Fix for the Jetty bypass vulnerability fixed in version 9.4.51.v20230…

…217 (#506) Signed-off-by: Scott M Stark <starksm64@gmail.com>
arquillian · Nov 13, 2023 · d2b6b7c · d2b6b7c
1 parent 67416ae
commit d2b6b7c
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/protocols/servlet/pom.xml b/protocols/servlet/pom.xml
@@ -22,7 +22,7 @@
   <!-- Properties -->
   <properties>
     <!-- Versioning -->
-    <version.jetty_jetty>8.1.2.v20120308</version.jetty_jetty>
+    <version.jetty_jetty>9.4.51.v20230217</version.jetty_jetty>
 
   </properties>
 

diff --git a/...ocols/servlet/src/test/java/org/jboss/arquillian/protocol/servlet/AbstractServerBase.java b/...ocols/servlet/src/test/java/org/jboss/arquillian/protocol/servlet/AbstractServerBase.java
@@ -26,6 +26,9 @@
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
+
+import org.eclipse.jetty.server.Connector;
+import org.eclipse.jetty.server.NetworkConnector;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.servlet.ServletContextHandler;
 import org.jboss.arquillian.container.spi.client.protocol.metadata.HTTPContext;
@@ -88,7 +91,13 @@ protected HTTPContext createContext() {
     }
 
     protected URI createBaseURL() {
-        return URI.create("http://localhost:" + server.getConnectors()[0].getPort() + "/arquillian-protocol");
+        int port = 8080;
+        Connector defaultConn = server.getConnectors()[0];
+        if (defaultConn instanceof NetworkConnector) {
+            NetworkConnector net = (NetworkConnector) defaultConn;
+            port = net.getLocalPort();
+        }
+        return URI.create("http://localhost:" + port + "/arquillian-protocol");
     }
 
     protected URL createURL(String outputMode, String testClass, String methodName) {