From 4032d14733c43a48e09634e3136c29fc2ccac642 Mon Sep 17 00:00:00 2001 From: sapessi Date: Thu, 20 Jun 2019 10:34:03 -0700 Subject: [PATCH] Change parse header function to handle base64 encoded values in headers (#263) --- .../internal/servlet/AwsHttpServletRequest.java | 12 +++++++++++- .../internal/servlet/AwsHttpServletRequestTest.java | 12 ++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequest.java b/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequest.java index 86ce62500..7fa9d138f 100644 --- a/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequest.java +++ b/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequest.java @@ -13,12 +13,18 @@ package com.amazonaws.serverless.proxy.internal.servlet; import com.amazonaws.serverless.proxy.RequestReader; +import com.amazonaws.serverless.proxy.internal.LambdaContainerHandler; import com.amazonaws.serverless.proxy.internal.SecurityUtils; import com.amazonaws.serverless.proxy.model.AwsProxyRequestContext; import com.amazonaws.serverless.proxy.model.ContainerConfig; import com.amazonaws.serverless.proxy.model.MultiValuedTreeMap; import com.amazonaws.services.lambda.runtime.Context; +import com.fasterxml.jackson.core.JsonProcessingException; +import org.apache.http.HeaderElement; +import org.apache.http.message.BasicHeaderValueParser; +import org.apache.http.message.ParserCursor; +import org.apache.http.util.CharArrayBuffer; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -77,6 +83,7 @@ public abstract class AwsHttpServletRequest implements HttpServletRequest { private ServletContext servletContext; private AwsHttpSession session; private String queryString; + private BasicHeaderValueParser headerParser; protected DispatcherType dispatcherType; @@ -95,6 +102,7 @@ public abstract class AwsHttpServletRequest implements HttpServletRequest { AwsHttpServletRequest(Context lambdaContext) { this.lambdaContext = lambdaContext; attributes = new HashMap<>(); + headerParser = new BasicHeaderValueParser(); } @@ -352,6 +360,7 @@ protected List parseHeaderValue(String headerValue, String valueSep // Accept: text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8 // Accept-Language: fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5 // Cookie: name=value; name2=value2; name3=value3 + // X-Custom-Header: YQ== List values = new ArrayList<>(); if (headerValue == null) { @@ -365,7 +374,8 @@ protected List parseHeaderValue(String headerValue, String valueSep newValue.setRawValue(v); for (String q : curValue.split(qualifierSeparator)) { - if (q.contains(HEADER_KEY_VALUE_SEPARATOR)) { + // contains key/value pairs and it's not a base64-encoded value. + if (q.contains(HEADER_KEY_VALUE_SEPARATOR) && !q.trim().endsWith("==")) { String[] kv = q.split(HEADER_KEY_VALUE_SEPARATOR); // TODO: Should we concatenate the rest of the values? if (newValue.getValue() == null) { diff --git a/aws-serverless-java-container-core/src/test/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequestTest.java b/aws-serverless-java-container-core/src/test/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequestTest.java index 453a01af6..c0f20f193 100644 --- a/aws-serverless-java-container-core/src/test/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequestTest.java +++ b/aws-serverless-java-container-core/src/test/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequestTest.java @@ -14,6 +14,7 @@ import static org.junit.Assert.*; +import java.util.Base64; import java.util.List; @@ -75,6 +76,17 @@ public void headers_parseHeaderValue_complexAccept() { assertEquals(4, values.size()); } + @Test + public void headers_parseHeaderValue_encodedContentWithEquals() { + AwsHttpServletRequest context = new AwsProxyHttpServletRequest(null,null,null); + + String value = Base64.getUrlEncoder().encodeToString("a".getBytes()); + + List result = context.parseHeaderValue(value); + + assertEquals("YQ==", result.get(0).getValue()); + } + @Test public void queryString_generateQueryString_validQuery() { AwsProxyHttpServletRequest request = new AwsProxyHttpServletRequest(queryString, mockContext, null, config);