io.netty5.handler.codec.http.HttpObjectDecoder Maven / Gradle / Ivy
/*
* Copyright 2012 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty5.handler.codec.http;
import io.netty5.buffer.Buffer;
import io.netty5.buffer.BufferAllocator;
import io.netty5.channel.ChannelHandlerContext;
import io.netty5.channel.ChannelPipeline;
import io.netty5.handler.codec.ByteToMessageDecoder;
import io.netty5.handler.codec.DecoderResult;
import io.netty5.handler.codec.PrematureChannelClosureException;
import io.netty5.handler.codec.TooLongFrameException;
import io.netty5.handler.codec.http.headers.HttpHeaders;
import io.netty5.util.AsciiString;
import io.netty5.util.ByteProcessor;
import io.netty5.util.internal.AppendableCharSequence;
import java.util.Iterator;
import static io.netty5.util.internal.ObjectUtil.checkPositive;
/**
* Decodes {@link Buffer}s into {@link HttpMessage}s and
* {@link HttpContent}s.
*
* Parameters that prevents excessive memory consumption
*
*
* Name Default value Meaning
*
*
* {@code maxInitialLineLength}
* {@value #DEFAULT_MAX_INITIAL_LINE_LENGTH}
* The maximum length of the initial line
* (e.g. {@code "GET / HTTP/1.0"} or {@code "HTTP/1.0 200 OK"})
* If the length of the initial line exceeds this value, a
* {@link TooLongHttpLineException} will be raised.
*
*
* {@code maxHeaderSize}
* {@value #DEFAULT_MAX_HEADER_SIZE}
* The maximum length of all headers. If the sum of the length of each
* header exceeds this value, a {@link TooLongHttpHeaderException} will be raised.
*
*
*
* Parameters that control parsing behavior
*
*
* Name Default value Meaning
*
*
* {@code allowDuplicateContentLengths}
* {@value #DEFAULT_ALLOW_DUPLICATE_CONTENT_LENGTHS}
* When set to {@code false}, will reject any messages that contain multiple Content-Length header fields.
* When set to {@code true}, will allow multiple Content-Length headers only if they are all the same decimal value.
* The duplicated field-values will be replaced with a single valid Content-Length field.
* See RFC 7230, Section 3.3.2.
*
*
*
* Chunked Content
*
* If the content of an HTTP message is greater than {@code maxChunkSize} or
* the transfer encoding of the HTTP message is 'chunked', this decoder
* generates one {@link HttpMessage} instance and its following
* {@link HttpContent}s per single HTTP message to avoid excessive memory
* consumption. For example, the following HTTP message:
*
* GET / HTTP/1.1
* Transfer-Encoding: chunked
*
* 1a
* abcdefghijklmnopqrstuvwxyz
* 10
* 1234567890abcdef
* 0
* Content-MD5: ...
* [blank line]
*
* triggers {@link HttpRequestDecoder} to generate 3 objects:
*
* - An {@link HttpRequest},
* - The first {@link HttpContent} whose content is {@code 'abcdefghijklmnopqrstuvwxyz'},
* - The second {@link LastHttpContent} whose content is {@code '1234567890abcdef'}, which marks
* the end of the content.
*
*
* If you prefer not to handle {@link HttpContent}s by yourself for your
* convenience, insert {@link HttpObjectAggregator} after this decoder in the
* {@link ChannelPipeline}. However, please note that your server might not
* be as memory efficient as without the aggregator.
*
* Extensibility
*
* Please note that this decoder is designed to be extended to implement
* a protocol derived from HTTP, such as
* RTSP and
* ICAP.
* To implement the decoder of such a derived protocol, extend this class and
* implement all abstract methods properly.
