From 24bab65be4f215f7a079a7319a819207937a8a5d Mon Sep 17 00:00:00 2001 From: James Yuzawa Date: Mon, 27 Feb 2023 23:20:25 -0500 Subject: [PATCH 1/2] Use Pattern.compile in Netty RequestWrapper --- .../com/agent/instrumentation/netty34/RequestWrapper.java | 4 +++- .../com/agent/instrumentation/netty38/RequestWrapper.java | 4 +++- .../com/agent/instrumentation/netty40/RequestWrapper.java | 4 +++- .../com/agent/instrumentation/netty40/RequestWrapper.java | 4 +++- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/instrumentation/netty-3.4/src/main/java/com/agent/instrumentation/netty34/RequestWrapper.java b/instrumentation/netty-3.4/src/main/java/com/agent/instrumentation/netty34/RequestWrapper.java index afd3c4751c..37595db05e 100644 --- a/instrumentation/netty-3.4/src/main/java/com/agent/instrumentation/netty34/RequestWrapper.java +++ b/instrumentation/netty-3.4/src/main/java/com/agent/instrumentation/netty34/RequestWrapper.java @@ -25,8 +25,10 @@ import java.util.Map; import java.util.Set; import java.util.logging.Level; +import java.util.regex.Pattern; public class RequestWrapper extends ExtendedRequest { + private static final Pattern URL_REPLACEMENT_PATTERN = Pattern.compile("(?i)%(?![\\da-f]{2})"); private static CookieDecoder cookieDecoder = new CookieDecoder(); private final HttpRequest request; private final Set cookies; @@ -51,7 +53,7 @@ public RequestWrapper(DefaultHttpRequest request) { Map> params; try { String uri = request.getUri(); - uri = uri.replaceAll("(?i)%(?![\\da-f]{2})", "%25"); // Escape any percent signs in the URI + uri = URL_REPLACEMENT_PATTERN.matcher(uri).replaceAll("%25"); // Escape any percent signs in the URI QueryStringDecoder decoderQuery = new QueryStringDecoder(uri); params = decoderQuery.getParameters(); } catch (Exception e) { diff --git a/instrumentation/netty-3.8/src/main/java/com/agent/instrumentation/netty38/RequestWrapper.java b/instrumentation/netty-3.8/src/main/java/com/agent/instrumentation/netty38/RequestWrapper.java index 362e92f4b8..499181c21d 100644 --- a/instrumentation/netty-3.8/src/main/java/com/agent/instrumentation/netty38/RequestWrapper.java +++ b/instrumentation/netty-3.8/src/main/java/com/agent/instrumentation/netty38/RequestWrapper.java @@ -25,8 +25,10 @@ import java.util.Map; import java.util.Set; import java.util.logging.Level; +import java.util.regex.Pattern; public class RequestWrapper extends ExtendedRequest { + private static final Pattern URL_REPLACEMENT_PATTERN = Pattern.compile("(?i)%(?![\\da-f]{2})"); private static CookieDecoder cookieDecoder = new CookieDecoder(); private final HttpRequest request; private final Set cookies; @@ -51,7 +53,7 @@ public RequestWrapper(DefaultHttpRequest request) { Map> params; try { String uri = request.getUri(); - uri = uri.replaceAll("(?i)%(?![\\da-f]{2})", "%25"); // Escape any percent signs in the URI + uri = URL_REPLACEMENT_PATTERN.matcher(uri).replaceAll("%25"); // Escape any percent signs in the URI QueryStringDecoder decoderQuery = new QueryStringDecoder(uri); params = decoderQuery.getParameters(); } catch (Exception e) { diff --git a/instrumentation/netty-4.0.0/src/main/java/com/agent/instrumentation/netty40/RequestWrapper.java b/instrumentation/netty-4.0.0/src/main/java/com/agent/instrumentation/netty40/RequestWrapper.java index ef7e150774..143ad2f911 100644 --- a/instrumentation/netty-4.0.0/src/main/java/com/agent/instrumentation/netty40/RequestWrapper.java +++ b/instrumentation/netty-4.0.0/src/main/java/com/agent/instrumentation/netty40/RequestWrapper.java @@ -24,8 +24,10 @@ import java.util.Map; import java.util.Set; import java.util.logging.Level; +import java.util.regex.Pattern; public class RequestWrapper extends ExtendedRequest { + private static final Pattern URL_REPLACEMENT_PATTERN = Pattern.compile("(?i)%(?![\\da-f]{2})"); private final HttpRequest request; private final Set cookies; private final Map> parameters; @@ -49,7 +51,7 @@ public RequestWrapper(DefaultHttpRequest request) { Map> params; try { String uri = request.getUri(); - uri = uri.replaceAll("(?i)%(?![\\da-f]{2})", "%25"); // Escape any percent signs in the URI + uri = URL_REPLACEMENT_PATTERN.matcher(uri).replaceAll("%25"); // Escape any