[jdk11u-dev] RFR: 8245245: WebSocket can lose the URL encoding of URI query parameters [v5]

Christoph Langer clanger at openjdk.org
Sun Dec 25 06:59:01 UTC 2022 

On Mon, 19 Dec 2022 18:01:44 GMT, Michal Karm Babacek <duke at openjdk.org> wrote:

>> Proposes to backport [JDK-8245245](https://bugs.openjdk.org/browse/JDK-8245245).
>> 
>> The backport is clean as far as the actual `OpeningHandshake.java` goes. The test needed a little tweak so as to compile with `SimpleSSLContext` and also to handle the fact that the erroneous response does not bring a response body.
>> 
>> The test passes with the patch, fails without it.
>> 
>> 
>> $ make clean run-test TEST="jtreg:test/jdk/java/net/httpclient/websocket/HandshakeUrlEncodingTest.java"
>> ...
>> ==============================
>> Test summary
>> ==============================
>>    TEST                                              TOTAL  PASS  FAIL ERROR   
>>    jtreg:test/jdk/java/net/httpclient/websocket/HandshakeUrlEncodingTest.java
>>                                                          1     1     0     0   
>> ==============================
>> TEST SUCCESS
>> 
>> Stopping sjavac server
>> Finished building targets 'clean run-test' in configuration 'linux-x86_64-normal-server-release'
>> 
>> In addition to that, I compiled and executed the original `WebSocketTest.java` reproducer found on  [JDK-8245245](https://bugs.openjdk.org/browse/JDK-8245245) JIRA.
>> 
>> 
>> ## Unpatched Temurin-11.0.17+8  ❌ 
>> 
>> $ java WebSocketTest 
>> Http Request
>> http://localhost:8000/?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
>> Server RequestURI: /?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
>> WebSocket Request
>> ws://localhost:8000/?&raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
>> Server RequestURI: /?&raw=abc+def/ghi=xyz&encoded=abc+def/ghi=xyz
>> 
>> 
>> ## Patched jdk11u ✔ 
>> 
>> $ java WebSocketTest 
>> Http Request
>> http://localhost:8000/?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
>> Server RequestURI: /?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
>> WebSocket Request
>> ws://localhost:8000/?&raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
>> Server RequestURI: /?&raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
>> 
>> The patched version correctly leaves the latter part of the query param encoded.
>
> Michal Karm Babacek has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Replaces a comment about JDK-8240666

> > OK, let me try to trigger the backports for you, see [here](https://github.com/openjdk/jdk/commit/909d0cb4d9475fd367b8bc64a6b50c5a324e9a01#commitcomment-93691813)...
> 
> THX @RealCLanger JDK 17 [openjdk/jdk17u-dev#982](https://github.com/openjdk/jdk17u-dev/pull/982) JDK 20 [openjdk/jdk20#76](https://github.com/openjdk/jdk20/pull/76)

Hi @Karm, I already did the backports, they are already integrated. You can close your PRs... 😄

-------------

PR: https://git.openjdk.org/jdk11u-dev/pull/1558

More information about the jdk-updates-dev mailing list