*/
public abstract class HttpObjectDecoder extends ByteToMessageDecoder {
public static final int DEFAULT_MAX_INITIAL_LINE_LENGTH = 4096;
public static final int DEFAULT_MAX_HEADER_SIZE = 8192;
public static final boolean DEFAULT_CHUNKED_SUPPORTED = true;
public static final boolean DEFAULT_VALIDATE_HEADERS = true;
public static final int DEFAULT_INITIAL_BUFFER_SIZE = 128;
public static final boolean DEFAULT_ALLOW_DUPLICATE_CONTENT_LENGTHS = false;
private static final String EMPTY_VALUE = "";
private final boolean chunkedSupported;
protected final boolean validateHeaders;
private final boolean allowDuplicateContentLengths;
private final HeaderParser headerParser;
private final LineParser lineParser;
private HttpMessage message;
private long chunkSize;
private long contentLength = Long.MIN_VALUE;
private volatile boolean resetRequested;
// These will be updated by splitHeader(...)
private CharSequence name;
private CharSequence value;
private LastHttpContent trailer;
/**
* The internal state of {@link HttpObjectDecoder}.
* Internal use only.
*/
private enum State {
SKIP_CONTROL_CHARS,
READ_INITIAL,
READ_HEADER,
READ_VARIABLE_LENGTH_CONTENT,
READ_FIXED_LENGTH_CONTENT,
READ_CHUNK_SIZE,
READ_CHUNKED_CONTENT,
READ_CHUNK_DELIMITER,
READ_CHUNK_FOOTER,
BAD_MESSAGE,
UPGRADED
}
private State currentState = State.SKIP_CONTROL_CHARS;
/**
* Creates a new instance with the default
* {@code maxInitialLineLength (4096}}, {@code maxHeaderSize (8192)}, and
* {@code maxChunkSize (8192)}.
*/
protected HttpObjectDecoder() {
this(DEFAULT_MAX_INITIAL_LINE_LENGTH, DEFAULT_MAX_HEADER_SIZE, DEFAULT_CHUNKED_SUPPORTED);
}
/**
* Creates a new instance with the specified parameters.
*/
protected HttpObjectDecoder(
int maxInitialLineLength, int maxHeaderSize, boolean chunkedSupported) {
this(maxInitialLineLength, maxHeaderSize, chunkedSupported, DEFAULT_VALIDATE_HEADERS);
}
/**
* Creates a new instance with the specified parameters.
*/
protected HttpObjectDecoder(
int maxInitialLineLength, int maxHeaderSize,
boolean chunkedSupported, boolean validateHeaders) {
this(maxInitialLineLength, maxHeaderSize, chunkedSupported, validateHeaders, DEFAULT_INITIAL_BUFFER_SIZE);
}
/**
* Creates a new instance with the specified parameters.
*/
protected HttpObjectDecoder(
int maxInitialLineLength, int maxHeaderSize,
boolean chunkedSupported, boolean validateHeaders, int initialBufferSize) {
this(maxInitialLineLength, maxHeaderSize, chunkedSupported, validateHeaders, initialBufferSize,
DEFAULT_ALLOW_DUPLICATE_CONTENT_LENGTHS);
}
protected HttpObjectDecoder(
int maxInitialLineLength, int maxHeaderSize,
boolean chunkedSupported, boolean validateHeaders, int initialBufferSize,
boolean allowDuplicateContentLengths) {
checkPositive(maxInitialLineLength, "maxInitialLineLength");
checkPositive(maxHeaderSize, "maxHeaderSize");
AppendableCharSequence seq = new AppendableCharSequence(initialBufferSize);
lineParser = new LineParser(seq, maxInitialLineLength);
headerParser = new HeaderParser(seq, maxHeaderSize);
this.chunkedSupported = chunkedSupported;
this.validateHeaders = validateHeaders;
this.allowDuplicateContentLengths = allowDuplicateContentLengths;
}
@Override
protected void decode(ChannelHandlerContext ctx, Buffer buffer) throws Exception {
if (resetRequested) {
resetNow();
}
switch (currentState) {
case SKIP_CONTROL_CHARS:
// Fall-through
case READ_INITIAL: try {
AppendableCharSequence line = lineParser.parse(buffer);
if (line == null) {
return;
}
String[] initialLine = splitInitialLine(line);
if (initialLine.length < 3) {
// Invalid initial line - ignore.
