Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue #11253 - Cleanup ComplianceViolation behavior to allow Cookie / URI / MultiPart compliance to also receive listener events. #11254

Merged
merged 36 commits into from
Jan 24, 2024
Merged
Show file tree
Hide file tree
Changes from 14 commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
a125dcf
Fixing comments
joakime Jan 8, 2024
0844436
Adding TODOs about possible HTTP/2 & HTTP/3 violations
joakime Jan 8, 2024
46b3d6a
Adding missing javadoc
joakime Jan 8, 2024
2167aa5
Issue #11253 - Cleanup ComplianceViolation behavior to allow Cookie /…
joakime Jan 8, 2024
b86a415
Revert change to jetty-logging.properties
joakime Jan 8, 2024
d8b5bb8
Fix javadoc typos
joakime Jan 11, 2024
c0d0021
Merge remote-tracking branch 'origin/jetty-12.0.x' into fix/12.0.x/co…
joakime Jan 15, 2024
3818664
Issue #11253 - Alternate approach with split ComplianceViolation.List…
joakime Jan 16, 2024
ab199ac
Merge remote-tracking branch 'origin/jetty-12.0.x' into fix/12.0.x/co…
joakime Jan 16, 2024
20e7e41
Fix HttpParserTest
joakime Jan 16, 2024
ee568b6
Cleanup implementation
joakime Jan 16, 2024
1e525b8
Do not use deprecated method in our own code
joakime Jan 17, 2024
c5eda63
Fix ComplianceViolations2616Test failures
joakime Jan 17, 2024
3182982
Fixing ee9/ee8 RequestTest
joakime Jan 17, 2024
f7e3441
Updates from review
joakime Jan 17, 2024
af2ef3c
WIP on cleanup of ComplianceViolation.Listener instantiation
gregw Jan 18, 2024
9cc8053
WIP on cleanup of ComplianceViolation.Listener instantiation
gregw Jan 18, 2024
607934d
WIP on cleanup of ComplianceViolation.Listener instantiation
gregw Jan 18, 2024
9a2643a
WIP on cleanup of ComplianceViolation.Listener instantiation
gregw Jan 18, 2024
7f1f08b
WIP on cleanup of ComplianceViolation.Listener instantiation
gregw Jan 18, 2024
3c631fa
Merge branch 'jetty-12.0.x' into fix/12.0.x/cookie-compliance-logging2
gregw Jan 20, 2024
3357919
javadoc
gregw Jan 20, 2024
9601204
Store listeners in AbstractConnector
gregw Jan 20, 2024
dc5de07
Cleanup and reorganization of Proposal 2
joakime Jan 22, 2024
cf1f776
Merge branch 'fix/12.0.x/cookie-compliance-logging3' into fix/12.0.x/…
joakime Jan 23, 2024
c266d16
updates from review
gregw Jan 23, 2024
cdf8fcd
updates from review
gregw Jan 23, 2024
d7ac0d9
Changes from review
joakime Jan 23, 2024
9c4c264
Merge remote-tracking branch 'origin/fix/12.0.x/cookie-compliance-log…
joakime Jan 23, 2024
b4f4003
Fixing build
joakime Jan 23, 2024
823b0a1
Revert RequestHandler change
joakime Jan 23, 2024
34a67e2
Support ComplianceViolation.Listener in ee10 multipart/form
joakime Jan 23, 2024
1177674
Correct since versions
joakime Jan 23, 2024
5e275dd
Rename HttpChannel.init() to .initialize()
joakime Jan 23, 2024
80f8322
avoid double allocation of compliance listener list
gregw Jan 24, 2024
fdc0cd8
Avoid request specific listener in cookie cache
gregw Jan 24, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,14 @@

package org.eclipse.jetty.http;

import java.util.ArrayList;
import java.util.List;
import java.util.Set;

import org.eclipse.jetty.util.Attributes;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
* A Compliance Violation represents a requirement of an RFC, specification or Jetty implementation
* that may be allowed to be violated if it is included in a {@link ComplianceViolation.Mode}.
Expand Down Expand Up @@ -75,13 +81,169 @@ interface Mode
Set<? extends ComplianceViolation> getAllowed();
}

public static record Event(ComplianceViolation.Mode mode, ComplianceViolation violation, String details)
joakime marked this conversation as resolved.
Show resolved Hide resolved
{
@Override
public String toString()
{
return String.format("%s (see %s) in mode %s for %s",
violation.getDescription(), violation.getURL(), mode, details);
}
};

/**
* A listener that can be notified of violations.
*/
interface Listener
{
/**
* A new Request has begun.
*
* @param request the request attributes, or null if the Request does not exist yet (eg: during parsing of HTTP/1.1 headers, before request is created)
*/
default void onRequestBegin(Attributes request)
joakime marked this conversation as resolved.
Show resolved Hide resolved
{
}

/**
* A Request has ended.
*
* @param request the request attribtues, or null if Request does not exist yet (eg: during handling of a {@link BadMessageException})
*/
default void onRequestEnd(Attributes request)
{
}

