• Home
• io.nosqlbench
• driver-cql-shaded
• 4.15.38
• source code
• ValidUrlRule.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.eclipse.jetty.rewrite.handler.ValidUrlRule Maven / Gradle / Ivy

//
// ========================================================================
// Copyright (c) 1995-2021 Mort Bay Consulting Pty Ltd and others.
//
// This program and the accompanying materials are made available under the
// terms of the Eclipse Public License v. 2.0 which is available at
// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
// which is available at https://www.apache.org/licenses/LICENSE-2.0.
//
// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
// ========================================================================
//

package org.eclipse.jetty.rewrite.handler;

import java.io.IOException;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.eclipse.jetty.util.URIUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * This rule can be used to protect against invalid unicode characters in a url making it into applications.
 * 

 * The logic is as follows.
 * 

 * 
if decoded uri character is an iso control character return code/reason
 * 
if no UnicodeBlock is found for character return code/reason
 * 
if character is in UnicodeBlock.SPECIALS return code/reason
 * 
 */
public class ValidUrlRule extends Rule
{
    private static final Logger LOG = LoggerFactory.getLogger(ValidUrlRule.class);

    String _code = "400";
    String _message = "Illegal Url";

    public ValidUrlRule()
    {
        _handling = true;
        _terminating = true;
    }

    /**
     * Sets the response status code.
     *
     * @param code response code
     */
    public void setCode(String code)
    {
        _code = code;
    }

    /**
     * Sets the message for the {@link org.eclipse.jetty.server.Response#sendError(int, String)} method.
     *
     * @param message the message
     */
    public void setMessage(String message)
    {
        _message = message;
    }

    @Override
    public String matchAndApply(String target, HttpServletRequest request, HttpServletResponse response) throws IOException
    {
        // best to decide the request uri and validate that
        // String uri = request.getRequestURI();
        String uri = URIUtil.decodePath(request.getRequestURI());

        for (int i = 0; i < uri.length(); )
        {
            int codepoint = uri.codePointAt(i);

            if (!isValidChar(uri.codePointAt(i)))
            {

                int code = Integer.parseInt(_code);

                // status code 400 and up are error codes so include a reason
                if (_message != null && !_message.isEmpty())
                    response.sendError(code, _message);
                else
                    response.setStatus(code);

                // we have matched, return target and consider it is handled
                return target;
            }
            i += Character.charCount(codepoint);
        }

        // we have not matched so return null
        return null;
    }

    protected boolean isValidChar(int codepoint)
    {
        Character.UnicodeBlock block = Character.UnicodeBlock.of(codepoint);

        LOG.debug("{} {} {} {}", Character.charCount(codepoint), codepoint, block, Character.isISOControl(codepoint));

        return (!Character.isISOControl(codepoint)) && block != null && !Character.UnicodeBlock.SPECIALS.equals(block);
    }

    @Override
    public String toString()
    {
        return super.toString() + "[" + _code + ":" + _message + "]";
    }
}