ServletServerHttpRequest.getURI() ignores malformed query string

The resolved URI instance is also being cached now. This should not make a difference in a real Servlet environment but does affect tests which assumed they could modify an HttpServletRequest path behind a pre-created ServletServerHttpRequest instance. Our WebSocket test base class has been revised accordingly, re-creating the ServletServerHttpRequest in such a case.

Issue: SPR-16414

(cherry picked from commit 0e6f8df)

Author: jhoeller

spring-web/src/main/java/org/springframework/http/HttpRequest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2015 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -35,7 +35,8 @@ public interface HttpRequest extends HttpMessage {
 	HttpMethod getMethod();
 
 	/**
-	 * Return the URI of the request.
+	 * Return the URI of the request (including a query string if any,
+	 * but only if it is well-formed for a URI representation).
 	 * @return the URI of the request (never {@code null})
 	 */
 	URI getURI();

spring-web/src/main/java/org/springframework/http/server/ServletServerHttpRequest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -59,6 +59,8 @@ public class ServletServerHttpRequest implements ServerHttpRequest {
 
 	private final HttpServletRequest servletRequest;
 
+	private URI uri;
+
 	private HttpHeaders headers;
 
 	private ServerHttpAsyncRequestControl asyncRequestControl;
@@ -88,34 +90,54 @@ public HttpMethod getMethod() {
 
 	@Override
 	public URI getURI() {
-		try {
-			StringBuffer url = this.servletRequest.getRequestURL();
-			String query = this.servletRequest.getQueryString();
-			if (StringUtils.hasText(query)) {
-				url.append('?').append(query);
+		if (this.uri == null) {
+			String urlString = null;
+			boolean hasQuery = false;
+			try {
+				StringBuffer url = this.servletRequest.getRequestURL();
+				String query = this.servletRequest.getQueryString();
+				hasQuery = StringUtils.hasText(query);
+				if (hasQuery) {
+					url.append('?').append(query);
+				}
+				urlString = url.toString();
+				this.uri = new URI(urlString);
+			}
+			catch (URISyntaxException ex) {
+				if (!hasQuery) {
+					throw new IllegalStateException(
+							"Could not resolve HttpServletRequest as URI: " + urlString, ex);
+				}
+				// Maybe a malformed query string... try plain request URL
+				try {
+					urlString = this.servletRequest.getRequestURL().toString();
+					this.uri = new URI(urlString);
+				}
+				catch (URISyntaxException ex2) {
+					throw new IllegalStateException(
+							"Could not resolve HttpServletRequest as URI: " + urlString, ex2);
+				}
 			}
-			return new URI(url.toString());
-		}
-		catch (URISyntaxException ex) {
-			throw new IllegalStateException("Could not get HttpServletRequest URI: " + ex.getMessage(), ex);
 		}
+		return this.uri;
 	}
 
 	@Override
 	public HttpHeaders getHeaders() {
 		if (this.headers == null) {
 			this.headers = new HttpHeaders();
 
-			for (Enumeration<?> headerNames = this.servletRequest.getHeaderNames(); headerNames.hasMoreElements();) {
-				String headerName = (String) headerNames.nextElement();
+			for (Enumeration<?> names = this.servletRequest.getHeaderNames(); names.hasMoreElements();) {
+				String headerName = (String) names.nextElement();
 				for (Enumeration<?> headerValues = this.servletRequest.getHeaders(headerName);
 						headerValues.hasMoreElements();) {
 					String headerValue = (String) headerValues.nextElement();
 					this.headers.add(headerName, headerValue);
 				}
 			}
 
