core: percent encode illegal chars when creating URI query #3003

raboof · 2020-03-11T13:39:36Z

This makes sure 'strict' parsing of the Uri query string only allows characters that are actually allowed here by the RFC.

It does not change the fact that Uri's rawQueryString is the percent-encoded representation of the query string, since this information is needed to parse it into a key-value structure.

When parsing the Uri in 'relaxed' mode or constructing programmatically, we do accept characters that are not allowed, but percent-encode any would-be invalid characters.

API's that can be used to programmatically add or modify the query string are adapted to not accept invalid percent-encoded values (e.g. %x2) and convert illegal characters. withRawQueryString is made available both in a 'strict' and a 'relaxed' variation.

References #3002

akka-ci · 2020-03-11T13:47:33Z

Test FAILed.

Pull request validation report

Failed Test Suites

Test result for 'akka-http2-support / Pr-validation / ./ executeTests'

[info] ScalaTest
[info] Run completed in 3 minutes, 43 seconds.
[info] Total number of tests run: 131
[info] Suites: completed 10, aborted 0
[info] Tests: succeeded 130, failed 1, canceled 0, ignored 16, pending 27
[info] *** 1 TEST FAILED ***
[error] Failed: Total 131, Failed 1, Errors 0, Passed 130, Ignored 16, Pending 27
[error] Failed tests:
[error] 	akka.http.impl.engine.http2.RequestParsingSpec

Mima Failures

Problems for akka-http-core:
akka-http-core: found 2 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.9  (filtered 98)
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 2 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.7  (filtered 195)
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 2 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.6  (filtered 195)
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 2 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.8  (filtered 106)
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 2 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.11  (filtered 54)
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 2 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.10  (filtered 54)
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-ci · 2020-03-11T15:31:07Z

Test FAILed.

Pull request validation report

Mima Failures

Problems for akka-http-core:
akka-http-core: found 2 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.9  (filtered 98)
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 2 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.7  (filtered 195)
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 2 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.6  (filtered 195)
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 2 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.8  (filtered 106)
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 2 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.11  (filtered 54)
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 2 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.10  (filtered 54)
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

ignasi35

LGTM

raboof · 2020-03-12T08:28:47Z

(I'm confused why Jenkins is reporting mima failures, AFAICS those should be filtered out now..)

jrudolph

Looks reasonable. Thanks for digging into this rabbit hole. A few small things below

...ore/src/main/mima-filters/10.1.x.backwards.excludes/query-string-encoding.backwards.excludes

akka-http-core/src/test/scala/akka/http/scaladsl/model/UriSpec.scala

jrudolph · 2020-03-12T09:45:17Z

akka-http-core/src/test/scala/akka/http/scaladsl/model/UriSpec.scala

      uri.withQuery(Query(Map("param1" -> "value1"))) shouldEqual Uri("http://host/path?param1=value1#fragment")
      uri.withRawQueryString("param1=value1") shouldEqual Uri("http://host/path?param1=value1#fragment")

+      uri.withQuery(Query("param1" -> "val\"ue1")) shouldEqual Uri("http://host/path?param1=val%22ue1#fragment")


Yep, this API should definitely encode when converting to raw 👍

akka-http-core/src/test/scala/akka/http/scaladsl/model/UriSpec.scala

akka-http-tests/src/test/java/akka/http/javadsl/server/directives/ParameterDirectivesTest.java

akka-ci · 2020-03-12T16:50:10Z

Test FAILed.

