From 50af4f645727a592eb54238582cfc456cf8a2e9f Mon Sep 17 00:00:00 2001 From: GloRRian55 Date: Fri, 6 Dec 2024 12:44:47 +0300 Subject: [PATCH 1/5] add semicolonIsNormalChar and maxParams properties to the server configurations --- .../http/netty/AbstractNettyHttpRequest.java | 22 +++++++--- .../http/server/netty/NettyHttpRequest.java | 10 +++++ .../http/server/HttpServerConfiguration.java | 41 +++++++++++++++++++ .../http/form/FormConfiguration.java | 6 +++ .../form/FormConfigurationProperties.java | 24 +++++++++++ .../http/uri/QueryStringDecoder.java | 20 ++++++++- .../http/form/FormConfigurationTest.java | 6 +++ .../FormConfigurationViaPropertyTest.java | 7 ++++ 8 files changed, 130 insertions(+), 6 deletions(-) diff --git a/http-netty/src/main/java/io/micronaut/http/netty/AbstractNettyHttpRequest.java b/http-netty/src/main/java/io/micronaut/http/netty/AbstractNettyHttpRequest.java index cf68e852470..677c10e89b9 100644 --- a/http-netty/src/main/java/io/micronaut/http/netty/AbstractNettyHttpRequest.java +++ b/http-netty/src/main/java/io/micronaut/http/netty/AbstractNettyHttpRequest.java @@ -24,10 +24,7 @@ import io.micronaut.http.HttpRequest; import io.micronaut.http.netty.stream.DefaultStreamedHttpRequest; import io.micronaut.http.netty.stream.StreamedHttpRequest; -import io.netty.handler.codec.http.DefaultFullHttpRequest; -import io.netty.handler.codec.http.DefaultLastHttpContent; -import io.netty.handler.codec.http.LastHttpContent; -import io.netty.handler.codec.http.QueryStringDecoder; +import io.netty.handler.codec.http.*; import io.netty.util.DefaultAttributeMap; import java.net.URI; @@ -191,6 +188,17 @@ public String getPath() { */ protected abstract Charset initCharset(Charset characterEncoding); + /** + * @return the maximum number of parameters. + */ + protected abstract int getMaxParams(); + + /** + * @return {@code true} if yes, {@code false} otherwise. + */ + protected abstract boolean isSemicolonIsNormalChar(); + + /** * @param uri The URI * @return The query string decoder @@ -198,7 +206,11 @@ public String getPath() { @SuppressWarnings("ConstantConditions") protected final QueryStringDecoder createDecoder(URI uri) { Charset cs = getCharacterEncoding(); - return cs != null ? new QueryStringDecoder(uri, cs) : new QueryStringDecoder(uri); + boolean semicolonIsNormalChar = isSemicolonIsNormalChar(); + int maxParams = getMaxParams(); + return cs != null ? + new QueryStringDecoder(uri, cs, maxParams, semicolonIsNormalChar) : + new QueryStringDecoder(uri, HttpConstants.DEFAULT_CHARSET, maxParams, semicolonIsNormalChar); } private NettyHttpParameters decodeParameters() { diff --git a/http-server-netty/src/main/java/io/micronaut/http/server/netty/NettyHttpRequest.java b/http-server-netty/src/main/java/io/micronaut/http/server/netty/NettyHttpRequest.java index 08652fb2b5b..85b05c49cb1 100644 --- a/http-server-netty/src/main/java/io/micronaut/http/server/netty/NettyHttpRequest.java +++ b/http-server-netty/src/main/java/io/micronaut/http/server/netty/NettyHttpRequest.java @@ -608,6 +608,16 @@ protected Charset initCharset(Charset characterEncoding) { return characterEncoding == null ? serverConfiguration.getDefaultCharset() : characterEncoding; } + @Override + protected int getMaxParams() { + return serverConfiguration.getMaxParams(); + } + + @Override + protected boolean isSemicolonIsNormalChar() { + return serverConfiguration.isSemicolonIsNormalChar(); + } + /** * @return Return true if the request is form data. */ diff --git a/http-server/src/main/java/io/micronaut/http/server/HttpServerConfiguration.java b/http-server/src/main/java/io/micronaut/http/server/HttpServerConfiguration.java index 447beaee276..1fa10a79c87 100644 --- a/http-server/src/main/java/io/micronaut/http/server/HttpServerConfiguration.java +++ b/http-server/src/main/java/io/micronaut/http/server/HttpServerConfiguration.java @@ -127,6 +127,12 @@ public class HttpServerConfiguration implements ServerContextPathProvider { */ @SuppressWarnings("WeakerAccess") public static final boolean DEFAULT_DISPATCH_OPTIONS_REQUESTS = false; + + @SuppressWarnings("WeakerAccess") + public static final boolean DEFAULT_SEMICOLON_IS_NORMAL_CHAR = false; + + @SuppressWarnings("WeakerAccess") + public static final int DEFAULT_MAX_PARAMS = 1024; private Integer port; private String host; private Integer readTimeout; @@ -155,6 +161,8 @@ public class HttpServerConfiguration implements ServerContextPathProvider { private ThreadSelection threadSelection = ThreadSelection.MANUAL; private boolean validateUrl = true; private boolean notFoundOnMissingBody = true; + private boolean semicolonIsNormalChar = DEFAULT_SEMICOLON_IS_NORMAL_CHAR; + private int maxParams = DEFAULT_MAX_PARAMS; /** * Default constructor. @@ -598,6 +606,39 @@ public void setNotFoundOnMissingBody(boolean notFoundOnMissingBody) { this.notFoundOnMissingBody = notFoundOnMissingBody; } + /** + * @return {@code true} if ';' is normal, {@code false} otherwise. + * @since 4.8 + */ + public boolean isSemicolonIsNormalChar() { + return semicolonIsNormalChar; + } + + /** + * @param semicolonIsNormalChar {@code true} to treat ';' normally, {@code false} otherwise. + * @since 4.8 + */ + public void setSemicolonIsNormalChar(boolean semicolonIsNormalChar) { + this.semicolonIsNormalChar = semicolonIsNormalChar; + } + + /** + * @return the maximum parameter count. + * @since 4.8 + */ + public int getMaxParams() { + return maxParams; + } + + /** + * @param maxParams the maximum parameter count. + * @since 4.8 + */ + public void setMaxParams(int maxParams) { + this.maxParams = maxParams; + } + + /** * Configuration for multipart handling. */ diff --git a/http/src/main/java/io/micronaut/http/form/FormConfiguration.java b/http/src/main/java/io/micronaut/http/form/FormConfiguration.java index 40edb6253f1..d7c6cc2ebc0 100644 --- a/http/src/main/java/io/micronaut/http/form/FormConfiguration.java +++ b/http/src/main/java/io/micronaut/http/form/FormConfiguration.java @@ -26,4 +26,10 @@ public interface FormConfiguration { * @return default maximum of decoded key value parameters. It defaults to 1024. */ int getMaxDecodedKeyValueParameters(); + + /** + * @return true if the semicolon handle as a normal character, false otherwise. + */ + boolean isSemicolonIsNormalChar(); + } diff --git a/http/src/main/java/io/micronaut/http/form/FormConfigurationProperties.java b/http/src/main/java/io/micronaut/http/form/FormConfigurationProperties.java index e612f3df5d1..8a56c7b8f68 100644 --- a/http/src/main/java/io/micronaut/http/form/FormConfigurationProperties.java +++ b/http/src/main/java/io/micronaut/http/form/FormConfigurationProperties.java @@ -34,7 +34,15 @@ final class FormConfigurationProperties implements FormConfiguration { @SuppressWarnings("WeakerAccess") private static final int DEFAULT_MAX_DECODED_KEY_VALUE_PARAMETERS = 1024; + /** + * Default value indicating whether the semicolon is treated as a normal character + * used in {@link io.micronaut.http.form.FormUrlEncodedDecoder}. + */ + @SuppressWarnings("WeakerAccess") + private static final boolean DEFAULT_SEMICOLON_IS_NORMAL_CHAR = false; + private int maxDecodedKeyValueParameters = DEFAULT_MAX_DECODED_KEY_VALUE_PARAMETERS; + private boolean semicolonIsNormalChar = DEFAULT_SEMICOLON_IS_NORMAL_CHAR; /** * @@ -45,6 +53,15 @@ public int getMaxDecodedKeyValueParameters() { return maxDecodedKeyValueParameters; } + + /** + * @return true