Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #4275 #6001 separate compliance modes for ambiguous URI segments and se… #6003

Merged
merged 3 commits into from
Feb 24, 2021

Conversation

gregw
Copy link
Contributor

@gregw gregw commented Feb 23, 2021

…parators

Fix #4275 and #6001 separate compliance modes for ambiguous URI segments and separators

…parators

Fix #4275 separate compliance modes for ambiguous URI segments and separators
@gregw gregw requested review from sbordet and joakime February 23, 2021 19:52
@gregw gregw added the Sponsored This issue affects a user with a commercial support agreement label Feb 23, 2021
…parators

LEGACY modes allows both ambiguous separators and segments
@gregw
Copy link
Contributor Author

gregw commented Feb 23, 2021

For the merge to 10, the two compliance modes should be moved to something like:

public final class UriCompliance implements ComplianceViolation.Mode
{
    public enum Violation implements ComplianceViolation
    {
        AMBIGUOUS_PATH_SEGMENTS("https://tools.ietf.org/html/rfc3986#section-3.3", "Ambiguous URI path segment");
        AMBIGUOUS_PATH_SEPARATOR("https://tools.ietf.org/html/rfc3986#section-3.3", "Ambiguous URI path separator");

Copy link
Contributor

@sbordet sbordet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM apart the nit about the newline in test case.

…parators

LEGACY modes allows both ambiguous separators and segments
@gregw gregw merged commit 49e73df into jetty-9.4.x Feb 24, 2021
@gregw gregw deleted the jetty-9.4.x-4275-separator-and-segment-compliance branch February 24, 2021 09:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Sponsored This issue affects a user with a commercial support agreement
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Ambiguous URI legacy compliance mode Path Normalization/Traversal - Context Matching
2 participants