/**
* The compliance violation event.
*
* @param event the compliance violation event
*/
default void onComplianceViolation(Event event)
joakime marked this conversation as resolved.
Show resolved Hide resolved
{
onComplianceViolation(event.mode, event.violation, event.details);
}

/**
* The compliance violation event.
*
* @param mode the mode
* @param violation the violation
* @param details the details
* @deprecated use {@link #onComplianceViolation(Event)} instead. Will be removed in Jetty 12.1.0
*/
@Deprecated(since = "12.0.5", forRemoval = true)
default void onComplianceViolation(Mode mode, ComplianceViolation violation, String details)
{
}
}

/**
* A Listener that represents multiple user {@link ComplianceViolation.Listener} instances
*/
class ListenerCollection implements Listener
joakime marked this conversation as resolved.
Show resolved Hide resolved
{
private static final Logger LOG = LoggerFactory.getLogger(ListenerCollection.class);
private final List<ComplianceViolation.Listener> userListeners;

/**
* Construct a new ComplianceViolations that will notify user listeners.
* @param userListeners the user listeners to notify, null or empty is allowed.
*/
public ListenerCollection(List<ComplianceViolation.Listener> userListeners)
{
this.userListeners = userListeners;
}

/**
* Get a specific ComplianceViolation.Listener from collected user listeners
* @param clazz the class to look for
* @return the instance of the class in the user listeners
* @param <T> the type of class
*/
public <T> T getUserListener(Class<T> clazz)
{
for (ComplianceViolation.Listener listener : userListeners)
{
if (clazz.isInstance(listener))
return clazz.cast(listener);
}
return null;
}

@Override
public void onComplianceViolation(ComplianceViolation.Event event)
{
assert event != null;
notifyUserListeners(event);
}

private void notifyUserListeners(ComplianceViolation.Event event)
{
if (userListeners == null || userListeners.isEmpty())
return;

for (ComplianceViolation.Listener listener : userListeners)
{
try
{
listener.onComplianceViolation(event);
}
catch (Exception e)
{
LOG.warn("Unable to notify ComplianceViolation.Listener implementation at {} of event {}", listener, event, e);
}
}
}
}

interface ListenerFactory
{
Listener newComplianceViolationListener();
}

public class LoggingListener implements Listener
{
private static final Logger LOG = LoggerFactory.getLogger(ComplianceViolation.class);

@Override
public void onComplianceViolation(Event event)
{
if (LOG.isDebugEnabled())
LOG.debug(event.toString());
}
}

public class CapturingListenerFactory implements ListenerFactory
{
@Override
public Listener newComplianceViolationListener()
{
return new CapturingListener();
}
}

public class CapturingListener implements Listener
{
public static final String VIOLATIONS_ATTR_KEY = "org.eclipse.jetty.http.compliance.violations";
private List<Event> events = new ArrayList<>();

@Override
public void onRequestBegin(Attributes request)
{
if (request != null)
request.setAttribute(VIOLATIONS_ATTR_KEY, events);
}

@Override
public void onRequestEnd(Attributes request)
{
}

@Override
public void onComplianceViolation(Event event)
{
events.add(event);
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
//
// ========================================================================
// Copyright (c) 1995 Mort Bay Consulting Pty Ltd and others.
//
// This program and the accompanying materials are made available under the
// terms of the Eclipse Public License v. 2.0 which is available at
// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
// which is available at https://www.apache.org/licenses/LICENSE-2.0.
//
// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
// ========================================================================
//

package org.eclipse.jetty.http;

public class ComplianceViolationException extends IllegalArgumentException
{
private final ComplianceViolation.Event event;

public ComplianceViolationException(ComplianceViolation.Mode mode, ComplianceViolation violation, String details)
{
this(new ComplianceViolation.Event(mode, violation, details));
}

public ComplianceViolationException(ComplianceViolation.Event event)
{
super(event.toString());
this.event = event;
}

public ComplianceViolation.Event getEvent()
{
return event;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -366,7 +366,7 @@ else if (tokenstart >= 0)
protected void reportComplianceViolation(CookieCompliance.Violation violation, String reason)
{
if (_complianceListener != null)
_complianceListener.onComplianceViolation(_complianceMode, violation, reason);
_complianceListener.onComplianceViolation(new ComplianceViolation.Event(_complianceMode, violation, reason));
}

protected boolean isRFC6265RejectedCharacter(char c)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -82,13 +82,15 @@ public enum Violation implements ComplianceViolation
* as invalid even if the multiple values are the same. A deployment may include this violation to allow multiple
* {@code Content-Length} values to be received, but only if they are identical.
*/
// TODO: see if this is a violation in HTTP/2 & HTTP/3 as well
MULTIPLE_CONTENT_LENGTHS("https://tools.ietf.org/html/rfc7230#section-3.3.2", "Multiple Content-Lengths"),

