[jdk11u-dev] RFR: 8245245: WebSocket can lose the URL encoding of URI query parameters

Michal Karm Babacek duke at openjdk.org
Wed Nov 30 09:59:36 UTC 2022 

Proposes to backport [JDK-8245245](https://bugs.openjdk.org/browse/JDK-8245245).

The backport is clean as far as the actual `OpeningHandshake.java` goes. The test needed a little tweak so as to compile with `SimpleSSLContext` and also to handle the fact that the erroneous response does not bring a response body.

The test passes with the patch, fails without it.


$ make clean run-test TEST="jtreg:test/jdk/java/net/httpclient/websocket/HandshakeUrlEncodingTest.java"
...
==============================
Test summary
==============================
   TEST                                              TOTAL  PASS  FAIL ERROR   
   jtreg:test/jdk/java/net/httpclient/websocket/HandshakeUrlEncodingTest.java
                                                         1     1     0     0   
==============================
TEST SUCCESS

Stopping sjavac server
Finished building targets 'clean run-test' in configuration 'linux-x86_64-normal-server-release'

In addition to that, I compiled and executed the original `WebSocketTest.java` reproducer found on  [JDK-8245245](https://bugs.openjdk.org/browse/JDK-8245245) JIRA.


## Unpatched Temurin-11.0.17+8  ❌ 

$ java WebSocketTest 
Http Request
http://localhost:8000/?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
Server RequestURI: /?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
WebSocket Request
ws://localhost:8000/?&raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
Server RequestURI: /?&raw=abc+def/ghi=xyz&encoded=abc+def/ghi=xyz


## Patched jdk11u ✔ 

$ java WebSocketTest 
Http Request
http://localhost:8000/?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
Server RequestURI: /?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
WebSocket Request
ws://localhost:8000/?&raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
Server RequestURI: /?&raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz

The patched version correctly leaves the latter part of the query param encoded.

-------------

Commit messages:
 - Backports JDK-8245245: WebSocket can lose the URL encoding

Changes: https://git.openjdk.org/jdk11u-dev/pull/1558/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk11u-dev&pr=1558&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8245245
  Stats: 215 lines in 2 files changed: 207 ins; 6 del; 2 mod
  Patch: https://git.openjdk.org/jdk11u-dev/pull/1558.diff
  Fetch: git fetch https://git.openjdk.org/jdk11u-dev pull/1558/head:pull/1558

PR: https://git.openjdk.org/jdk11u-dev/pull/1558

More information about the jdk-updates-dev mailing list