Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Issue #11579 - Reject Target in Request Path #11580

Closed
wants to merge 2 commits into from
Closed

Issue #11579 - Reject Target in Request Path #11580

wants to merge 2 commits into from

Conversation

joakime
Copy link
Contributor

@joakime joakime commented Mar 27, 2024

Initial implementation of rejecting a URI Target in the Request Path.

@joakime joakime added Enhancement Specification For all industry Specifications (IETF / Servlet / etc) labels Mar 27, 2024
@joakime joakime requested a review from gregw March 27, 2024 14:44
@joakime joakime self-assigned this Mar 27, 2024
@joakime joakime linked an issue Mar 27, 2024 that may be closed by this pull request
Introduce UriCompliance.Violation.FRAGMENT to reject HTTP Request Line that includes fragment section. #11579
Closed
@joakime joakime mentioned this pull request Mar 27, 2024
Closed
@gregw
Copy link
Contributor

gregw commented Apr 22, 2024

@joakime status?

@joakime
Copy link
Contributor Author

joakime commented Apr 22, 2024

I haven't look at this in a while, since we moved it here from PR #11496
I'll update this PR this week.

gregw
gregw requested changes Jun 20, 2024
View reviewed changes
Copy link
Contributor

@gregw gregw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a placeholder review waiting for progress on this. Please request re-review when it is ready.

@joakime
Copy link
Contributor Author

joakime commented Oct 23, 2024

rebase against 12.1.x

gregw
gregw requested changes Nov 8, 2024
View reviewed changes
Copy link
Contributor

@gregw gregw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let me have a go at this from the compliance end of things...

jetty-core/jetty-http/src/main/java/org/eclipse/jetty/http/HttpURI.java
Comment on lines +1460 to +1462
if (last != null && state.ordinal() > last.ordinal())
throw new IllegalArgumentException("uri cannot go beyond " + last);

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we should not parse past the fragment etc. We should parse to the end, but record a violation if there is a fragment.

@joakime
Copy link
Contributor Author

joakime commented Nov 11, 2024

Closing in favor of PR #12504

@joakime joakime closed this Nov 11, 2024
@joakime joakime deleted the fix/12.0.x/target-in-request-path branch November 11, 2024 13:47
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@gregw gregw gregw requested changes

Assignees

@joakime joakime

Labels
Enhancement Specification For all industry Specifications (IETF / Servlet / etc)
Projects
Jetty 12.1.0
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Introduce UriCompliance.Violation.FRAGMENT to reject HTTP Request Line that includes fragment section.
2 participants
@joakime @gregw