req1.append("Connection: close\r\n");
         req1.append("Accept: */*\r\n");
         req1.append("Name\r\n");
         req1.append("\r\n");

         String response = connector.getResponses(req1.toString());
         assertThat("Response status", response, containsString("HTTP/1.1 200"));
         assertThat("Response headers", response, containsString("X-Http-Violation-0: RFC2616<RFC7230: name only header"));

         assertThat("Response body", response, containsString("[Name] = []"));
     }

     @Test
     public void testFoldedHeader() throws Exception
     {
         StringBuffer req1 = new StringBuffer();
         req1.append("GET /dump/ HTTP/1.1\r\n");
         req1.append("Host: local\r\n");
         req1.append("Name: Some\r\n");
         req1.append(" Value\r\n");
         req1.append("Connection: close\r\n");
         req1.append("Accept: */*\r\n");
         req1.append("\r\n");

         String response = connector.getResponses(req1.toString());
         assertThat("Response status", response, containsString("HTTP/1.1 200"));
         assertThat("Response headers", response, containsString("X-Http-Violation-0: RFC2616<RFC7230: header folding"));

         assertThat("Response body", response, containsString("[Name] = [Some Value]"));
     }
 }
	//
	// ========================================================================
	// Copyright (c) 1995-2017 Mort Bay Consulting Pty. Ltd.
	// ------------------------------------------------------------------------
	// All rights reserved. This program and the accompanying materials
	// are made available under the terms of the Eclipse Public License v1.0
	// and Apache License v2.0 which accompanies this distribution.
	//
	// The Eclipse Public License is available at
	// http://www.eclipse.org/legal/epl-v10.html
	//
	// The Apache License v2.0 is available at
	// http://www.opensource.org/licenses/apache2.0.php
	//
	// You may elect to redistribute this code under either of these licenses.
	// ========================================================================
	//

	package org.eclipse.jetty.servlet;

	import java.io.IOException;
	import java.io.PrintWriter;
	import java.util.ArrayList;
	import java.util.Collections;
	import java.util.EnumSet;
	import java.util.List;

	import javax.servlet.DispatcherType;
	import javax.servlet.Filter;
	import javax.servlet.FilterChain;
	import javax.servlet.FilterConfig;
	import javax.servlet.ServletException;
	import javax.servlet.ServletRequest;
	import javax.servlet.ServletResponse;
	import javax.servlet.http.HttpServlet;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;

	import org.eclipse.jetty.http.HttpCompliance;
	import org.eclipse.jetty.server.HttpConfiguration;
	import org.eclipse.jetty.server.HttpConnectionFactory;
	import org.eclipse.jetty.server.LocalConnector;
	import org.eclipse.jetty.server.Server;
	import org.junit.AfterClass;
	import org.junit.BeforeClass;
	import org.junit.Test;

	import static org.hamcrest.Matchers.containsString;
	import static org.junit.Assert.assertThat;

	public class ComplianceViolations2616Test
	{
	private static Server server;
	private static LocalConnector connector;

	public static class ReportViolationsFilter implements Filter
	{
	@Override
	public void init(FilterConfig filterConfig) throws ServletException
	{
	}

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
	{
	if (request instanceof HttpServletRequest)
	{
	List<String> violations = (List<String>) request.getAttribute("org.eclipse.jetty.http.compliance.violations");
	if (violations != null)
	{
	HttpServletResponse httpResponse = (HttpServletResponse) response;
	int i = 0;
	for (String violation : violations)
	{
	httpResponse.setHeader("X-Http-Violation-" + (i++), violation);
	}
	}
	}
	chain.doFilter(request, response);
	}

	@Override
	public void destroy()
	{
	}
	}

	public static class DumpRequestHeadersServlet extends HttpServlet
	{
	@Override
	protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
	{
	resp.setContentType("text/plain");
	PrintWriter out = resp.getWriter();
	List<String> headerNames = new ArrayList<>();
	headerNames.addAll(Collections.list(req.getHeaderNames()));
	Collections.sort(headerNames);
	for (String name : headerNames)
	{
	out.printf("[%s] = [%s]%n", name, req.getHeader(name));
	}
	}
	}

	@BeforeClass
	public static void startServer() throws Exception
	{
	server = new Server();

	HttpConfiguration config = new HttpConfiguration();
	config.setSendServerVersion(false);

	HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(config, HttpCompliance.RFC2616);
	httpConnectionFactory.setRecordHttpComplianceViolations(true);
	connector = new LocalConnector(server, null, null, null, -1, httpConnectionFactory);

	ServletContextHandler context = new ServletContextHandler();
	context.setContextPath("/");
	context.setWelcomeFiles(new String[]{"index.html", "index.jsp", "index.htm"});

	context.addServlet(DumpRequestHeadersServlet.class, "/dump/*");
	context.addFilter(ReportViolationsFilter.class, "/*", EnumSet.of(DispatcherType.REQUEST));

	server.setHandler(context);
	server.addConnector(connector);

	server.start();
	}

	@AfterClass
	public static void stopServer() throws Exception
	{
	server.stop();
	server.join();
	}

	@Test
	public void testNoColonHeader_Middle() throws Exception
	{
	StringBuffer req1 = new StringBuffer();
	req1.append("GET /dump/ HTTP/1.1\r\n");
	req1.append("Name\r\n");
	req1.append("Host: local\r\n");
	req1.append("Accept: /\r\n");
	req1.append("Connection: close\r\n");
	req1.append("\r\n");

	String response = connector.getResponses(req1.toString());
	assertThat("Response status", response, containsString("HTTP/1.1 200 OK"));
	assertThat("Response headers", response, containsString("X-Http-Violation-0: RFC2616<RFC7230: name only header"));

	assertThat("Response body", response, containsString("[Name] = []"));
	}

	@Test
	public void testNoColonHeader_End() throws Exception
	{
	StringBuffer req1 = new StringBuffer();
	req1.append("GET /dump/ HTTP/1.1\r\n");
	req1.append("Host: local\r\n");
	req1.append("Connection: close\r\n");
	req1.append("Accept: /\r\n");
	req1.append("Name\r\n");
	req1.append("\r\n");

	String response = connector.getResponses(req1.toString());
	assertThat("Response status", response, containsString("HTTP/1.1 200"));
	assertThat("Response headers", response, containsString("X-Http-Violation-0: RFC2616<RFC7230: name only header"));

	assertThat("Response body", response, containsString("[Name] = []"));
	}

	@Test
	public void testFoldedHeader() throws Exception
	{
	StringBuffer req1 = new StringBuffer();
	req1.append("GET /dump/ HTTP/1.1\r\n");
	req1.append("Host: local\r\n");
	req1.append("Name: Some\r\n");
	req1.append(" Value\r\n");
	req1.append("Connection: close\r\n");
	req1.append("Accept: /\r\n");
	req1.append("\r\n");

	String response = connector.getResponses(req1.toString());
	assertThat("Response status", response, containsString("HTTP/1.1 200"));
	assertThat("Response headers", response, containsString("X-Http-Violation-0: RFC2616<RFC7230: header folding"));

	assertThat("Response body", response, containsString("[Name] = [Some Value]"));
	}
	}