if the semicolon is treated as a normal character, false otherwise + */ + @Override + public boolean isSemicolonIsNormalChar() { + return semicolonIsNormalChar; + } + /** * default maximum of decoded key value parameters. Default value {@link #DEFAULT_MAX_DECODED_KEY_VALUE_PARAMETERS}. * @param maxDecodedKeyValueParameters default maximum of decoded key value parameters @@ -52,4 +69,11 @@ public int getMaxDecodedKeyValueParameters() { public void setMaxDecodedKeyValueParameters(int maxDecodedKeyValueParameters) { this.maxDecodedKeyValueParameters = maxDecodedKeyValueParameters; } + + /** + * @param semicolonIsNormalChar true if the semicolon should be treated as a normal character, false otherwise + */ + public void setSemicolonIsNormalChar(boolean semicolonIsNormalChar) { + this.semicolonIsNormalChar = semicolonIsNormalChar; + } } diff --git a/http/src/main/java/io/micronaut/http/uri/QueryStringDecoder.java b/http/src/main/java/io/micronaut/http/uri/QueryStringDecoder.java index 3c11e641eb9..a847d16a9b4 100644 --- a/http/src/main/java/io/micronaut/http/uri/QueryStringDecoder.java +++ b/http/src/main/java/io/micronaut/http/uri/QueryStringDecoder.java @@ -63,6 +63,7 @@ final class QueryStringDecoder { private final Charset charset; private final String uri; private final int maxParams; + private final boolean semicolonIsNormalChar; private int pathEndIdx; private String path; private Map> params; @@ -121,9 +122,14 @@ final class QueryStringDecoder { * @param maxParams The maximum number of params */ QueryStringDecoder(String uri, Charset charset, boolean hasPath, int maxParams) { + this(uri, charset, hasPath, maxParams, false); + } + + QueryStringDecoder(String uri, Charset charset, boolean hasPath, int maxParams, boolean semicolonIsNormalChar) { this.uri = Objects.requireNonNull(uri, "uri"); this.charset = Objects.requireNonNull(charset, "charset"); this.maxParams = maxParams; + this.semicolonIsNormalChar = semicolonIsNormalChar; // `-1` means that path end index will be initialized lazily pathEndIdx = hasPath ? -1 : 0; @@ -159,6 +165,10 @@ final class QueryStringDecoder { * @param maxParams The maximum number of params */ QueryStringDecoder(URI uri, Charset charset, int maxParams) { + this(uri, charset, maxParams, false); + } + + QueryStringDecoder(URI uri, Charset charset, int maxParams, boolean semicolonIsNormalChar) { String rawPath = uri.getRawPath(); if (rawPath == null) { rawPath = EMPTY_STRING; @@ -166,6 +176,7 @@ final class QueryStringDecoder { this.uri = uriToString(uri); this.charset = Objects.requireNonNull(charset, "charset"); this.maxParams = ArgumentUtils.requirePositive("maxParams", maxParams); + this.semicolonIsNormalChar = semicolonIsNormalChar; pathEndIdx = rawPath.length(); } @@ -196,7 +207,7 @@ public String path() { */ public Map> parameters() { if (params == null) { - params = decodeParams(uri, pathEndIdx(), charset, maxParams); + params = decodeParams(uri, pathEndIdx(), charset, maxParams, semicolonIsNormalChar); } return params; } @@ -260,6 +271,10 @@ private static String uriToString(URI uri) { } private static Map> decodeParams(String s, int from, Charset charset, int paramsLimit) { + return decodeParams(s, from, charset, paramsLimit, false); + } + + private static Map> decodeParams(String s, int from, Charset charset, int paramsLimit, boolean semicolonIsNormalChar) { int len = s.length(); if (from >= len) { return Collections.emptyMap(); @@ -283,6 +298,9 @@ private static Map> decodeParams(String s, int from, Charse break; case '&': case ';': + if (semicolonIsNormalChar) { + continue; + } if (addParam(s, nameStart, valueStart, i, params, charset)) { paramsLimit--; if (paramsLimit == 0) { diff --git