currentState = State.SKIP_CONTROL_CHARS;
return;
}
message = createMessage(initialLine);
currentState = State.READ_HEADER;
// fall-through
} catch (Exception e) {
ctx.fireChannelRead(invalidMessage(ctx, buffer, e));
return;
}
case READ_HEADER: try {
State nextState = readHeaders(buffer);
if (nextState == null) {
return;
}
currentState = nextState;
switch (nextState) {
case SKIP_CONTROL_CHARS:
// fast-path
// No content is expected.
ctx.fireChannelRead(message);
ctx.fireChannelRead(new EmptyLastHttpContent(ctx.bufferAllocator()));
resetNow();
return;
case READ_CHUNK_SIZE:
if (!chunkedSupported) {
throw new IllegalArgumentException("Chunked messages not supported");
}
// Chunked encoding - generate HttpMessage first. HttpChunks will follow.
ctx.fireChannelRead(message);
return;
default:
/*
RFC 7230, 3.3.3 (https://tools.ietf.org/html/rfc7230#section-3.3.3) states that if a
request does not have either a transfer-encoding or a content-length header then the message body
length is 0. However for a response the body length is the number of octets received prior to the
server closing the connection. So we treat this as variable length chunked encoding.
*/
long contentLength = contentLength();
if (contentLength == 0 || contentLength == -1 && isDecodingRequest()) {
ctx.fireChannelRead(message);
ctx.fireChannelRead(new EmptyLastHttpContent(ctx.bufferAllocator()));
resetNow();
return;
}
assert nextState == State.READ_FIXED_LENGTH_CONTENT ||
nextState == State.READ_VARIABLE_LENGTH_CONTENT;
ctx.fireChannelRead(message);
if (nextState == State.READ_FIXED_LENGTH_CONTENT) {
// chunkSize will be decreased as the READ_FIXED_LENGTH_CONTENT state reads data chunk by chunk.
chunkSize = contentLength;
}
// We return here, this forces decode to be called again where we will decode the content
return;
}
} catch (Exception e) {
ctx.fireChannelRead(invalidMessage(ctx, buffer, e));
return;
}
case READ_VARIABLE_LENGTH_CONTENT: {
// Keep reading data as a chunk until the end of connection is reached.
int toRead = buffer.readableBytes();
if (toRead > 0) {
Buffer content = buffer.split();
ctx.fireChannelRead(new DefaultHttpContent(content));
}
return;
}
case READ_FIXED_LENGTH_CONTENT: {
int toRead = buffer.readableBytes();
// Check if the buffer is readable first as we use the readable byte count
// to create the HttpChunk. This is needed as otherwise we may end up with
// create an HttpChunk instance that contains an empty buffer and so is
// handled like it is the last HttpChunk.
//
// See https://github.com/netty/netty/issues/433
if (toRead == 0) {
return;
}
if (toRead > chunkSize) {
toRead = (int) chunkSize;
}
Buffer content = buffer.readSplit(toRead);
chunkSize -= toRead;
if (chunkSize == 0) {
// Read all content.
