Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/strict validation for header name and value #2219

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Feature/strict validation for header name and value #2219

wants to merge 10 commits into from

Conversation

carryel
Copy link

@carryel carryel commented Dec 24, 2024

#2213 changed to be based on the main branch.
This is a PR for Issue #2212 based on main branch.

carryel and others added 9 commits September 14, 2024 21:33
@carryel
Issue eclipse-ee4j#2212 Enhances validation of HTTP header names
ed2eba1
@breakponchito
FISH-9690: adding properties to enable Header Name and Header Value v…
2b6f103 
…alidation against invalid characters RFC-9110
@breakponchito
FISH-9690: adding unit test for header value validation
d581202
@breakponchito
FISH-9690: adding missed import
59216d7
@carryel
Merge pull request #1 from breakponchito/AddingProperties
be0e4a1 
Adding properties
@carryel
Issue eclipse-ee4j#2212 Enhances validation of HTTP header names
6bb7eab 
+ Added the validation of HTTP header values
+ Name and value's validation are provided as options. (Improved based on #1 @breakponchito)
@carryel
Issue eclipse-ee4j#2212 Enhances validation of HTTP header names
9b09e76 
+ trivial) updated license and re-trigger status checks(eclipse-ee4j#2213).
@carryel
Issue eclipse-ee4j#2212 Enhances validation of HTTP header names
d258c8b 
+ Field values ​​cannot have a single LF as per RFC-9110(https://www.rfc-editor.org/rfc/rfc9110.html#section-5.5).
+ Additionally, this patch automatically removes support for multiple lines of http headers as mentioned in RFC-2616(https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2).
Note) The features related to this issue eclipse-ee4j#2212 only work when the STRICT_HEADER_NAME_VALIDATION_RFC_9110 and STRICT_HEADER_VALUE_VALIDATION_RFC_9110 options are enabled, and the existing code base behavior is maintained when options are not enabled.

+ Instead of throwing ArrayIndexOutOfBoundsException when judging Token and Text char, it ensures checking within the array range.
+ Since several existing http testcases do not respect CRLF in header values, I modified them to comply with the spec where it was not intentional.

This patch passed all grizzly existing testcases locally, depending on the presence of options.
> mvn clean test
All passed.
> mvn clean test -Dorg.glassfish.grizzly.http.STRICT_HEADER_NAME_VALIDATION_RFC_9110=true -Dorg.glassfish.grizzly.http.STRICT_HEADER_VALUE_VALIDATION_RFC_9110=true
All passed.
@carryel
Merge branch 'master' into feature/strict-validation-for-header-name-…
6f02bc0 
…and-value
@carryel carryel mentioned this pull request Dec 24, 2024
Closed
@carryel
Copy link
Author

carryel commented Dec 24, 2024

Maven version should be upgraged in Github Actions env.

Error:  Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.4.1:enforce (enforce-maven) on project grizzly-project: 
Error:  Rule 1: org.apache.maven.enforcer.rules.version.RequireMavenVersion failed with message:
Error:  Detected Maven Version: 3.8.8 is not in the allowed range [3.8.9,).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@carryel @breakponchito