percent signs in the URI QueryStringDecoder decoderQuery = new QueryStringDecoder(uri); params = decoderQuery.parameters(); } catch (Exception e) { diff --git a/instrumentation/netty-4.0.8/src/main/java/com/agent/instrumentation/netty40/RequestWrapper.java b/instrumentation/netty-4.0.8/src/main/java/com/agent/instrumentation/netty40/RequestWrapper.java index cef1a76581..9f18439187 100644 --- a/instrumentation/netty-4.0.8/src/main/java/com/agent/instrumentation/netty40/RequestWrapper.java +++ b/instrumentation/netty-4.0.8/src/main/java/com/agent/instrumentation/netty40/RequestWrapper.java @@ -23,8 +23,10 @@ import java.util.Map; import java.util.Set; import java.util.logging.Level; +import java.util.regex.Pattern; public class RequestWrapper extends ExtendedRequest { + private static final Pattern URL_REPLACEMENT_PATTERN = Pattern.compile("(?i)%(?![\\da-f]{2})"); private final HttpRequest request; private final Set cookies; private final Map> parameters; @@ -48,7 +50,7 @@ public RequestWrapper(HttpRequest request) { Map> params; try { String uri = request.getUri(); - uri = uri.replaceAll("(?i)%(?![\\da-f]{2})", "%25"); // Escape any percent signs in the URI + uri = URL_REPLACEMENT_PATTERN.matcher(uri).replaceAll("%25"); // Escape any percent signs in the URI QueryStringDecoder decoderQuery = new QueryStringDecoder(uri); params = decoderQuery.parameters(); } catch (Exception e) { From 5eff07c86d9ead4f1e603e0a4dabcf3badc5ea56 Mon Sep 17 00:00:00 2001 From: Andre Onuki Date: Tue, 28 Feb 2023 13:46:15 -0500 Subject: [PATCH 2/2] Testing % substitution --- .../test/java/netty34/RequestWrapperTest.java | 33 +++++++++++++++++ .../test/java/netty38/RequestWrapperTest.java | 35 +++++++++++++++++++ .../test/java/netty40/RequestWrapperTest.java | 35 +++++++++++++++++++ .../java/netty408/RequestWrapperTest.java | 35 +++++++++++++++++++ 4 files changed, 138 insertions(+) create mode 100644 instrumentation/netty-3.4/src/test/java/netty34/RequestWrapperTest.java create mode 100644 instrumentation/netty-3.8/src/test/java/netty38/RequestWrapperTest.java create mode 100644 instrumentation/netty-4.0.0/src/test/java/netty40/RequestWrapperTest.java create mode 100644 instrumentation/netty-4.0.8/src/test/java/netty408/RequestWrapperTest.java diff --git a/instrumentation/netty-3.4/src/test/java/netty34/RequestWrapperTest.java b/instrumentation/netty-3.4/src/test/java/netty34/RequestWrapperTest.java new file mode 100644 index 0000000000..99edc986c4 --- /dev/null +++ b/instrumentation/netty-3.4/src/test/java/netty34/RequestWrapperTest.java @@ -0,0 +1,33 @@ +package netty34; + +import com.agent.instrumentation.netty34.RequestWrapper; +import org.jboss.netty.handler.codec.http.DefaultHttpRequest; +import org.junit.Assert; +import org.junit.Test; + +import java.util.HashMap; +import java.util.Map; + +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +public class RequestWrapperTest { + + @Test + public void testPercentageEscaping() { + Map inputExpectedMap = new HashMap<>(); + inputExpectedMap.put("http://example.com?asdf=%qwer", "%qwer"); + inputExpectedMap.put("http://example.com?asdf=%20", " "); + inputExpectedMap.put("http://example.com?asdf=%2b", "+"); + inputExpectedMap.put("http://example.com?asdf=qwer", "qwer"); + + for (Map.Entry inputExpectedEntry : inputExpectedMap.entrySet()) { + String input = inputExpectedEntry.getKey(); + String expected = inputExpectedEntry.getValue(); + DefaultHttpRequest request = mock(DefaultHttpRequest.class); + when(request.getUri()).thenReturn(input); + RequestWrapper requestWrapper = new RequestWrapper(request); + Assert.assertEquals(expected, requestWrapper.getParameterValues("asdf")[0]); + } + } +} \ No newline at end of file diff --git a/instrumentation/netty-3.8/src/test/java/netty38/RequestWrapperTest.java b/instrumentation/netty-3.8/src/test/java/netty38/RequestWrapperTest.java new file mode 100644 index 0000000000..6d633345a0 --- /dev/null +++ b/instrumentation/netty-3.8/src/test/java/netty38/RequestWrapperTest.java @@ -0,0 +1,35 @@ +package netty38; + +import com.agent.instrumentation.netty38.RequestWrapper; +import org.jboss.netty.handler.codec.http.DefaultHttpRequest; +import