[jdk11u-dev] RFR: 8245245: WebSocket can lose the URL encoding of URI query parameters [v5]

Michal Karm Babacek duke at openjdk.org
Mon Dec 19 18:01:44 UTC 2022 

> Proposes to backport [JDK-8245245](https://bugs.openjdk.org/browse/JDK-8245245).
> 
> The backport is clean as far as the actual `OpeningHandshake.java` goes. The test needed a little tweak so as to compile with `SimpleSSLContext` and also to handle the fact that the erroneous response does not bring a response body.
> 
> The test passes with the patch, fails without it.
> 
> 
> $ make clean run-test TEST="jtreg:test/jdk/java/net/httpclient/websocket/HandshakeUrlEncodingTest.java"
> ...
> ==============================
> Test summary
> ==============================
>    TEST                                              TOTAL  PASS  FAIL ERROR   
>    jtreg:test/jdk/java/net/httpclient/websocket/HandshakeUrlEncodingTest.java
>                                                          1     1     0     0   
> ==============================
> TEST SUCCESS
> 
> Stopping sjavac server
> Finished building targets 'clean run-test' in configuration 'linux-x86_64-normal-server-release'
> 
> In addition to that, I compiled and executed the original `WebSocketTest.java` reproducer found on  [JDK-8245245](https://bugs.openjdk.org/browse/JDK-8245245) JIRA.
> 
> 
> ## Unpatched Temurin-11.0.17+8  ❌ 
> 
> $ java WebSocketTest 
> Http Request
> http://localhost:8000/?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
> Server RequestURI: /?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
> WebSocket Request
> ws://localhost:8000/?&raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
> Server RequestURI: /?&raw=abc+def/ghi=xyz&encoded=abc+def/ghi=xyz
> 
> 
> ## Patched jdk11u ✔ 
> 
> $ java WebSocketTest 
> Http Request
> http://localhost:8000/?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
> Server RequestURI: /?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
> WebSocket Request
> ws://localhost:8000/?&raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
> Server RequestURI: /?&raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
> 
> The patched version correctly leaves the latter part of the query param encoded.

Michal Karm Babacek has updated the pull request incrementally with one additional commit since the last revision:

  Replaces a comment about JDK-8240666

-------------

Changes:
  - all: https://git.openjdk.org/jdk11u-dev/pull/1558/files
  - new: https://git.openjdk.org/jdk11u-dev/pull/1558/files/401b4528..73066140

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk11u-dev&pr=1558&range=04
 - incr: https://webrevs.openjdk.org/?repo=jdk11u-dev&pr=1558&range=03-04

  Stats: 2 lines in 1 file changed: 1 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk11u-dev/pull/1558.diff
  Fetch: git fetch https://git.openjdk.org/jdk11u-dev pull/1558/head:pull/1558

PR: https://git.openjdk.org/jdk11u-dev/pull/1558

More information about the jdk-updates-dev mailing list