/**
* Since <a href="https://tools.ietf.org/html/rfc7230#section-3.3.1">RFC 7230</a>, the HTTP protocol has required that
* a request is invalid if it contains both a {@code Transfer-Encoding} field and {@code Content-Length} field.
* A deployment may include this violation to allow both fields to be in a received request.
*/
// TODO: see if this is a violation in HTTP/2 & HTTP/3 as well
TRANSFER_ENCODING_WITH_CONTENT_LENGTH("https://tools.ietf.org/html/rfc7230#section-3.3.1", "Transfer-Encoding and Content-Length"),

/**
Expand All @@ -110,20 +112,23 @@ public enum Violation implements ComplianceViolation
* says that a Server must reject a request duplicate host headers.
* A deployment may include this violation to allow duplicate host headers on a received request.
*/
// TODO: see if this is a violation in HTTP/2 & HTTP/3 as well
DUPLICATE_HOST_HEADERS("https://www.rfc-editor.org/rfc/rfc7230#section-5.4", "Duplicate Host Header"),

/**
* Since <a href="https://www.rfc-editor.org/rfc/rfc7230#section-2.7.1">RFC 7230</a>, the HTTP protocol
* should reject a request if the Host headers contains an invalid / unsafe authority.
* A deployment may include this violation to allow unsafe host headesr on a received request.
*/
// TODO: see if this is a violation in HTTP/2 & HTTP/3 as well
UNSAFE_HOST_HEADER("https://www.rfc-editor.org/rfc/rfc7230#section-2.7.1", "Invalid Authority"),

/**
* Since <a href="https://www.rfc-editor.org/rfc/rfc7230#section-5.4">RFC 7230: Section 5.4</a>, the HTTP protocol
* must reject a request if the target URI has an authority that is different than a provided Host header.
* A deployment may include this violation to allow different values on the target URI and the Host header on a received request.
*/
// TODO: see if this is a violation in HTTP/2 & HTTP/3 as well
MISMATCHED_AUTHORITY("https://www.rfc-editor.org/rfc/rfc7230#section-5.4", "Mismatched Authority");

private final String url;
Expand Down Expand Up @@ -156,8 +161,14 @@ public String getDescription()

/**
* The request attribute which may be set to record any allowed HTTP violations.
* @deprecated use {@link ComplianceViolation.CapturingListener#VIOLATIONS_ATTR_KEY} instead.<br>
* (Note: new ATTR captures all Compliance violations, not just HTTP.<br>
* Make sure you have {@code HttpConnectionFactory.setRecordHttpComplianceViolations(true)}.<br>
* Also make sure that a {@link ComplianceViolation.CapturingListenerFactory} has been added as a bean to
* either the {@code Connector} or {@code Server} for the Attribute to be created.)
*/
public static final String VIOLATIONS_ATTR = "org.eclipse.jetty.http.compliance.violations";
@Deprecated(since = "12.0.5", forRemoval = true)
public static final String VIOLATIONS_ATTR = ComplianceViolation.CapturingListener.VIOLATIONS_ATTR_KEY;

/**
* The HttpCompliance mode that supports <a href="https://tools.ietf.org/html/rfc7230">RFC 7230</a>
Expand Down Expand Up @@ -210,7 +221,8 @@ public static HttpCompliance valueOf(String name)
if (compliance.getName().equals(name))
return compliance;
}
LOG.warn("Unknown HttpCompliance mode {}", name);
if (name.indexOf(',') == -1) // skip warning if delimited, will be handled by .from() properly as a CUSTOM mode.
LOG.warn("Unknown HttpCompliance mode {}", name);
return null;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -229,7 +229,6 @@ public enum State
private final HttpHandler _handler;
private final RequestHandler _requestHandler;
private final ResponseHandler _responseHandler;
private final ComplianceViolation.Listener _complianceListener;
private final int _maxHeaderBytes;
private final HttpCompliance _complianceMode;
private final Utf8StringBuilder _uri = new Utf8StringBuilder(INITIAL_URI_LENGTH);
Expand Down Expand Up @@ -309,7 +308,6 @@ private HttpParser(RequestHandler requestHandler, ResponseHandler responseHandle
_responseHandler = responseHandler;
_maxHeaderBytes = maxHeaderBytes;
_complianceMode = compliance;
_complianceListener = (ComplianceViolation.Listener)(_handler instanceof ComplianceViolation.Listener ? _handler : null);
}

public long getBeginNanoTime()
Expand Down Expand Up @@ -357,8 +355,8 @@ protected void reportComplianceViolation(Violation violation)

protected void reportComplianceViolation(Violation violation, String reason)
{
if (_complianceListener != null)
_complianceListener.onComplianceViolation(_complianceMode, violation, reason);
if (_requestHandler != null)
_requestHandler.onViolation(new ComplianceViolation.Event(_complianceMode, violation, reason));
}

protected String caseInsensitiveHeader(String orig, String normative)
Expand Down Expand Up @@ -2020,6 +2018,14 @@ default void parsedTrailer(HttpField field)
*/
void earlyEOF();

/**
* Called to indicate that a {@link ComplianceViolation} has occurred.
* @param event the Compliance Violation event
*/
default void onViolation(ComplianceViolation.Event event)
{
}

/**
* Called to signal that a bad HTTP message has been received.
*
Expand Down
Loading