| // |
| // ======================================================================== |
| // Copyright (c) 1995-2017 Mort Bay Consulting Pty. Ltd. |
| // ------------------------------------------------------------------------ |
| // All rights reserved. This program and the accompanying materials |
| // are made available under the terms of the Eclipse Public License v1.0 |
| // and Apache License v2.0 which accompanies this distribution. |
| // |
| // The Eclipse Public License is available at |
| // http://www.eclipse.org/legal/epl-v10.html |
| // |
| // The Apache License v2.0 is available at |
| // http://www.opensource.org/licenses/apache2.0.php |
| // |
| // You may elect to redistribute this code under either of these licenses. |
| // ======================================================================== |
| // |
| |
| package org.eclipse.jetty.servlet; |
| |
| import java.io.IOException; |
| import java.io.PrintWriter; |
| import java.util.ArrayList; |
| import java.util.Collections; |
| import java.util.EnumSet; |
| import java.util.List; |
| |
| import javax.servlet.DispatcherType; |
| import javax.servlet.Filter; |
| import javax.servlet.FilterChain; |
| import javax.servlet.FilterConfig; |
| import javax.servlet.ServletException; |
| import javax.servlet.ServletRequest; |
| import javax.servlet.ServletResponse; |
| import javax.servlet.http.HttpServlet; |
| import javax.servlet.http.HttpServletRequest; |
| import javax.servlet.http.HttpServletResponse; |
| |
| import org.eclipse.jetty.http.HttpCompliance; |
| import org.eclipse.jetty.server.HttpConfiguration; |
| import org.eclipse.jetty.server.HttpConnectionFactory; |
| import org.eclipse.jetty.server.LocalConnector; |
| import org.eclipse.jetty.server.Server; |
| import org.junit.AfterClass; |
| import org.junit.BeforeClass; |
| import org.junit.Test; |
| |
| import static org.hamcrest.Matchers.containsString; |
| import static org.junit.Assert.assertThat; |
| |
| public class ComplianceViolations2616Test |
| { |
| private static Server server; |
| private static LocalConnector connector; |
| |
| public static class ReportViolationsFilter implements Filter |
| { |
| @Override |
| public void init(FilterConfig filterConfig) throws ServletException |
| { |
| } |
| |
| @Override |
| public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException |
| { |
| if (request instanceof HttpServletRequest) |
| { |
| List<String> violations = (List<String>) request.getAttribute("org.eclipse.jetty.http.compliance.violations"); |
| if (violations != null) |
| { |
| HttpServletResponse httpResponse = (HttpServletResponse) response; |
| int i = 0; |
| for (String violation : violations) |
| { |
| httpResponse.setHeader("X-Http-Violation-" + (i++), violation); |
| } |
| } |
| } |
| chain.doFilter(request, response); |
| } |
| |
| @Override |
| public void destroy() |
| { |
| } |
| } |
| |
| public static class DumpRequestHeadersServlet extends HttpServlet |
| { |
| @Override |
| protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException |
| { |
| resp.setContentType("text/plain"); |
| PrintWriter out = resp.getWriter(); |
| List<String> headerNames = new ArrayList<>(); |
| headerNames.addAll(Collections.list(req.getHeaderNames())); |
| Collections.sort(headerNames); |
| for (String name : headerNames) |
| { |
| out.printf("[%s] = [%s]%n", name, req.getHeader(name)); |
| } |
| } |
| } |
| |
| @BeforeClass |
| public static void startServer() throws Exception |
| { |
| server = new Server(); |
| |
| HttpConfiguration config = new HttpConfiguration(); |
| config.setSendServerVersion(false); |
| |
| HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(config, HttpCompliance.RFC2616); |
| httpConnectionFactory.setRecordHttpComplianceViolations(true); |
| connector = new LocalConnector(server, null, null, null, -1, httpConnectionFactory); |
| |
| ServletContextHandler context = new ServletContextHandler(); |
| context.setContextPath("/"); |
| context.setWelcomeFiles(new String[]{"index.html", "index.jsp", "index.htm"}); |
| |
| context.addServlet(DumpRequestHeadersServlet.class, "/dump/*"); |
| context.addFilter(ReportViolationsFilter.class, "/*", EnumSet.of(DispatcherType.REQUEST)); |
| |
| server.setHandler(context); |
| server.addConnector(connector); |
| |
| server.start(); |
| } |
| |
| @AfterClass |
| public static void stopServer() throws Exception |
| { |
| server.stop(); |
| server.join(); |
| } |
| |
| @Test |
| public void testNoColonHeader_Middle() throws Exception |
| { |
| StringBuffer req1 = new StringBuffer(); |
| req1.append("GET /dump/ HTTP/1.1\r\n"); |
| req1.append("Name\r\n"); |
| req1.append("Host: local\r\n"); |
| req1.append("Accept: */*\r\n"); |
| req1.append("Connection: close\r\n"); |
| req1.append("\r\n"); |
| |
| String response = connector.getResponses(req1.toString()); |
| assertThat("Response status", response, containsString("HTTP/1.1 200 OK")); |
| assertThat("Response headers", response, containsString("X-Http-Violation-0: RFC2616<RFC7230: name only header")); |
| |
| assertThat("Response body", response, containsString("[Name] = []")); |
| } |
| |
| @Test |
| public void testNoColonHeader_End() throws Exception |
| { |
| StringBuffer req1 = new StringBuffer(); |
| req1.append("GET /dump/ HTTP/1.1\r\n"); |
| req1.append("Host: local\r\n"); |
| req1.append("Connection: close\r\n"); |
| req1.append("Accept: */*\r\n"); |
| req1.append("Name\r\n"); |
| req1.append("\r\n"); |
| |
| String response = connector.getResponses(req1.toString()); |
| assertThat("Response status", response, containsString("HTTP/1.1 200")); |
| assertThat("Response headers", response, containsString("X-Http-Violation-0: RFC2616<RFC7230: name only header")); |
| |
| assertThat("Response body", response, containsString("[Name] = []")); |
| } |
| |
| @Test |
| public void testFoldedHeader() throws Exception |
| { |
| StringBuffer req1 = new StringBuffer(); |
| req1.append("GET /dump/ HTTP/1.1\r\n"); |
| req1.append("Host: local\r\n"); |
| req1.append("Name: Some\r\n"); |
| req1.append(" Value\r\n"); |
| req1.append("Connection: close\r\n"); |
| req1.append("Accept: */*\r\n"); |
| req1.append("\r\n"); |
| |
| String response = connector.getResponses(req1.toString()); |
| assertThat("Response status", response, containsString("HTTP/1.1 200")); |
| assertThat("Response headers", response, containsString("X-Http-Violation-0: RFC2616<RFC7230: header folding")); |
| |
| assertThat("Response body", response, containsString("[Name] = [Some Value]")); |
| } |
| } |