summaryrefslogtreecommitdiffstats
path: root/jdisc_http_service
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@yahoo-inc.com>2017-03-28 12:50:44 +0200
committerBjørn Christian Seime <bjorncs@yahoo-inc.com>2017-03-28 14:12:40 +0200
commit3f94d594ba3e9fa9d75b007c6d228a4aee74cd44 (patch)
tree90288fe5652834c8ed97995b78fe618a5f4c55b7 /jdisc_http_service
parent2f8d41fcdfd841095870104eab4260b5cf50b61d (diff)
Handle invalid uri escape pattern
Diffstat (limited to 'jdisc_http_service')
-rw-r--r--jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java4
-rw-r--r--jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java11
2 files changed, 14 insertions, 1 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java
index 9c3669fc3c7..686036a4caf 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java
@@ -143,8 +143,10 @@ public class AccessLogRequestLog extends AbstractLifeCycle implements RequestLog
try {
// inconsistent handling of semi-colon added here...
return URLDecoder.decode(quotedQuery, StandardCharsets.UTF_8.name());
- } catch (UnsupportedEncodingException e) {
+ } catch (IllegalArgumentException e) {
return quotedQuery;
+ } catch (UnsupportedEncodingException e) {
+ throw new RuntimeException(e); // should not happen
}
}
}
diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java
index 0fdf45397c4..18355ee7e5d 100644
--- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java
+++ b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java
@@ -60,4 +60,15 @@ public class AccessLogRequestLogTest {
}
+ @Test
+ public void invalid_percent_escape_patterns_in_query_string_are_escaped() {
+ HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
+ when(httpServletRequest.getRequestURI()).thenReturn("/search/");
+ when(httpServletRequest.getQueryString()).thenReturn("q=%%2");
+
+ AccessLogEntry accessLogEntry = new AccessLogEntry();
+ AccessLogRequestLog.populateAccessLogEntryFromHttpServletRequest(httpServletRequest, accessLogEntry);
+ assertThat(accessLogEntry.getURI().toString(), is("/search/?q=%25%252"));
+ }
+
}