ctx.fireChannelRead(new DefaultLastHttpContent(content, validateHeaders));
resetNow();
} else {
ctx.fireChannelRead(new DefaultHttpContent(content));
}
return;
}
/*
everything else after this point takes care of reading chunked content. basically, read chunk size,
read chunk, read and ignore the CRLF and repeat until 0
*/
case READ_CHUNK_SIZE: try {
AppendableCharSequence line = lineParser.parse(buffer);
if (line == null) {
return;
}
int chunkSize = getChunkSize(line.toString());
this.chunkSize = chunkSize;
if (chunkSize == 0) {
currentState = State.READ_CHUNK_FOOTER;
return;
}
currentState = State.READ_CHUNKED_CONTENT;
// fall-through
} catch (Exception e) {
ctx.fireChannelRead(invalidChunk(ctx.bufferAllocator(), buffer, e));
return;
}
case READ_CHUNKED_CONTENT: {
assert chunkSize <= Integer.MAX_VALUE;
int toRead = (int) chunkSize;
toRead = Math.min(toRead, buffer.readableBytes());
if (toRead == 0) {
return;
}
HttpContent chunk = new DefaultHttpContent(buffer.readSplit(toRead));
chunkSize -= toRead;
ctx.fireChannelRead(chunk);
if (chunkSize != 0) {
return;
}
currentState = State.READ_CHUNK_DELIMITER;
// fall-through
}
case READ_CHUNK_DELIMITER: {
// include LF in the bytes to skip
int bytesToSkip = buffer.bytesBefore(HttpConstants.LF) + 1;
if (bytesToSkip > 0) {
currentState = State.READ_CHUNK_SIZE;
buffer.skipReadableBytes(bytesToSkip);
} else {
buffer.skipReadableBytes(buffer.readableBytes());
}
return;
}
case READ_CHUNK_FOOTER: try {
LastHttpContent trailer = readTrailingHeaders(ctx.bufferAllocator(), buffer);
if (trailer == null) {
return;
}
ctx.fireChannelRead(trailer);
resetNow();
return;
} catch (Exception e) {
ctx.fireChannelRead(invalidChunk(ctx.bufferAllocator(), buffer, e));
return;
}
case BAD_MESSAGE: {
// Keep discarding until disconnection.
buffer.skipReadableBytes(buffer.readableBytes());
break;
}
case UPGRADED: {
int readableBytes = buffer.readableBytes();
if (readableBytes > 0) {
// Keep on consuming as otherwise we may trigger an DecoderException,
// other handler will replace this codec with the upgraded protocol codec to
// take the traffic over at some point then.
// See https://github.com/netty/netty/issues/2173
ctx.fireChannelRead(buffer.split());
}
break;
}
default:
break;
}
}
@Override
protected void decodeLast(ChannelHandlerContext ctx, Buffer in) throws Exception {
super.decodeLast(ctx, in);
if (resetRequested) {
// If a reset was requested by decodeLast() we need to do it now otherwise we may produce a
// LastHttpContent while there was already one.
resetNow();
}
// Handle the last unfinished message.
if (message != null) {
boolean chunked = HttpUtil.isTransferEncodingChunked(message);
if (currentState == State.READ_VARIABLE_LENGTH_CONTENT && in.readableBytes() == 0 && !chunked) {
// End of connection.
ctx.fireChannelRead(new EmptyLastHttpContent(ctx.bufferAllocator()));
resetNow();
return;
}
if (currentState == State.READ_HEADER) {
// If we are still in the state of reading headers we need to create a new invalid message that
// signals that the connection was closed before we received the headers.
ctx.fireChannelRead(invalidMessage(ctx,
new PrematureChannelClosureException("Connection closed before received headers")));
resetNow();
return;
}
// Check if the closure of the connection signifies the end of the content.
boolean prematureClosure;
if (isDecodingRequest() || chunked) {
// The last request did not wait for a response.
prematureClosure = true;
} else {
// Compare the length of the received content and the 'Content-Length' header.
// If the 'Content-Length' header is absent, the length of the content is determined by the end of the
// connection, so it is perfectly fine.
prematureClosure = contentLength() > 0;
}
if (!prematureClosure) {
ctx.fireChannelRead(new EmptyLastHttpContent(ctx.bufferAllocator()));
}
resetNow();
}
}
@Override
public void channelInboundEvent(ChannelHandlerContext ctx, Object evt) throws Exception {
if (evt instanceof HttpExpectationFailedEvent) {
switch (currentState) {
case READ_FIXED_LENGTH_CONTENT:
case READ_VARIABLE_LENGTH_CONTENT:
case READ_CHUNK_SIZE:
reset();
break;
default:
break;
}
}
super.channelInboundEvent(ctx, evt);
}
protected boolean isContentAlwaysEmpty(HttpMessage msg) {
if (msg instanceof HttpResponse) {
HttpResponse res = (HttpResponse) msg;
int code = res.status().code();
// All 1xx (Informational), 204 (No Content), and 304 (Not Modified) responses do not include
// a message body. All other responses do include a message body,
// although the body might be of zero length.
