[#4505] Correctly handle whitespaces in websocket uri's.

Motivation:

If a uri contains whitespaces we need to ensure we correctly escape these when creating the request for the handshake.

Modifications:

- Correctly encode path for uri
- Add tests

Result:

Correctly handle whitespaces when doing websocket upgrade requests.
This commit is contained in:
Norman Maurer 2015-11-26 22:29:28 +01:00
parent 22ad5c502f
commit 5486e94777
10 changed files with 156 additions and 32 deletions

View File

@ -405,4 +405,17 @@ public abstract class WebSocketClientHandshaker {
} }
return channel.writeAndFlush(frame, promise); return channel.writeAndFlush(frame, promise);
} }
/**
* Return the constructed raw path for the give {@link URI}.
*/
static String rawPath(URI wsURL) {
String path = wsURL.getRawPath();
String query = wsURL.getQuery();
if (query != null && !query.isEmpty()) {
path = path + '?' + query;
}
return path == null || path.isEmpty() ? "/" : path;
}
} }

View File

@ -123,14 +123,7 @@ public class WebSocketClientHandshaker00 extends WebSocketClientHandshaker {
// Get path // Get path
URI wsURL = uri(); URI wsURL = uri();
String path = wsURL.getPath(); String path = rawPath(wsURL);
if (wsURL.getQuery() != null && !wsURL.getQuery().isEmpty()) {
path = wsURL.getPath() + '?' + wsURL.getQuery();
}
if (path == null || path.isEmpty()) {
path = "/";
}
// Format request // Format request
FullHttpRequest request = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, path); FullHttpRequest request = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, path);

View File

@ -92,14 +92,7 @@ public class WebSocketClientHandshaker07 extends WebSocketClientHandshaker {
protected FullHttpRequest newHandshakeRequest() { protected FullHttpRequest newHandshakeRequest() {
// Get path // Get path
URI wsURL = uri(); URI wsURL = uri();
String path = wsURL.getPath(); String path = rawPath(wsURL);
if (wsURL.getQuery() != null && !wsURL.getQuery().isEmpty()) {
path = wsURL.getPath() + '?' + wsURL.getQuery();
}
if (path == null || path.isEmpty()) {
path = "/";
}
// Get 16 bit nonce and base 64 encode it // Get 16 bit nonce and base 64 encode it
byte[] nonce = WebSocketUtil.randomBytes(16); byte[] nonce = WebSocketUtil.randomBytes(16);

View File

@ -92,14 +92,7 @@ public class WebSocketClientHandshaker08 extends WebSocketClientHandshaker {
protected FullHttpRequest newHandshakeRequest() { protected FullHttpRequest newHandshakeRequest() {
// Get path // Get path
URI wsURL = uri(); URI wsURL = uri();
String path = wsURL.getPath(); String path = rawPath(wsURL);
if (wsURL.getQuery() != null && !wsURL.getQuery().isEmpty()) {
path = wsURL.getPath() + '?' + wsURL.getQuery();
}
if (path == null || path.isEmpty()) {
path = "/";
}
// Get 16 bit nonce and base 64 encode it // Get 16 bit nonce and base 64 encode it
byte[] nonce = WebSocketUtil.randomBytes(16); byte[] nonce = WebSocketUtil.randomBytes(16);

View File

@ -92,14 +92,7 @@ public class WebSocketClientHandshaker13 extends WebSocketClientHandshaker {
protected FullHttpRequest newHandshakeRequest() { protected FullHttpRequest newHandshakeRequest() {
// Get path // Get path
URI wsURL = uri(); URI wsURL = uri();
String path = wsURL.getPath(); String path = rawPath(wsURL);
if (wsURL.getQuery() != null && !wsURL.getQuery().isEmpty()) {
path = wsURL.getPath() + '?' + wsURL.getQuery();
}
if (path == null || path.isEmpty()) {
path = "/";
}
// Get 16 bit nonce and base 64 encode it // Get 16 bit nonce and base 64 encode it
byte[] nonce = WebSocketUtil.randomBytes(16); byte[] nonce = WebSocketUtil.randomBytes(16);

View File

@ -0,0 +1,25 @@
/*
* Copyright 2015 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.codec.http.websocketx;
import java.net.URI;
public class WebSocketClientHandshaker00Test extends WebSocketClientHandshakerTest {
@Override
protected WebSocketClientHandshaker newHandshaker(URI uri) {
return new WebSocketClientHandshaker00(uri, WebSocketVersion.V00, null, null, 1024);
}
}

View File

@ -0,0 +1,25 @@
/*
* Copyright 2015 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.codec.http.websocketx;
import java.net.URI;
public class WebSocketClientHandshaker07Test extends WebSocketClientHandshakerTest {
@Override
protected WebSocketClientHandshaker newHandshaker(URI uri) {
return new WebSocketClientHandshaker07(uri, WebSocketVersion.V07, null, false, null, 1024);
}
}

View File

@ -0,0 +1,25 @@
/*
* Copyright 2015 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.codec.http.websocketx;
import java.net.URI;
public class WebSocketClientHandshaker08Test extends WebSocketClientHandshakerTest {
@Override
protected WebSocketClientHandshaker newHandshaker(URI uri) {
return new WebSocketClientHandshaker07(uri, WebSocketVersion.V08, null, false, null, 1024);
}
}

View File

@ -0,0 +1,25 @@
/*
* Copyright 2015 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.codec.http.websocketx;
import java.net.URI;
public class WebSocketClientHandshaker13Test extends WebSocketClientHandshakerTest {
@Override
protected WebSocketClientHandshaker newHandshaker(URI uri) {
return new WebSocketClientHandshaker13(uri, WebSocketVersion.V13, null, false, null, 1024);
}
}

View File

@ -0,0 +1,39 @@
/*
* Copyright 2015 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.codec.http.websocketx;
import io.netty.handler.codec.http.FullHttpRequest;
import org.junit.Test;
import java.net.URI;
import static org.junit.Assert.assertEquals;
public abstract class WebSocketClientHandshakerTest {
protected abstract WebSocketClientHandshaker newHandshaker(URI uri);
@Test
public void testRawPath() {
URI uri = URI.create("ws://localhost:9999/path%20with%20ws");
WebSocketClientHandshaker handshaker = newHandshaker(uri);
FullHttpRequest request = handshaker.newHandshakeRequest();
try {
assertEquals("/path%20with%20ws", request.getUri());
} finally {
request.release();
}
}
}