Pull request validation report

Mima Failures

Problems for akka-http-core:
akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.0.7  (filtered 379)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.4  (filtered 249)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.0.9  (filtered 355)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.0  (filtered 311)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 3 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.9  (filtered 98)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 3 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.7  (filtered 195)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 3 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.6  (filtered 195)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.0.1  (filtered 413)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 3 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.8  (filtered 106)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.0.6  (filtered 390)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.0.13  (filtered 370)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.3  (filtered 244)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.0.0  (filtered 430)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.0.11  (filtered 386)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.0.4  (filtered 401)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.1  (filtered 271)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.0.3  (filtered 414)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 3 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.11  (filtered 54)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.0.15  (filtered 340)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.0.12  (filtered 370)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.0.10  (filtered 360)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.0.5  (filtered 397)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 3 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.10  (filtered 54)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.5  (filtered 226)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.0.8  (filtered 355)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.0.2  (filtered 413)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.0.14  (filtered 354)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.2  (filtered 244)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-ci · 2020-03-12T17:01:05Z

Test FAILed.

Pull request validation report

Mima Failures

Problems for akka-http-core:
akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.4  (filtered 249)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 3 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.9  (filtered 98)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 3 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.7  (filtered 195)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 3 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.6  (filtered 195)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 3 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.8  (filtered 106)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.3  (filtered 244)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.1  (filtered 271)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 3 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.11  (filtered 54)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 3 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.10  (filtered 54)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")
 * method raw-query-char()akka.parboiled2.CharPredicate in object akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")
 * static method raw-query-char()akka.parboiled2.CharPredicate in class akka.http.impl.model.parser.CharacterClasses does not have a correspondent in current version
   filter with: ProblemFilters.exclude[DirectMissingMethodProblem]("akka.http.impl.model.parser.CharacterClasses.raw-query-char")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.5  (filtered 226)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

akka-http-core: found 1 potential binary incompatibilities while checking against com.typesafe.akka:akka-http-core_2.12:10.1.2  (filtered 244)
 * abstract method rawQueryString(java.lang.String,Boolean)akka.http.javadsl.model.Uri in class akka.http.javadsl.model.Uri is present only in current version
   filter with: ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.Uri.rawQueryString")

Co-Authored-By: Ignasi Marimon-Clos <ignasi@lightbend.com>

Co-Authored-By: Enno <458526+ennru@users.noreply.github.com>

…http into encode-query-string-on-render

akka-ci · 2020-03-18T11:20:49Z

Test PASSed.

jrudolph

LGTM, great work, thanks.

Do you think you have now closed all loopholes to create Uris with an invalid rawQueryString? AFAICS, it now looks fine. copy goes through the safe variant. From Java you could create an unexpected subclass of sealed scaladsl.model.Uri but let's not worry about that one.

akka-http-tests/src/test/java/akka/http/javadsl/server/directives/ParameterDirectivesTest.java

raboof · 2020-03-18T14:41:27Z

Do you think you have now closed all loopholes to create Uris with an invalid rawQueryString?

Yes, I think so - of course there's a couple of situations where we parse the string again to make sure there are no invalid percent-encodings in there, but no longer in the 'hot path'.

jrudolph · 2020-03-18T14:51:23Z

Yes, I think so - of course there's a couple of situations where we parse the string again to make sure there are no invalid percent-encodings in there, but no longer in the 'hot path'.

Yeah, good point. If someone cares about those paths they can still be optimized later on.

This makes sure 'strict' parsing of the Uri query string only allows characters that are actually allowed here by the RFC. It does not change the fact that Uri's rawQueryString is the percent-encoded representation of the query string, since this information is needed to parse it into a key-value structure. When parsing the Uri in 'relaxed' mode or constructing programmatically, we do accept characters that are not allowed, but percent-encode any would-be invalid characters. API's that can be used to programmatically add or modify the query string are adapted to not accept invalid percent-encoded values (e.g. %x2) and convert illegal characters. withRawQueryString is made available both in a 'strict' and a 'relaxed' variation. Fixes akka#3002 (cherry picked from commit e284816)

release 10.1 backport of akka#3003 This makes sure 'strict' parsing of the Uri query string only allows characters that are actually allowed here by the RFC. It does not change the fact that Uri's rawQueryString is the percent-encoded representation of the query string, since this information is needed to parse it into a key-value structure. When parsing the Uri in 'relaxed' mode or constructing programmatically, we do accept characters that are not allowed, but percent-encode any would-be invalid characters. API's that can be used to programmatically add or modify the query string are adapted to not accept invalid percent-encoded values (e.g. %x2) and convert illegal characters. withRawQueryString is made available both in a 'strict' and a 'relaxed' variation. Fixes akka#3002 (cherry picked from commit e284816)

