From 06a675a497b49b60d0d25661a05af248d4e2a903 Mon Sep 17 00:00:00 2001 From: Kevin McGoldrick Date: Mon, 6 Jun 2022 19:08:43 -0700 Subject: [PATCH] [SRE -23218] Brotli encoding support in proxy --- proxy-parent/owasp-proxy/pom.xml | 6 ++++++ .../main/java/org/owasp/proxy/http/HttpConstants.java | 2 ++ .../main/java/org/owasp/proxy/http/MessageUtils.java | 10 ++++++++++ .../owasp/proxy/ssl/DefaultClientContextSelector.java | 4 ++-- .../main/java/com/intuit/tank/entity/Application.java | 2 +- 5 files changed, 21 insertions(+), 3 deletions(-) diff --git a/proxy-parent/owasp-proxy/pom.xml b/proxy-parent/owasp-proxy/pom.xml index 025c64728..e4fed444d 100755 --- a/proxy-parent/owasp-proxy/pom.xml +++ b/proxy-parent/owasp-proxy/pom.xml @@ -90,6 +90,12 @@ validation-api + + org.brotli + dec + 0.1.2 + + diff --git a/proxy-parent/owasp-proxy/src/main/java/org/owasp/proxy/http/HttpConstants.java b/proxy-parent/owasp-proxy/src/main/java/org/owasp/proxy/http/HttpConstants.java index d316c3660..3feaf1b11 100644 --- a/proxy-parent/owasp-proxy/src/main/java/org/owasp/proxy/http/HttpConstants.java +++ b/proxy-parent/owasp-proxy/src/main/java/org/owasp/proxy/http/HttpConstants.java @@ -49,4 +49,6 @@ public class HttpConstants { public final static String DEFLATE = "deflate"; + public final static String BROTLI = "br"; + } diff --git a/proxy-parent/owasp-proxy/src/main/java/org/owasp/proxy/http/MessageUtils.java b/proxy-parent/owasp-proxy/src/main/java/org/owasp/proxy/http/MessageUtils.java index b5454fa29..85769dbe3 100644 --- a/proxy-parent/owasp-proxy/src/main/java/org/owasp/proxy/http/MessageUtils.java +++ b/proxy-parent/owasp-proxy/src/main/java/org/owasp/proxy/http/MessageUtils.java @@ -21,6 +21,7 @@ package org.owasp.proxy.http; +import static org.owasp.proxy.http.HttpConstants.BROTLI; import static org.owasp.proxy.http.HttpConstants.CHUNKED; import static org.owasp.proxy.http.HttpConstants.CONTENT_ENCODING; import static org.owasp.proxy.http.HttpConstants.CONTENT_LENGTH; @@ -35,6 +36,7 @@ import java.io.InputStream; import java.io.OutputStream; +import org.brotli.dec.BrotliInputStream; import org.owasp.proxy.io.ChunkedInputStream; import org.owasp.proxy.io.ChunkingInputStream; import org.owasp.proxy.io.CopyInputStream; @@ -111,6 +113,10 @@ public static InputStream decode(String codings, InputStream content) content = new DeflaterInputStream(content); } else if (GZIP.equalsIgnoreCase(algo)) { content = new GunzipInputStream(content); + } else if (BROTLI.equalsIgnoreCase(algo)) { + try { + content = new BrotliInputStream(content); + } catch (IOException e) {} } else if (IDENTITY.equalsIgnoreCase(algo)) { // nothing to do } else @@ -179,6 +185,10 @@ public static InputStream encode(String codings, InputStream content) content = new ChunkingInputStream(content); } else if (GZIP.equalsIgnoreCase(algo)) { content = new GzipInputStream(content); + } else if (BROTLI.equalsIgnoreCase(algo)) { + try { + content = new BrotliInputStream(content); + } catch (IOException e) {} } else if (IDENTITY.equalsIgnoreCase(algo)) { // nothing to do } else diff --git a/proxy-parent/owasp-proxy/src/main/java/org/owasp/proxy/ssl/DefaultClientContextSelector.java b/proxy-parent/owasp-proxy/src/main/java/org/owasp/proxy/ssl/DefaultClientContextSelector.java index 7a9aae496..c7080e769 100644 --- a/proxy-parent/owasp-proxy/src/main/java/org/owasp/proxy/ssl/DefaultClientContextSelector.java +++ b/proxy-parent/owasp-proxy/src/main/java/org/owasp/proxy/ssl/DefaultClientContextSelector.java @@ -129,7 +129,7 @@ public void checkClientTrusted(X509Certificate[] certs, String authType) { trusted.put(certs[0], certs); } catch (CertificateException ce) { untrusted.put(certs[0], certs); - System.err.printf("Untrusted client certificate for %s", dn); + System.err.printf("Untrusted client certificate for %s\n", dn); } } @@ -143,7 +143,7 @@ public void checkServerTrusted(X509Certificate[] certs, String authType) { trusted.put(certs[0], certs); } catch (CertificateException ce) { untrusted.put(certs[0], certs); - System.err.printf("Untrusted server certificate for %s", dn); + System.err.printf("Untrusted server certificate for %s\n", dn); } } } diff --git a/proxy-parent/proxy-extension/src/main/java/com/intuit/tank/entity/Application.java b/proxy-parent/proxy-extension/src/main/java/com/intuit/tank/entity/Application.java index ac193f625..b1b290bea 100644 --- a/proxy-parent/proxy-extension/src/main/java/com/intuit/tank/entity/Application.java +++ b/proxy-parent/proxy-extension/src/main/java/com/intuit/tank/entity/Application.java @@ -181,7 +181,7 @@ public synchronized void setResponseForCurrentTransaction(Transaction transactio if (proxyConfiguration.isFollowRedirects() && statusCode == 302) { // redirect String location = hp.getRedirectLocation(); - System.out.println("Pushing redirect location " + location + " with transaction firstline " + System.out.println("Pushing redirect location " + location + "\n\twith transaction firstline " + transaction.getRequest().getFirstLine()); if (!transaction.getRequest().getHeaders().contains(REDIRECT_MARKER)) {