-			// HttpServletRequest exposes some headers as properties: we should include those if not already present
+			// HttpServletRequest exposes some headers as properties:
+			// we should include those if not already present
 			try {
 				MediaType contentType = this.headers.getContentType();
 				if (contentType == null) {
@@ -132,8 +154,8 @@ public HttpHeaders getHeaders() {
 						Map<String, String> params = new LinkedCaseInsensitiveMap<String>();
 						params.putAll(contentType.getParameters());
 						params.put("charset", charSet.toString());
-						MediaType newContentType = new MediaType(contentType.getType(), contentType.getSubtype(), params);
-						this.headers.setContentType(newContentType);
+						MediaType mediaType = new MediaType(contentType.getType(), contentType.getSubtype(), params);
+						this.headers.setContentType(mediaType);
 					}
 				}
 			}
@@ -181,7 +203,8 @@ public InputStream getBody() throws IOException {
 	public ServerHttpAsyncRequestControl getAsyncRequestControl(ServerHttpResponse response) {
 		if (this.asyncRequestControl == null) {
 			if (!ServletServerHttpResponse.class.isInstance(response)) {
-				throw new IllegalArgumentException("Response must be a ServletServerHttpResponse: " + response.getClass());
+				throw new IllegalArgumentException(
+						"Response must be a ServletServerHttpResponse: " + response.getClass());
 			}
 			ServletServerHttpResponse servletServerResponse = (ServletServerHttpResponse) response;
 			this.asyncRequestControl = new ServletServerHttpAsyncRequestControl(this, servletServerResponse);

spring-web/src/test/java/org/springframework/http/server/ServletServerHttpRequestTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,8 +16,10 @@
 
 package org.springframework.http.server;
 
+import java.io.IOException;
 import java.net.URI;
-import java.nio.charset.Charset;
+import java.net.URISyntaxException;
+import java.nio.charset.StandardCharsets;
 import java.util.List;
 
 import org.junit.Before;
@@ -33,6 +35,7 @@
 
 /**
  * @author Arjen Poutsma
+ * @author Juergen Hoeller
  */
 public class ServletServerHttpRequestTests {
 
@@ -42,42 +45,68 @@ public class ServletServerHttpRequestTests {
 
 
 	@Before
-	public void create() throws Exception {
+	public void create() {
 		mockRequest = new MockHttpServletRequest();
 		request = new ServletServerHttpRequest(mockRequest);
 	}
 
 
 	@Test
-	public void getMethod() throws Exception {
+	public void getMethod() {
 		mockRequest.setMethod("POST");
 		assertEquals("Invalid method", HttpMethod.POST, request.getMethod());
 	}
 
 	@Test
-	public void getURI() throws Exception {
+	public void getUriForSimplePath() throws URISyntaxException {
+		URI uri = new URI("http://example.com/path");
+		mockRequest.setServerName(uri.getHost());
+		mockRequest.setServerPort(uri.getPort());
+		mockRequest.setRequestURI(uri.getPath());
+		mockRequest.setQueryString(uri.getQuery());
+		assertEquals(uri, request.getURI());
+	}
+
+	@Test
+	public void getUriWithQueryString() throws URISyntaxException {
 		URI uri = new URI("http://example.com/path?query");
 		mockRequest.setServerName(uri.getHost());
 		mockRequest.setServerPort(uri.getPort());
 		mockRequest.setRequestURI(uri.getPath());
 		mockRequest.setQueryString(uri.getQuery());
-		assertEquals("Invalid uri", uri, request.getURI());
+		assertEquals(uri, request.getURI());
+	}
+
+	@Test  // SPR-16414
+	public void getUriWithQueryParam() throws URISyntaxException {
+		mockRequest.setServerName("example.com");
+		mockRequest.setRequestURI("/path");
+		mockRequest.setQueryString("query=foo");
+		assertEquals(new URI("http://example.com/path?query=foo"), request.getURI());
+	}
+
+	@Test  // SPR-16414
+	public void getUriWithMalformedQueryParam() throws URISyntaxException {
+		mockRequest.setServerName("example.com");
+		mockRequest.setRequestURI("/path");
+		mockRequest.setQueryString("query=foo%%x");
+		assertEquals(new URI("http://example.com/path"), request.getURI());
 	}
 