// https://httpwg.org/specs/rfc7230.html#message.body
if (code >= 100 && code < 200) {
return true;
}
return code == 204 || code == 304;
}
return false;
}
/**
* Returns true if the server switched to a different protocol than HTTP/1.0 or HTTP/1.1, e.g. HTTP/2 or Websocket.
* Returns false if the upgrade happened in a different layer, e.g. upgrade from HTTP/1.1 to HTTP/1.1 over TLS.
*/
protected boolean isSwitchingToNonHttp1Protocol(HttpResponse msg) {
if (msg.status().code() != HttpResponseStatus.SWITCHING_PROTOCOLS.code()) {
return false;
}
CharSequence newProtocol = msg.headers().get(HttpHeaderNames.UPGRADE);
return newProtocol == null ||
!AsciiString.contains(newProtocol, HttpVersion.HTTP_1_0.text()) &&
!AsciiString.contains(newProtocol, HttpVersion.HTTP_1_1.text());
}
/**
* Resets the state of the decoder so that it is ready to decode a new message.
* This method is useful for handling a rejected request with {@code Expect: 100-continue} header.
*/
public void reset() {
resetRequested = true;
}
private void resetNow() {
HttpMessage message = this.message;
this.message = null;
name = null;
value = null;
contentLength = Long.MIN_VALUE;
lineParser.reset();
headerParser.reset();
trailer = null;
if (!isDecodingRequest()) {
HttpResponse res = (HttpResponse) message;
if (res != null && isSwitchingToNonHttp1Protocol(res)) {
currentState = State.UPGRADED;
return;
}
}
resetRequested = false;
currentState = State.SKIP_CONTROL_CHARS;
}
private HttpMessage invalidMessage(ChannelHandlerContext ctx, Buffer in, Exception cause) {
// Advance the readerIndex so that ByteToMessageDecoder does not complain
// when we produced an invalid message without consuming anything.
in.skipReadableBytes(in.readableBytes());
return invalidMessage(ctx, cause);
}
private HttpMessage invalidMessage(ChannelHandlerContext ctx, Exception cause) {
currentState = State.BAD_MESSAGE;
if (message == null) {
message = createInvalidMessage(ctx);
}
message.setDecoderResult(DecoderResult.failure(cause));
HttpMessage ret = message;
message = null;
return ret;
}
private HttpContent invalidChunk(BufferAllocator allocator, Buffer in, Exception cause) {
currentState = State.BAD_MESSAGE;
// Advance the readerIndex so that ByteToMessageDecoder does not complain
// when we produced an invalid message without consuming anything.
in.skipReadableBytes(in.readableBytes());
HttpContent chunk = new DefaultLastHttpContent(allocator.allocate(0));
chunk.setDecoderResult(DecoderResult.failure(cause));
message = null;
trailer = null;
return chunk;
}
private State readHeaders(Buffer buffer) {
final HttpMessage message = this.message;
final HttpHeaders headers = message.headers();
AppendableCharSequence line = headerParser.parse(buffer);
if (line == null) {
return null;
}
if (line.length() > 0) {
do {
char firstChar = line.charAtUnsafe(0);
if (name != null && (firstChar == ' ' || firstChar == '\t')) {
String trimmedLine = line.toString().trim();
String valueStr = String.valueOf(value);
value = valueStr + ' ' + trimmedLine;
} else {
if (name != null) {
headers.add(name, value);
}
splitHeader(line);
}
line = headerParser.parse(buffer);
if (line == null) {
return null;
}
} while (line.length() > 0);
}
// Add the last header.
if (name != null) {
headers.add(name, value);
}
// reset name and value fields
name = null;
value = null;
// Done parsing initial line and headers. Set decoder result.