raboof added 3 commits March 11, 2020 10:13

Encode query string on render

38f3f8a

Remove test code

87e9f35

Add parsing mode to migration notes

1f5ceaf

akka-ci added validating PR that is currently being validated by Jenkins needs-attention Indicates a PR validation failure (set by CI infrastructure) and removed validating PR that is currently being validated by Jenkins labels Mar 11, 2020

raboof added 2 commits March 11, 2020 14:42

A property-based test found a thing!

7d21945

Add a couple more tests

1ce0f53

ignasi35 approved these changes Mar 11, 2020

View reviewed changes

jrudolph reviewed Mar 12, 2020

View reviewed changes

Escape on parsing rather than on rendering

7de2b76

akka-ci added validating PR that is currently being validated by Jenkins and removed needs-attention Indicates a PR validation failure (set by CI infrastructure) labels Mar 12, 2020

raboof changed the title ~~Encode query string on render~~ Encode query string Mar 12, 2020

akka-ci added needs-attention Indicates a PR validation failure (set by CI infrastructure) and removed validating PR that is currently being validated by Jenkins labels Mar 12, 2020

MiMa

4892288

raboof and others added 2 commits March 18, 2020 12:06

remove star

cec2480

Co-Authored-By: Ignasi Marimon-Clos <ignasi@lightbend.com>

scaladoc indent

7b5212b

Co-Authored-By: Enno <458526+ennru@users.noreply.github.com>

raboof added 2 commits March 18, 2020 12:11

More careful method name

e421ecc

Merge branch 'encode-query-string-on-render' of github.com:akka/akka-…

2574017

…http into encode-query-string-on-render

raboof requested a review from jrudolph March 18, 2020 11:22

jrudolph approved these changes Mar 18, 2020

View reviewed changes

akka-http-tests/src/test/java/akka/http/javadsl/server/directives/ParameterDirectivesTest.java Show resolved Hide resolved

jrudolph changed the title ~~Encode query string~~ core: percent encode illegal chars when creating URI query Mar 19, 2020

jrudolph merged commit e284816 into master Mar 19, 2020

jrudolph deleted the encode-query-string-on-render branch March 19, 2020 09:15

jrudolph mentioned this pull request Mar 19, 2020

[backport] core: percent encode illegal chars when creating URI query #3012

Closed

sampathsree mentioned this pull request Mar 24, 2020

akka-http: scaladsl.model.Uri.toString doesn't encode query string #3024

Closed

ennru mentioned this pull request Apr 1, 2020

Uri.Path() should accept raw input with % #2670

Closed

mkurz mentioned this pull request Jan 17, 2022

Fix failing tests after upgrade to akka-http 10.2.x playframework/playframework#11113

Closed

core: percent encode illegal chars when creating URI query #3003

core: percent encode illegal chars when creating URI query #3003

Uh oh!

Conversation

raboof commented Mar 11, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

akka-ci commented Mar 11, 2020

Pull request validation report

Uh oh!

akka-ci commented Mar 11, 2020

Pull request validation report

Uh oh!

ignasi35 left a comment

Choose a reason for hiding this comment

Uh oh!

raboof commented Mar 12, 2020

Uh oh!

jrudolph left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

jrudolph Mar 12, 2020

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

akka-ci commented Mar 12, 2020

Pull request validation report

Uh oh!

akka-ci commented Mar 12, 2020

Pull request validation report

Uh oh!

akka-ci commented Mar 18, 2020

Uh oh!

jrudolph left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

raboof commented Mar 18, 2020

Uh oh!

jrudolph commented Mar 18, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

raboof commented Mar 11, 2020 •

edited

Loading