Package org.glassfish.grizzly.http.util

Class HttpRequestURIDecoder

  • public class HttpRequestURIDecoder
extends Object
    Utility class that make sure an HTTP url defined inside a MessageBytes is normalized, converted and valid. It also makes sure there is no security hole. Mainly, this class can be used by doing: 

     

 HttpRequestURIDecoder.decode(decodedURI, urlDecoder, encoding, b2cConverter);
    Author:
    Jeanfrancois Arcand

    • Constructor Detail

      • HttpRequestURIDecoder

        public HttpRequestURIDecoder()

    • Method Detail

      • decode

        public static void decode​(MessageBytes decodedURI,
                          UDecoder urlDecoder)
                   throws Exception
        Decode the http request represented by the bytes inside MessageBytes using an UDecoder.
        Parameters:
        decodedURI - - The bytes to decode
        urlDecoder - - The urlDecoder to use to decode.
        Throws:
        Exception

      • decode

        public static void decode​(MessageBytes decodedURI,
                          UDecoder urlDecoder,
                          String encoding,
                          B2CConverter b2cConverter)
                   throws Exception
        Decode the HTTP request represented by the bytes inside MessageBytes using an UDecoder, using the specified encoding, using the specified [@link B2CConverter} to decode the request.
        Parameters:
        decodedURI - - The bytes to decode
        urlDecoder - - The urlDecoder to use to decode.
        encoding - the encoding value, default is UTF-8.
        b2cConverter - the Bytes to Char Converter.
        Throws:
        Exception

      • decode

        public static void decode​(DataChunk decodedURI,
                          boolean isSlashAllowed,
                          Charset encoding)
                   throws CharConversionException
        Decode the HTTP request represented by the bytes inside DataChunk.
        Parameters:
        decodedURI - - The bytes to decode
        isSlashAllowed - allow encoded slashes
        encoding - the encoding value, default is UTF-8.
        Throws:
        CharConversionException

      • decode

        public static void decode​(DataChunk originalURI,
                          DataChunk targetDecodedURI,
                          boolean isSlashAllowed,
                          Charset encoding)
                   throws CharConversionException
        Decode the HTTP request represented by the bytes inside DataChunk.
        Parameters:
        originalURI - - The bytes to decode
        targetDecodedURI - the target DataChunk URI will be decoded to
        isSlashAllowed - is '/' an allowable character
        encoding - the encoding value, default is UTF-8
        Throws:
        CharConversionException

      • convertToChars

        public static void convertToChars​(DataChunk decodedURI,
                                  Charset encoding)
                           throws CharConversionException
        Converts the normalized the HTTP request represented by the bytes inside DataChunk to chars representation, using the passed encoding.
        Parameters:
        decodedURI - - The bytes to decode
        encoding - the encoding value, default is UTF-8.
        Throws:
        CharConversionException

      • normalize

        public static boolean normalize​(MessageBytes uriMB)
        Normalize URI.

        This method normalizes "\", "//", "/./" and "/../". This method will return false when trying to go above the root, or if the URI contains a null byte.

        Parameters:
        uriMB - URI to be normalized
        Returns:
        true if normalization was successful, or false otherwise

      • normalize

        public static boolean normalize​(DataChunk dataChunk)
        Normalize URI.

        This method normalizes "\", "//", "/./" and "/../". This method will return false when trying to go above the root, or if the URI contains a null byte.

        Parameters:
        dataChunk - URI to be normalized
        Returns:
        true if normalization was successful, or false otherwise

      • checkNormalize

        public static boolean checkNormalize​(CharChunk uriCC)
        Check that the URI is normalized following character decoding.

        This method checks for "\", 0, "//", "/./" and "/../". This method will return false if sequences that are supposed to be normalized are still present in the URI.

        Parameters:
        uriCC - URI to be checked (should be chars)
        Returns:
        true if the uriCC represents a normalized URI, or false otherwise

      • normalizeChars

        public static boolean normalizeChars​(CharChunk uriCC)

      • copyBytes

        protected static void copyBytes​(byte[] b,
                                int dest,
                                int src,
                                int len)
        Copy an array of bytes to a different position. Used during normalization.

      • log

        protected void log​(String message)
        Log a message on the Logger associated with our Container (if any)
        Parameters:
        message - Message to be logged

      • log

        protected void log​(String message,
                   Throwable throwable)
        Log a message on the Logger associated with our Container (if any)
        Parameters:
        message - Message to be logged
        throwable - Associated exception

      • convertMB

        protected void convertMB​(MessageBytes mb)
        Character conversion of the a US-ASCII MessageBytes.

      • normalizeBytes

        public static boolean normalizeBytes​(ByteChunk bc)

      • normalizeBuffer

        public static boolean normalizeBuffer​(BufferChunk bc)