 	@Test  // SPR-13876
-	public void getUriWithEncoding() throws Exception {
+	public void getUriWithEncoding() throws URISyntaxException {
         URI uri = new URI("https://example.com/%E4%B8%AD%E6%96%87" +
 				"?redirect=https%3A%2F%2Fgithub.com%2Fspring-projects%2Fspring-framework");
         mockRequest.setScheme(uri.getScheme());
         mockRequest.setServerName(uri.getHost());
         mockRequest.setServerPort(uri.getPort());
         mockRequest.setRequestURI(uri.getRawPath());
         mockRequest.setQueryString(uri.getRawQuery());
-        assertEquals("Invalid uri", uri, request.getURI());
+        assertEquals(uri, request.getURI());
     }
 
 	@Test
-	public void getHeaders() throws Exception {
+	public void getHeaders() {
 		String headerName = "MyHeader";
 		String headerValue1 = "value1";
 		String headerValue2 = "value2";
@@ -93,12 +122,12 @@ public void getHeaders() throws Exception {
 		assertEquals("Invalid header values returned", 2, headerValues.size());
 		assertTrue("Invalid header values returned", headerValues.contains(headerValue1));
 		assertTrue("Invalid header values returned", headerValues.contains(headerValue2));
-		assertEquals("Invalid Content-Type", new MediaType("text", "plain", Charset.forName("UTF-8")),
+		assertEquals("Invalid Content-Type", new MediaType("text", "plain", StandardCharsets.UTF_8),
 				headers.getContentType());
 	}
 
 	@Test
-	public void getHeadersWithEmptyContentTypeAndEncoding() throws Exception {
+	public void getHeadersWithEmptyContentTypeAndEncoding() {
 		String headerName = "MyHeader";
 		String headerValue1 = "value1";
 		String headerValue2 = "value2";
@@ -118,7 +147,7 @@ public void getHeadersWithEmptyContentTypeAndEncoding() throws Exception {
 	}
 
 	@Test
-	public void getBody() throws Exception {
+	public void getBody() throws IOException {
 		byte[] content = "Hello World".getBytes("UTF-8");
 		mockRequest.setContent(content);
 
@@ -127,7 +156,7 @@ public void getBody() throws Exception {
 	}
 
 	@Test
-	public void getFormBody() throws Exception {
+	public void getFormBody() throws IOException {
 		// Charset (SPR-8676)
 		mockRequest.setContentType("application/x-www-form-urlencoded; charset=UTF-8");
 		mockRequest.setMethod("POST");

spring-websocket/src/test/java/org/springframework/web/socket/AbstractHttpRequestTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2015 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -45,13 +45,14 @@ public abstract class AbstractHttpRequestTests {
 
 
 	@Before
-	public void setUp() {
+	public void setup() {
 		resetRequestAndResponse();
 	}
 
 	protected void setRequest(String method, String requestUri) {
 		this.servletRequest.setMethod(method);
 		this.servletRequest.setRequestURI(requestUri);
+		this.request = new ServletServerHttpRequest(this.servletRequest);
 	}
 
 	protected void resetRequestAndResponse() {

spring-websocket/src/test/java/org/springframework/web/socket/server/DefaultHandshakeHandlerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2014 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -50,19 +50,18 @@ public class DefaultHandshakeHandlerTests extends AbstractHttpRequestTests {
 
 
 	@Before
-	public void setup() throws Exception {
+	public void setup() {
+		super.setup();
+
 		MockitoAnnotations.initMocks(this);
 		this.handshakeHandler = new DefaultHandshakeHandler(this.upgradeStrategy);
 	}
 
 
 	@Test
-	public void supportedSubProtocols() throws Exception {
-
+	public void supportedSubProtocols() {
 		this.handshakeHandler.setSupportedProtocols("stomp", "mqtt");
-
 		given(this.upgradeStrategy.getSupportedVersions()).willReturn(new String[] {"13"});
-
 		this.servletRequest.setMethod("GET");
 
 		WebSocketHttpHeaders headers = new WebSocketHttpHeaders(this.request.getHeaders());
@@ -73,22 +72,20 @@ public void supportedSubProtocols() throws Exception {
 		headers.setSecWebSocketProtocol("STOMP");
 
