Allow less strict host header parsing to handle non-RFC2396 compliant host headers #1284
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
artgon
reviewed
Aug 19, 2022
| if (uri.getHost() != null) { | ||
| return new Pair<>(uri.getHost(), uri.getPort()); | ||
| } | ||
| } catch (URISyntaxException ignored) { } |
| } catch (URISyntaxException ignored) { } | ||
|
|
||
| // fallback to using a colon split | ||
| // valid IPv6 addresses would have been handled already so any colon is safely assumed a port separator |
There was a problem hiding this comment.
What if it's an invalid IPv6 address?
There was a problem hiding this comment.
There is a fallback below that detects more than 1 colon (e.g. a non-bracketed IPv6 address) which will throw an exception
| try { | ||
| parsedPort = Integer.parseInt(components[1]); | ||
| } catch (NumberFormatException ignored) { | ||
| // ignore failing to parse port numbers and fallback to default port |
|
I'm not convinced that we want this to be our default functionality. If we do want to allow it, there can be a feature flag that enables it. |
gavinbunney
force-pushed
the
gavin/uri-parsing
branch
from
14ac79c to
c7c882d
Compare
@artgon Gated this behind a property |
gavinbunney
force-pushed
the
gavin/uri-parsing
branch
from
c7c882d to
954c6aa
Compare
gavinbunney
changed the title
artgon
reviewed
Aug 19, 2022
|
|
||
| @After | ||
| public void resetConfig() { | ||
| config.clearProperty("zuul.HttpRequestMessage.host.header.strict.validation"); |
artgon
approved these changes
Aug 19, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The URI parsing changes done in #747 better handled IPv6 addresses, however it introduces issues when host headers contain non-RFC2396 compliant hostnames (for example any
_or^or url-encoded characters).This PR adds a less strict validation fallback to split-style parsing of the host header when the URI default parsing fails.