org.jboss.netty.handler.codec.http.HttpHeaders; +import org.junit.Assert; +import org.junit.Test; + +import java.util.HashMap; +import java.util.Map; + +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +public class RequestWrapperTest { + + @Test + public void testPercentageEscaping() { + Map inputExpectedMap = new HashMap<>(); + inputExpectedMap.put("http://example.com?asdf=%qwer", "%qwer"); + inputExpectedMap.put("http://example.com?asdf=%20", " "); + inputExpectedMap.put("http://example.com?asdf=%2b", "+"); + inputExpectedMap.put("http://example.com?asdf=qwer", "qwer"); + + for (Map.Entry inputExpectedEntry : inputExpectedMap.entrySet()) { + String input = inputExpectedEntry.getKey(); + String expected = inputExpectedEntry.getValue(); + DefaultHttpRequest request = mock(DefaultHttpRequest.class); + when(request.headers()).thenReturn(HttpHeaders.EMPTY_HEADERS); + when(request.getUri()).thenReturn(input); + RequestWrapper requestWrapper = new RequestWrapper(request); + Assert.assertEquals(expected, requestWrapper.getParameterValues("asdf")[0]); + } + } +} \ No newline at end of file diff --git a/instrumentation/netty-4.0.0/src/test/java/netty40/RequestWrapperTest.java b/instrumentation/netty-4.0.0/src/test/java/netty40/RequestWrapperTest.java new file mode 100644 index 0000000000..c4c1279227 --- /dev/null +++ b/instrumentation/netty-4.0.0/src/test/java/netty40/RequestWrapperTest.java @@ -0,0 +1,35 @@ +package netty40; + +import com.agent.instrumentation.netty40.RequestWrapper; +import io.netty.handler.codec.http.DefaultHttpRequest; +import io.netty.handler.codec.http.HttpHeaders; +import org.junit.Assert; +import org.junit.Test; + +import java.util.HashMap; +import java.util.Map; + +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +public class RequestWrapperTest { + + @Test + public void testPercentageEscaping() { + Map inputExpectedMap = new HashMap<>(); + inputExpectedMap.put("http://example.com?asdf=%qwer", "%qwer"); + inputExpectedMap.put("http://example.com?asdf=%20", " "); + inputExpectedMap.put("http://example.com?asdf=%2b", "+"); + inputExpectedMap.put("http://example.com?asdf=qwer", "qwer"); + + for (Map.Entry inputExpectedEntry : inputExpectedMap.entrySet()) { + String input = inputExpectedEntry.getKey(); + String expected = inputExpectedEntry.getValue(); + DefaultHttpRequest request = mock(DefaultHttpRequest.class); + when(request.headers()).thenReturn(HttpHeaders.EMPTY_HEADERS); + when(request.getUri()).thenReturn(input); + RequestWrapper requestWrapper = new RequestWrapper(request); + Assert.assertEquals(expected, requestWrapper.getParameterValues("asdf")[0]); + } + } +} \ No newline at end of file diff --git a/instrumentation/netty-4.0.8/src/test/java/netty408/RequestWrapperTest.java b/instrumentation/netty-4.0.8/src/test/java/netty408/RequestWrapperTest.java new file mode 100644 index 0000000000..8a72ffc6f4 --- /dev/null +++ b/instrumentation/netty-4.0.8/src/test/java/netty408/RequestWrapperTest.java @@ -0,0 +1,35 @@ +package netty408; + +import com.agent.instrumentation.netty40.RequestWrapper; +import io.netty.handler.codec.http.HttpHeaders; +import io.netty.handler.codec.http.HttpRequest; +import org.junit.Assert; +import org.junit.Test; + +import java.util.HashMap; +import java.util.Map; + +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +public class RequestWrapperTest { + + @Test + public void testPercentageEscaping() { + Map inputExpectedMap = new HashMap<>(); + inputExpectedMap.put("http://example.com?asdf=%qwer", "%qwer"); + inputExpectedMap.put("http://example.com?asdf=%20", " "); + inputExpectedMap.put("http://example.com?asdf=%2b", "+"); + inputExpectedMap.put("http://example.com?asdf=qwer", "qwer"); + + for (Map.Entry inputExpectedEntry : inputExpectedMap.entrySet()) { + String input = inputExpectedEntry.getKey(); + String expected = inputExpectedEntry.getValue(); + HttpRequest request = mock(HttpRequest.class); + when(request.headers()).thenReturn(HttpHeaders.EMPTY_HEADERS); + when(request.getUri()).thenReturn(input); + RequestWrapper requestWrapper = new RequestWrapper(request); + Assert.assertEquals(expected, requestWrapper.getParameterValues("asdf")[0]); + } + } +} \ No newline at end of file