Package org.glassfish.grizzly.http.util
Class HttpRequestURIDecoder
java.lang.Object
org.glassfish.grizzly.http.util.HttpRequestURIDecoder
Utility class that make sure an HTTP url defined inside a
MessageBytes
is normalized, converted and valid. It
also makes sure there is no security hole. Mainly, this class can be used by doing:
HttpRequestURIDecoder.decode(decodedURI, urlDecoder, encoding, b2cConverter);
- Author:
- Jeanfrancois Arcand
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic boolean
checkNormalize
(CharChunk uriCC) Check that the URI is normalized following character decoding.protected void
Character conversion of the a US-ASCII MessageBytes.static void
convertToChars
(DataChunk decodedURI, Charset encoding) Converts the normalized the HTTP request represented by the bytes insideDataChunk
to chars representation, using the passed encoding.protected static void
copyBytes
(byte[] b, int dest, int src, int len) Copy an array of bytes to a different position.static void
Decode the HTTP request represented by the bytes insideDataChunk
.static void
Decode the HTTP request represented by the bytes insideDataChunk
.static void
Decode the HTTP request represented by the bytes insideDataChunk
.static void
Decode the HTTP request represented by the bytes insideDataChunk
.static void
decode
(MessageBytes decodedURI, UDecoder urlDecoder) Decode the http request represented by the bytes insideMessageBytes
using anUDecoder
.static void
decode
(MessageBytes decodedURI, UDecoder urlDecoder, String encoding, B2CConverter b2cConverter) Decode the HTTP request represented by the bytes insideMessageBytes
using anUDecoder
, using the specified encoding, using the specified [@link B2CConverter} to decode the request.protected void
Log a message on the Logger associated with our Container (if any)protected void
Log a message on the Logger associated with our Container (if any)static boolean
Normalize URI.static boolean
normalize
(MessageBytes uriMB) Normalize URI.static boolean
static boolean
static boolean
normalizeChars
(CharChunk uriCC)
-
Field Details
-
ALLOW_BACKSLASH
protected static final boolean ALLOW_BACKSLASH- See Also:
-
-
Constructor Details
-
HttpRequestURIDecoder
public HttpRequestURIDecoder()
-
-
Method Details
-
decode
Decode the http request represented by the bytes insideMessageBytes
using anUDecoder
.- Parameters:
decodedURI
- - The bytes to decodeurlDecoder
- - The urlDecoder to use to decode.- Throws:
Exception
-
decode
public static void decode(MessageBytes decodedURI, UDecoder urlDecoder, String encoding, B2CConverter b2cConverter) throws Exception Decode the HTTP request represented by the bytes insideMessageBytes
using anUDecoder
, using the specified encoding, using the specified [@link B2CConverter} to decode the request.- Parameters:
decodedURI
- - The bytes to decodeurlDecoder
- - The urlDecoder to use to decode.encoding
- the encoding value, default is UTF-8.b2cConverter
- the Bytes to Char Converter.- Throws:
Exception
-
decode
Decode the HTTP request represented by the bytes insideDataChunk
.- Parameters:
decodedURI
- - The bytes to decode- Throws:
CharConversionException
-
decode
public static void decode(DataChunk decodedURI, boolean isSlashAllowed) throws CharConversionException Decode the HTTP request represented by the bytes insideDataChunk
.- Parameters:
decodedURI
- - The bytes to decodeisSlashAllowed
- allow encoded slashes- Throws:
CharConversionException
-
decode
public static void decode(DataChunk decodedURI, boolean isSlashAllowed, Charset encoding) throws CharConversionException Decode the HTTP request represented by the bytes insideDataChunk
.- Parameters:
decodedURI
- - The bytes to decodeisSlashAllowed
- allow encoded slashesencoding
- the encoding value, default is UTF-8.- Throws:
CharConversionException
-
decode
public static void decode(DataChunk originalURI, DataChunk targetDecodedURI, boolean isSlashAllowed, Charset encoding) throws CharConversionException Decode the HTTP request represented by the bytes insideDataChunk
.- Parameters:
originalURI
- - The bytes to decodetargetDecodedURI
- the targetDataChunk
URI will be decoded toisSlashAllowed
- is '/' an allowable characterencoding
- the encoding value, default is UTF-8- Throws:
CharConversionException
-
convertToChars
public static void convertToChars(DataChunk decodedURI, Charset encoding) throws CharConversionException Converts the normalized the HTTP request represented by the bytes insideDataChunk
to chars representation, using the passed encoding.- Parameters:
decodedURI
- - The bytes to decodeencoding
- the encoding value, default is UTF-8.- Throws:
CharConversionException
-
normalize
Normalize URI.This method normalizes "\", "//", "/./" and "/../". This method will return false when trying to go above the root, or if the URI contains a null byte.
- Parameters:
uriMB
- URI to be normalized- Returns:
- true if normalization was successful, or false otherwise
-
normalize
Normalize URI.This method normalizes "\", "//", "/./" and "/../". This method will return false when trying to go above the root, or if the URI contains a null byte.
- Parameters:
dataChunk
- URI to be normalized- Returns:
- true if normalization was successful, or false otherwise
-
checkNormalize
Check that the URI is normalized following character decoding.This method checks for "\", 0, "//", "/./" and "/../". This method will return false if sequences that are supposed to be normalized are still present in the URI.
- Parameters:
uriCC
- URI to be checked (should be chars)- Returns:
- true if the uriCC represents a normalized URI, or false otherwise
-
normalizeChars
-
copyBytes
protected static void copyBytes(byte[] b, int dest, int src, int len) Copy an array of bytes to a different position. Used during normalization. -
log
Log a message on the Logger associated with our Container (if any)- Parameters:
message
- Message to be logged
-
log
Log a message on the Logger associated with our Container (if any)- Parameters:
message
- Message to be loggedthrowable
- Associated exception
-
convertMB
Character conversion of the a US-ASCII MessageBytes. -
normalizeBytes
-
normalizeBuffer
-