a/http/src/test/java/io/micronaut/http/form/FormConfigurationTest.java b/http/src/test/java/io/micronaut/http/form/FormConfigurationTest.java index 4a96cbbe33e..ac3be606fab 100644 --- a/http/src/test/java/io/micronaut/http/form/FormConfigurationTest.java +++ b/http/src/test/java/io/micronaut/http/form/FormConfigurationTest.java @@ -6,6 +6,7 @@ import org.junit.jupiter.api.Test; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; @MicronautTest(startApplication = false) class FormConfigurationTest { @@ -17,4 +18,9 @@ class FormConfigurationTest { void defaultMaxParams() { assertEquals(1024, formConfiguration.getMaxDecodedKeyValueParameters()); } + + @Test + void defaultSemicolonIsNormalChar() { + assertFalse(formConfiguration.isSemicolonIsNormalChar()); + } } diff --git a/http/src/test/java/io/micronaut/http/form/FormConfigurationViaPropertyTest.java b/http/src/test/java/io/micronaut/http/form/FormConfigurationViaPropertyTest.java index 00b97f061f4..706ee15253c 100644 --- a/http/src/test/java/io/micronaut/http/form/FormConfigurationViaPropertyTest.java +++ b/http/src/test/java/io/micronaut/http/form/FormConfigurationViaPropertyTest.java @@ -7,8 +7,10 @@ import org.junit.jupiter.api.Test; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertTrue; @Property(name = "micronaut.http.forms.max-decoded-key-value-parameters", value = "512") +@Property(name = "micronaut.http.forms.semicolon-is-normal-char", value = "true") @MicronautTest(startApplication = false) class FormConfigurationViaPropertyTest { @@ -19,4 +21,9 @@ class FormConfigurationViaPropertyTest { void maxParamCanBeSetViaProperty() { assertEquals(512, formConfiguration.getMaxDecodedKeyValueParameters()); } + + @Test + void semicolonIsNormalCharCanBeSetViaProperty() { + assertTrue(formConfiguration.isSemicolonIsNormalChar()); + } } From dc4f915addc6bd536b9ba4e10a4232039928ba54 Mon Sep 17 00:00:00 2001 From: GloRRian55 Date: Sun, 8 Dec 2024 17:08:41 +0300 Subject: [PATCH 2/5] checkstyle --- .../io/micronaut/http/netty/AbstractNettyHttpRequest.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/http-netty/src/main/java/io/micronaut/http/netty/AbstractNettyHttpRequest.java b/http-netty/src/main/java/io/micronaut/http/netty/AbstractNettyHttpRequest.java index 677c10e89b9..2cb502f6455 100644 --- a/http-netty/src/main/java/io/micronaut/http/netty/AbstractNettyHttpRequest.java +++ b/http-netty/src/main/java/io/micronaut/http/netty/AbstractNettyHttpRequest.java @@ -24,7 +24,11 @@ import io.micronaut.http.HttpRequest; import io.micronaut.http.netty.stream.DefaultStreamedHttpRequest; import io.micronaut.http.netty.stream.StreamedHttpRequest; -import io.netty.handler.codec.http.*; +import io.netty.handler.codec.http.DefaultFullHttpRequest; +import io.netty.handler.codec.http.DefaultLastHttpContent; +import io.netty.handler.codec.http.HttpConstants; +import io.netty.handler.codec.http.LastHttpContent; +import io.netty.handler.codec.http.QueryStringDecoder; import io.netty.util.DefaultAttributeMap; import java.net.URI; From 1c8446eb2fe3597c208a5bb218b6e5469aae775a Mon Sep 17 00:00:00 2001 From: GloRRian55 Date: Tue, 10 Dec 2024 13:35:07 +0300 Subject: [PATCH 3/5] improve javodoc --- .../micronaut/http/server/HttpServerConfiguration.java | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/http-server/src/main/java/io/micronaut/http/server/HttpServerConfiguration.java b/http-server/src/main/java/io/micronaut/http/server/HttpServerConfiguration.java index 1fa10a79c87..412b2b6f2e9 100644 --- a/http-server/src/main/java/io/micronaut/http/server/HttpServerConfiguration.java +++ b/http-server/src/main/java/io/micronaut/http/server/HttpServerConfiguration.java @@ -607,7 +607,10 @@ public void setNotFoundOnMissingBody(boolean