Package org.glassfish.grizzly.http.util

Class HttpRequestURIDecoder

java.lang.Object
org.glassfish.grizzly.http.util.HttpRequestURIDecoder
public class HttpRequestURIDecoder extends Object
Utility class that make sure an HTTP url defined inside a MessageBytes is normalized, converted and valid. It also makes sure there is no security hole. Mainly, this class can be used by doing: 

 

 HttpRequestURIDecoder.decode(decodedURI, urlDecoder, encoding, b2cConverter);
Author:
Jeanfrancois Arcand

  • Field Details

  • Constructor Details

    • HttpRequestURIDecoder

      public HttpRequestURIDecoder()

  • Method Details

    • decode

      public static void decode(MessageBytes decodedURI, UDecoder urlDecoder) throws Exception
      Decode the http request represented by the bytes inside MessageBytes using an UDecoder.
      Parameters:
      decodedURI - - The bytes to decode
      urlDecoder - - The urlDecoder to use to decode.
      Throws:
      Exception

    • decode

      public static void decode(MessageBytes decodedURI, UDecoder urlDecoder, String encoding, B2CConverter b2cConverter) throws Exception
      Decode the HTTP request represented by the bytes inside MessageBytes using an UDecoder, using the specified encoding, using the specified [@link B2CConverter} to decode the request.
      Parameters:
      decodedURI - - The bytes to decode
      urlDecoder - - The urlDecoder to use to decode.
      encoding - the encoding value, default is UTF-8.
      b2cConverter - the Bytes to Char Converter.
      Throws:
      Exception

    • decode

      public static void decode(DataChunk decodedURI) throws CharConversionException
      Decode the HTTP request represented by the bytes inside DataChunk.
      Parameters:
      decodedURI - - The bytes to decode
      Throws:
      CharConversionException

    • decode

      public static void decode(DataChunk decodedURI, boolean isSlashAllowed) throws CharConversionException
      Decode the HTTP request represented by the bytes inside DataChunk.
      Parameters:
      decodedURI - - The bytes to decode
      isSlashAllowed - allow encoded slashes
      Throws:
      CharConversionException

    • decode

      public static void decode(DataChunk decodedURI, boolean isSlashAllowed, Charset encoding) throws CharConversionException
      Decode the HTTP request represented by the bytes inside DataChunk.
      Parameters:
      decodedURI - - The bytes to decode
      isSlashAllowed - allow encoded slashes
      encoding - the encoding value, default is UTF-8.
      Throws:
      CharConversionException

    • decode

      public static void decode(DataChunk originalURI, DataChunk targetDecodedURI, boolean isSlashAllowed, Charset encoding) throws CharConversionException
      Decode the HTTP request represented by the bytes inside DataChunk.
      Parameters:
      originalURI - - The bytes to decode
      targetDecodedURI - the target DataChunk URI will be decoded to
      isSlashAllowed - is '/' an allowable character
      encoding - the encoding value, default is UTF-8
      Throws:
      CharConversionException

    • convertToChars

      public static void convertToChars(DataChunk decodedURI, Charset encoding) throws CharConversionException
      Converts the normalized the HTTP request represented by the bytes inside DataChunk to chars representation, using the passed encoding.
      Parameters:
      decodedURI - - The bytes to decode
      encoding - the encoding value, default is UTF-8.
      Throws:
      CharConversionException

    • normalize

      public static boolean normalize(MessageBytes uriMB)
      Normalize URI.

      This method normalizes "\", "//", "/./" and "/../". This method will return false when trying to go above the root, or if the URI contains a null byte.

      Parameters:
      uriMB - URI to be normalized
      Returns:
      true if normalization was successful, or false otherwise

    • normalize

      public static boolean normalize(DataChunk dataChunk)
      Normalize URI.

      This method normalizes "\", "//", "/./" and "/../". This method will return false when trying to go above the root, or if the URI contains a null byte.

      Parameters:
      dataChunk - URI to be normalized
      Returns:
      true if normalization was successful, or false otherwise

    • checkNormalize

      public static boolean checkNormalize(CharChunk uriCC)
      Check that the URI is normalized following character decoding.

      This method checks for "\", 0, "//", "/./" and "/../". This method will return false if sequences that are supposed to be normalized are still present in the URI.

      Parameters:
      uriCC - URI to be checked (should be chars)
      Returns:
      true if the uriCC represents a normalized URI, or false otherwise

    • normalizeChars

      public static boolean normalizeChars(CharChunk uriCC)

    • copyBytes

      protected static void copyBytes(byte[] b, int dest, int src, int len)
      Copy an array of bytes to a different position. Used during normalization.

    • log

      protected void log(String message)
      Log a message on the Logger associated with our Container (if any)
      Parameters:
      message - Message to be logged

    • log

      protected void log(String message, Throwable throwable)
      Log a message on the Logger associated with our Container (if any)
      Parameters:
      message - Message to be logged
      throwable - Associated exception

    • convertMB

      protected void convertMB(MessageBytes mb)
      Character conversion of the a US-ASCII MessageBytes.

    • normalizeBytes

      public static boolean normalizeBytes(ByteChunk bc)

    • normalizeBuffer

      public static boolean normalizeBuffer(BufferChunk bc)