diff options
author | Bjørn Christian Seime <bjorncs@yahoo-inc.com> | 2017-03-28 12:50:44 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahoo-inc.com> | 2017-03-28 14:12:40 +0200 |
commit | 3f94d594ba3e9fa9d75b007c6d228a4aee74cd44 (patch) | |
tree | 90288fe5652834c8ed97995b78fe618a5f4c55b7 /jdisc_http_service | |
parent | 2f8d41fcdfd841095870104eab4260b5cf50b61d (diff) |
Handle invalid uri escape pattern
Diffstat (limited to 'jdisc_http_service')
2 files changed, 14 insertions, 1 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java index 9c3669fc3c7..686036a4caf 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java @@ -143,8 +143,10 @@ public class AccessLogRequestLog extends AbstractLifeCycle implements RequestLog try { // inconsistent handling of semi-colon added here... return URLDecoder.decode(quotedQuery, StandardCharsets.UTF_8.name()); - } catch (UnsupportedEncodingException e) { + } catch (IllegalArgumentException e) { return quotedQuery; + } catch (UnsupportedEncodingException e) { + throw new RuntimeException(e); // should not happen } } } diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java index 0fdf45397c4..18355ee7e5d 100644 --- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java +++ b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java @@ -60,4 +60,15 @@ public class AccessLogRequestLogTest { } + @Test + public void invalid_percent_escape_patterns_in_query_string_are_escaped() { + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + when(httpServletRequest.getRequestURI()).thenReturn("/search/"); + when(httpServletRequest.getQueryString()).thenReturn("q=%%2"); + + AccessLogEntry accessLogEntry = new AccessLogEntry(); + AccessLogRequestLog.populateAccessLogEntryFromHttpServletRequest(httpServletRequest, accessLogEntry); + assertThat(accessLogEntry.getURI().toString(), is("/search/?q=%25%252")); + } + } |