 		WebSocketHandler handler = new TextWebSocketHandler();
-		Map<String, Object> attributes = Collections.<String, Object>emptyMap();
+		Map<String, Object> attributes = Collections.emptyMap();
 		this.handshakeHandler.doHandshake(this.request, this.response, handler, attributes);
 
-		verify(this.upgradeStrategy).upgrade(this.request, this.response,
-				"STOMP", Collections.<WebSocketExtension>emptyList(), null, handler, attributes);
+		verify(this.upgradeStrategy).upgrade(this.request, this.response, "STOMP",
+				Collections.emptyList(), null, handler, attributes);
 	}
 
-
 	@Test
-	public void supportedExtensions() throws Exception {
-
+	public void supportedExtensions() {
 		WebSocketExtension extension1 = new WebSocketExtension("ext1");
 		WebSocketExtension extension2 = new WebSocketExtension("ext2");
 
 		given(this.upgradeStrategy.getSupportedVersions()).willReturn(new String[] {"13"});
-		given(this.upgradeStrategy.getSupportedExtensions(this.request)).willReturn(Arrays.asList(extension1));
+		given(this.upgradeStrategy.getSupportedExtensions(this.request)).willReturn(Collections.singletonList(extension1));
 
 		this.servletRequest.setMethod("GET");
 
@@ -103,14 +100,13 @@ public void supportedExtensions() throws Exception {
 		Map<String, Object> attributes = Collections.<String, Object>emptyMap();
 		this.handshakeHandler.doHandshake(this.request, this.response, handler, attributes);
 
-		verify(this.upgradeStrategy).upgrade(this.request, this.response, null, Arrays.asList(extension1),
-				null, handler, attributes);
+		verify(this.upgradeStrategy).upgrade(this.request, this.response, null,
+				Collections.singletonList(extension1), null, handler, attributes);
 	}
 
 	@Test
-	public void subProtocolCapableHandler() throws Exception {
-
-		given(this.upgradeStrategy.getSupportedVersions()).willReturn(new String[]{"13"});
+	public void subProtocolCapableHandler() {
+		given(this.upgradeStrategy.getSupportedVersions()).willReturn(new String[] {"13"});
 
 		this.servletRequest.setMethod("GET");
 
@@ -125,14 +121,13 @@ public void subProtocolCapableHandler() throws Exception {
 		Map<String, Object> attributes = Collections.<String, Object>emptyMap();
 		this.handshakeHandler.doHandshake(this.request, this.response, handler, attributes);
 
-		verify(this.upgradeStrategy).upgrade(this.request, this.response,
-				"v11.stomp", Collections.<WebSocketExtension>emptyList(), null, handler, attributes);
+		verify(this.upgradeStrategy).upgrade(this.request, this.response, "v11.stomp",
+				Collections.emptyList(), null, handler, attributes);
 	}
 
 	@Test
-	public void subProtocolCapableHandlerNoMatch() throws Exception {
-
-		given(this.upgradeStrategy.getSupportedVersions()).willReturn(new String[]{"13"});
+	public void subProtocolCapableHandlerNoMatch() {
+		given(this.upgradeStrategy.getSupportedVersions()).willReturn(new String[] {"13"});
 
 		this.servletRequest.setMethod("GET");
 
@@ -147,17 +142,16 @@ public void subProtocolCapableHandlerNoMatch() throws Exception {
 		Map<String, Object> attributes = Collections.<String, Object>emptyMap();
 		this.handshakeHandler.doHandshake(this.request, this.response, handler, attributes);
 
-		verify(this.upgradeStrategy).upgrade(this.request, this.response,
-				null, Collections.<WebSocketExtension>emptyList(), null, handler, attributes);
+		verify(this.upgradeStrategy).upgrade(this.request, this.response, null,
+				Collections.emptyList(), null, handler, attributes);
 	}
 
 
 	private static class SubProtocolCapableHandler extends TextWebSocketHandler implements SubProtocolCapable {
 
 		private final List<String> subProtocols;
 
-
-		private SubProtocolCapableHandler(String... subProtocols) {
+		public SubProtocolCapableHandler(String... subProtocols) {
 			this.subProtocols = Arrays.asList(subProtocols);
 		}