HttpMessageDecoderResult decoderResult = new HttpMessageDecoderResult(lineParser.size, headerParser.size);
message.setDecoderResult(decoderResult);
Iterator contentLengthFields = headers.valuesIterator(HttpHeaderNames.CONTENT_LENGTH);
boolean hasContentLength = contentLengthFields.hasNext();
if (hasContentLength) {
HttpVersion version = message.protocolVersion();
boolean isHttp10OrEarlier = version.majorVersion() < 1 ||
(version.majorVersion() == 1 && version.minorVersion() == 0);
// Guard against multiple Content-Length headers as stated in
// https://tools.ietf.org/html/rfc7230#section-3.3.2:
contentLength = HttpUtil.normalizeAndGetContentLength(contentLengthFields,
isHttp10OrEarlier, allowDuplicateContentLengths);
if (contentLength != -1) {
headers.set(HttpHeaderNames.CONTENT_LENGTH, String.valueOf(contentLength));
}
}
if (isContentAlwaysEmpty(message)) {
HttpUtil.setTransferEncodingChunked(message, false);
return State.SKIP_CONTROL_CHARS;
} else if (HttpUtil.isTransferEncodingChunked(message)) {
if (hasContentLength && message.protocolVersion() == HttpVersion.HTTP_1_1) {
handleTransferEncodingChunkedWithContentLength(message);
}
return State.READ_CHUNK_SIZE;
} else if (contentLength() >= 0) {
return State.READ_FIXED_LENGTH_CONTENT;
} else {
return State.READ_VARIABLE_LENGTH_CONTENT;
}
}
/**
* Invoked when a message with both a "Transfer-Encoding: chunked" and a "Content-Length" header field is detected.
* The default behavior is to remove the Content-Length field, but this method could be overridden
* to change the behavior (to, e.g., throw an exception and produce an invalid message).
*
* See: RFC 7230 section-3.3.3:
*
* If a message is received with both a Transfer-Encoding and a
* Content-Length header field, the Transfer-Encoding overrides the
* Content-Length. Such a message might indicate an attempt to
* perform request smuggling (Section 9.5) or response splitting
* (Section 9.4) and ought to be handled as an error. A sender MUST
* remove the received Content-Length field prior to forwarding such
* a message downstream.
*
* Also see:
* https://github.com/apache/tomcat/blob/b693d7c1981/java/org/apache/coyote/http11/Http11Processor.java#L747-L755
* https://github.com/nginx/nginx/blob/0ad4393e30c11/src/http/ngx_http_request.c#L1946-L1953
*/
protected void handleTransferEncodingChunkedWithContentLength(HttpMessage message) {
message.headers().remove(HttpHeaderNames.CONTENT_LENGTH);
contentLength = Long.MIN_VALUE;
}
private long contentLength() {
if (contentLength == Long.MIN_VALUE) {
contentLength = HttpUtil.getContentLength(message, -1L);
}
return contentLength;
}
private LastHttpContent readTrailingHeaders(BufferAllocator allocator, Buffer buffer) {
AppendableCharSequence line = headerParser.parse(buffer);
if (line == null) {
return null;
}
LastHttpContent trailer = this.trailer;
if (line.length() == 0 && trailer == null) {
// We have received the empty line which signals the trailer is complete and did not parse any trailers
// before. Just return an empty last content to reduce allocations.
