From 2cd7c30765cc9a4a504dc16ab484330aa3fac050 Mon Sep 17 00:00:00 2001 From: Simone Bordet Date: Mon, 23 May 2022 16:02:30 +0200 Subject: [PATCH] Fixes #8014 - Review HttpRequest URI construction. Fixes after review in HttpURI. Signed-off-by: Simone Bordet --- .../java/org/eclipse/jetty/http/HttpURI.java | 18 ++++++++++---- .../org/eclipse/jetty/http/HttpURITest.java | 24 +++++++++++++++++++ 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpURI.java b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpURI.java index a17f764b52d9..28a77e18ff9c 100644 --- a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpURI.java +++ b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpURI.java @@ -628,6 +628,8 @@ public String asString() */ public Mutable authority(String host, int port) { + if (host != null && _path != null && !_path.startsWith("/")) + throw new IllegalArgumentException("Relative path with authority"); _user = null; _host = host; _port = port; @@ -636,12 +638,14 @@ public Mutable authority(String host, int port) } /** - * @param hostport the host and port combined + * @param hostPort the host and port combined * @return this mutable */ - public Mutable authority(String hostport) + public Mutable authority(String hostPort) { - HostPort hp = new HostPort(hostport); + if (hostPort != null && _path != null && !_path.startsWith("/")) + throw new IllegalArgumentException("Relative path with authority"); + HostPort hp = new HostPort(hostPort); _user = null; _host = hp.getHost(); _port = hp.getPort(); @@ -775,6 +779,8 @@ public int hashCode() public Mutable host(String host) { + if (host != null && _path != null && !_path.startsWith("/")) + throw new IllegalArgumentException("Relative path with authority"); _host = host; _uri = null; return this; @@ -834,10 +840,12 @@ public Mutable param(String param) /** * @param path the path - * @return this Mutuble + * @return this Mutable */ public Mutable path(String path) { + if (hasAuthority() && path != null && !path.startsWith("/")) + throw new IllegalArgumentException("Relative path with authority"); _uri = null; _path = path; _decodedPath = null; @@ -846,6 +854,8 @@ public Mutable path(String path) public Mutable pathQuery(String pathQuery) { + if (hasAuthority() && pathQuery != null && !pathQuery.startsWith("/")) + throw new IllegalArgumentException("Relative path with authority"); _uri = null; _path = null; _decodedPath = null; diff --git a/jetty-http/src/test/java/org/eclipse/jetty/http/HttpURITest.java b/jetty-http/src/test/java/org/eclipse/jetty/http/HttpURITest.java index f3161dd0a4bb..4b3713f26c52 100644 --- a/jetty-http/src/test/java/org/eclipse/jetty/http/HttpURITest.java +++ b/jetty-http/src/test/java/org/eclipse/jetty/http/HttpURITest.java @@ -824,4 +824,28 @@ public void testEncodedQuery(String input, String expectedQuery) HttpURI httpURI = HttpURI.build(input); assertThat("[" + input + "] .query", httpURI.getQuery(), is(expectedQuery)); } + + @Test + public void testRelativePathWithAuthority() + { + assertThrows(IllegalArgumentException.class, () -> HttpURI.build() + .authority("host") + .path("path")); + assertThrows(IllegalArgumentException.class, () -> HttpURI.build() + .authority("host", 8080) + .path(";p=v/url")); + assertThrows(IllegalArgumentException.class, () -> HttpURI.build() + .host("host") + .path(";")); + + assertThrows(IllegalArgumentException.class, () -> HttpURI.build() + .path("path") + .authority("host")); + assertThrows(IllegalArgumentException.class, () -> HttpURI.build() + .path(";p=v/url") + .authority("host", 8080)); + assertThrows(IllegalArgumentException.class, () -> HttpURI.build() + .path(";") + .host("host")); + } }