notFoundOnMissingBody) { } /** - * @return {@code true} if ';' is normal, {@code false} otherwise. + * Returns whether the semicolon is considered a normal character in the query. + * A "normal" semicolon is one that is not used as a parameter separator. + * + * @return {@code true} if the semicolon is a normal character, {@code false} otherwise. * @since 4.8 */ public boolean isSemicolonIsNormalChar() { @@ -615,7 +618,10 @@ public boolean isSemicolonIsNormalChar() { } /** - * @param semicolonIsNormalChar {@code true} to treat ';' normally, {@code false} otherwise. + * Sets whether the semicolon should be considered a normal character in the query. + * A "normal" semicolon is one that is not used as a parameter separator. + * + * @param semicolonIsNormalChar {@code true} if the semicolon should be a normal character, {@code false} otherwise. * @since 4.8 */ public void setSemicolonIsNormalChar(boolean semicolonIsNormalChar) { From f9cef41fcf7c72ef20ada2dba76df63f5f514553 Mon Sep 17 00:00:00 2001 From: GloRRian55 Date: Tue, 10 Dec 2024 18:06:37 +0300 Subject: [PATCH 4/5] CR --- .../main/java/io/micronaut/http/form/FormConfiguration.java | 4 +++- .../io/micronaut/http/uri/DefaultFormUrlEncodedDecoder.java | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/http/src/main/java/io/micronaut/http/form/FormConfiguration.java b/http/src/main/java/io/micronaut/http/form/FormConfiguration.java index d7c6cc2ebc0..0538af5c023 100644 --- a/http/src/main/java/io/micronaut/http/form/FormConfiguration.java +++ b/http/src/main/java/io/micronaut/http/form/FormConfiguration.java @@ -30,6 +30,8 @@ public interface FormConfiguration { /** * @return true if the semicolon handle as a normal character, false otherwise. */ - boolean isSemicolonIsNormalChar(); + default boolean isSemicolonIsNormalChar() { + return false; + } } diff --git a/http/src/main/java/io/micronaut/http/uri/DefaultFormUrlEncodedDecoder.java b/http/src/main/java/io/micronaut/http/uri/DefaultFormUrlEncodedDecoder.java index 876de83ec03..2875ab3e7be 100644 --- a/http/src/main/java/io/micronaut/http/uri/DefaultFormUrlEncodedDecoder.java +++ b/http/src/main/java/io/micronaut/http/uri/DefaultFormUrlEncodedDecoder.java @@ -36,7 +36,9 @@ final class DefaultFormUrlEncodedDecoder implements FormUrlEncodedDecoder { @NonNull public Map decode(@NonNull String formUrlEncodedString, @NonNull Charset charset) { - QueryStringDecoder decoder = new QueryStringDecoder(formUrlEncodedString, charset, false, formConfiguration.getMaxDecodedKeyValueParameters()); + QueryStringDecoder decoder = new QueryStringDecoder(formUrlEncodedString, charset, false, + formConfiguration.getMaxDecodedKeyValueParameters(), + formConfiguration.isSemicolonIsNormalChar()); return flatten(decoder.parameters()); } } From 08176c7b6d7ced98f78b7f5296e3c552f974b8d3 Mon Sep 17 00:00:00 2001 From: Stanislav Shcherbakov Date: Mon, 30 Dec 2024 19:24:41 +0300 Subject: [PATCH 5/5] Update http-netty/src/main/java/io/micronaut/http/netty/AbstractNettyHttpRequest.java Co-authored-by: Jonas Konrad --- .../java/io/micronaut/http/netty/AbstractNettyHttpRequest.java | 1 - 1 file changed, 1 deletion(-) diff --git a/http-netty/src/main/java/io/micronaut/http/netty/AbstractNettyHttpRequest.java b/http-netty/src/main/java/io/micronaut/http/netty/AbstractNettyHttpRequest.java index 2cb502f6455..922080cbb66 100644 --- a/http-netty/src/main/java/io/micronaut/http/netty/AbstractNettyHttpRequest.java +++ b/http-netty/src/main/java/io/micronaut/http/netty/AbstractNettyHttpRequest.java @@ -202,7 +202,6 @@ public String getPath() { */ protected abstract boolean isSemicolonIsNormalChar(); - /** * @param uri The URI * @return The query string decoder