return new EmptyLastHttpContent(allocator);
}
CharSequence lastHeader = null;
if (trailer == null) {
trailer = this.trailer = new DefaultLastHttpContent(allocator.allocate(0), validateHeaders);
}
while (line.length() > 0) {
char firstChar = line.charAtUnsafe(0);
if (lastHeader != null && (firstChar == ' ' || firstChar == '\t')) {
Iterator itr = trailer.trailingHeaders().valuesIterator(lastHeader);
CharSequence last = null;
while (itr.hasNext()) {
last = itr.next();
}
if (last != null) {
itr.remove();
//please do not make one line from below code
//as it breaks +XX:OptimizeStringConcat optimization
String lineTrimmed = line.toString().trim();
trailer.trailingHeaders().add(lastHeader, last + lineTrimmed);
}
} else {
splitHeader(line);
CharSequence headerName = name;
if (!HttpHeaderNames.CONTENT_LENGTH.contentEqualsIgnoreCase(headerName) &&
!HttpHeaderNames.TRANSFER_ENCODING.contentEqualsIgnoreCase(headerName) &&
!HttpHeaderNames.TRAILER.contentEqualsIgnoreCase(headerName)) {
trailer.trailingHeaders().add(headerName, value);
}
lastHeader = name;
// reset name and value fields
name = null;
value = null;
}
line = headerParser.parse(buffer);
if (line == null) {
return null;
}
}
this.trailer = null;
return trailer;
}
protected abstract boolean isDecodingRequest();
protected abstract HttpMessage createMessage(String[] initialLine) throws Exception;
protected abstract HttpMessage createInvalidMessage(ChannelHandlerContext ctx);
private static int getChunkSize(String hex) {
hex = hex.trim();
for (int i = 0; i < hex.length(); i ++) {
char c = hex.charAt(i);
if (c == ';' || Character.isWhitespace(c) || Character.isISOControl(c)) {
hex = hex.substring(0, i);
break;
}
}
return Integer.parseInt(hex, 16);
}
private static String[] splitInitialLine(AppendableCharSequence sb) {
int aStart;
int aEnd;
int bStart;
int bEnd;
int cStart;
int cEnd;
aStart = findNonSPLenient(sb, 0);
aEnd = findSPLenient(sb, aStart);
bStart = findNonSPLenient(sb, aEnd);
bEnd = findSPLenient(sb, bStart);
cStart = findNonSPLenient(sb, bEnd);
cEnd = findEndOfString(sb);
return new String[] {
sb.subStringUnsafe(aStart, aEnd),
sb.subStringUnsafe(bStart, bEnd),
cStart < cEnd? sb.subStringUnsafe(cStart, cEnd) : "" };
}
private void splitHeader(AppendableCharSequence sb) {
final int length = sb.length();
int nameStart;
int nameEnd;
int colonEnd;
int valueStart;
int valueEnd;
nameStart = findNonWhitespace(sb, 0);
for (nameEnd = nameStart; nameEnd < length; nameEnd ++) {
char ch = sb.charAtUnsafe(nameEnd);
// https://tools.ietf.org/html/rfc7230#section-3.2.4
//
// No whitespace is allowed between the header field-name and colon. In
// the past, differences in the handling of such whitespace have led to
// security vulnerabilities in request routing and response handling. A
// server MUST reject any received request message that contains
// whitespace between a header field-name and colon with a response code
// of 400 (Bad Request). A proxy MUST remove any such whitespace from a
// response message before forwarding the message downstream.
if (ch == ':' ||
// In case of decoding a request we will just continue processing and header validation
// is done in the DefaultHttpHeaders implementation.
//
// In the case of decoding a response we will "skip" the whitespace.
!isDecodingRequest() && isOWS(ch)) {
break;
}
}
if (nameEnd == length) {
// There was no colon present at all.
