Skip to content

Commit

Permalink
Change parse header function to handle base64 encoded values in heade…
Browse files Browse the repository at this point in the history 
…rs (#263)
  • Loading branch information
@sapessi
sapessi committed Jun 20, 2019
1 parent 0e6468c commit 4032d14
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 1 deletion.
12 changes: 11 additions & 1 deletion .../src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,18 @@
package com.amazonaws.serverless.proxy.internal.servlet;

import com.amazonaws.serverless.proxy.RequestReader;
import com.amazonaws.serverless.proxy.internal.LambdaContainerHandler;
import com.amazonaws.serverless.proxy.internal.SecurityUtils;
import com.amazonaws.serverless.proxy.model.AwsProxyRequestContext;
import com.amazonaws.serverless.proxy.model.ContainerConfig;
import com.amazonaws.serverless.proxy.model.MultiValuedTreeMap;
import com.amazonaws.services.lambda.runtime.Context;

import com.fasterxml.jackson.core.JsonProcessingException;
import org.apache.http.HeaderElement;
import org.apache.http.message.BasicHeaderValueParser;
import org.apache.http.message.ParserCursor;
import org.apache.http.util.CharArrayBuffer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

Expand Down Expand Up @@ -77,6 +83,7 @@ public abstract class AwsHttpServletRequest implements HttpServletRequest {
private ServletContext servletContext;
private AwsHttpSession session;
private String queryString;
private BasicHeaderValueParser headerParser;

protected DispatcherType dispatcherType;

Expand All @@ -95,6 +102,7 @@ public abstract class AwsHttpServletRequest implements HttpServletRequest {
AwsHttpServletRequest(Context lambdaContext) {
this.lambdaContext = lambdaContext;
attributes = new HashMap<>();
headerParser = new BasicHeaderValueParser();
}


Expand Down Expand Up @@ -352,6 +360,7 @@ protected List<HeaderValue> parseHeaderValue(String headerValue, String valueSep
// Accept: text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8
// Accept-Language: fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5
// Cookie: name=value; name2=value2; name3=value3
// X-Custom-Header: YQ==

List<HeaderValue> values = new ArrayList<>();
if (headerValue == null) {
Expand All @@ -365,7 +374,8 @@ protected List<HeaderValue> parseHeaderValue(String headerValue, String valueSep
newValue.setRawValue(v);

for (String q : curValue.split(qualifierSeparator)) {
if (q.contains(HEADER_KEY_VALUE_SEPARATOR)) {
// contains key/value pairs and it's not a base64-encoded value.
if (q.contains(HEADER_KEY_VALUE_SEPARATOR) && !q.trim().endsWith("==")) {
String[] kv = q.split(HEADER_KEY_VALUE_SEPARATOR);
// TODO: Should we concatenate the rest of the values?
if (newValue.getValue() == null) {
Expand Down
12 changes: 12 additions & 0 deletions .../test/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequestTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@

import static org.junit.Assert.*;

import java.util.Base64;
import java.util.List;


Expand Down Expand Up @@ -75,6 +76,17 @@ public void headers_parseHeaderValue_complexAccept() {
assertEquals(4, values.size());
}

@Test
public void headers_parseHeaderValue_encodedContentWithEquals() {
AwsHttpServletRequest context = new AwsProxyHttpServletRequest(null,null,null);

String value = Base64.getUrlEncoder().encodeToString("a".getBytes());

List<AwsHttpServletRequest.HeaderValue> result = context.parseHeaderValue(value);

assertEquals("YQ==", result.get(0).getValue());
}

@Test
public void queryString_generateQueryString_validQuery() {
AwsProxyHttpServletRequest request = new AwsProxyHttpServletRequest(queryString, mockContext, null, config);
Expand Down

0 comments on commit 4032d14

Please sign in to comment.