throw new IllegalArgumentException("No colon found");
}
for (colonEnd = nameEnd; colonEnd < length; colonEnd ++) {
if (sb.charAtUnsafe(colonEnd) == ':') {
colonEnd ++;
break;
}
}
name = sb.subStringUnsafe(nameStart, nameEnd);
valueStart = findNonWhitespace(sb, colonEnd);
if (valueStart == length) {
value = EMPTY_VALUE;
} else {
valueEnd = findEndOfString(sb);
value = sb.subStringUnsafe(valueStart, valueEnd);
}
}
private static int findNonSPLenient(AppendableCharSequence sb, int offset) {
for (int result = offset; result < sb.length(); ++result) {
char c = sb.charAtUnsafe(result);
// See https://tools.ietf.org/html/rfc7230#section-3.5
if (isSPLenient(c)) {
continue;
}
if (Character.isWhitespace(c)) {
// Any other whitespace delimiter is invalid
throw new IllegalArgumentException("Invalid separator");
}
return result;
}
return sb.length();
}
private static int findSPLenient(AppendableCharSequence sb, int offset) {
for (int result = offset; result < sb.length(); ++result) {
if (isSPLenient(sb.charAtUnsafe(result))) {
return result;
}
}
return sb.length();
}
private static boolean isSPLenient(char c) {
// See https://tools.ietf.org/html/rfc7230#section-3.5
return c == ' ' || c == (char) 0x09 || c == (char) 0x0B || c == (char) 0x0C || c == (char) 0x0D;
}
private static int findNonWhitespace(AppendableCharSequence sb, int offset) {
for (int result = offset; result < sb.length(); ++result) {
char c = sb.charAtUnsafe(result);
if (!Character.isWhitespace(c)) {
return result;
} else if (!isOWS(c)) {
// Only OWS is supported for whitespace
throw new IllegalArgumentException("Invalid separator, only a single space or horizontal tab allowed," +
" but received a '" + c + "' (0x" + Integer.toHexString(c) + ')');
}
}
return sb.length();
}
private static int findEndOfString(AppendableCharSequence sb) {
for (int result = sb.length() - 1; result > 0; --result) {
if (!Character.isWhitespace(sb.charAtUnsafe(result))) {
return result + 1;
}
}
return 0;
}
private static boolean isOWS(char ch) {
return ch == ' ' || ch == (char) 0x09;
}
private static class HeaderParser implements ByteProcessor {
private final AppendableCharSequence seq;
private final int maxLength;
int size;
HeaderParser(AppendableCharSequence seq, int maxLength) {
this.seq = seq;
this.maxLength = maxLength;
}
public AppendableCharSequence parse(Buffer buffer) {
final int oldSize = size;
seq.reset();
int i = buffer.openCursor().process(this);
if (i == -1) {
size = oldSize;
return null;
}
buffer.skipReadableBytes(i + 1);
return seq;
}
public void reset() {
size = 0;
}
@Override
public boolean process(byte value) {
char nextByte = (char) (value & 0xFF);
if (nextByte == HttpConstants.LF) {
int len = seq.length();
// Drop CR if we had a CRLF pair
if (len >= 1 && seq.charAtUnsafe(len - 1) == HttpConstants.CR) {
-- size;
seq.setLength(len - 1);
}
return false;
}
increaseCount();
seq.append(nextByte);
return true;
}
protected final void increaseCount() {
if (++ size > maxLength) {
// TODO: Respond with Bad Request and discard the traffic
// or close the connection.
// No need to notify the upstream handlers - just log.
// If decoding a response, just throw an exception.
throw newException(maxLength);
}
}
protected TooLongFrameException newException(int maxLength) {
return new TooLongHttpHeaderException("HTTP header is larger than " + maxLength + " bytes.");
}
}
private final class LineParser extends HeaderParser {
LineParser(AppendableCharSequence seq, int maxLength) {
super(seq, maxLength);
}
@Override
public AppendableCharSequence parse(Buffer buffer) {
// Suppress a warning because HeaderParser.reset() is supposed to be called
reset(); // lgtm[java/subtle-inherited-call]
return super.parse(buffer);
}
@Override
public boolean process(byte value) {
if (currentState == State.SKIP_CONTROL_CHARS) {
char c = (char) (value & 0xFF);
if (Character.isISOControl(c) || Character.isWhitespace(c)) {
increaseCount();
return true;
}
currentState = State.READ_INITIAL;
}
return super.process(value);
}
@Override
protected TooLongFrameException newException(int maxLength) {
return new TooLongHttpLineException("An HTTP line is larger than " + maxLength + " bytes.");
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy