[jdk11u-dev] RFR: 8245245: WebSocket can lose the URL encoding of URI query parameters

Severin Gehwolf sgehwolf at openjdk.org
Wed Nov 30 09:59:36 UTC 2022 

On Wed, 30 Nov 2022 01:52:47 GMT, Michal Karm Babacek <duke at openjdk.org> wrote:

> Proposes to backport [JDK-8245245](https://bugs.openjdk.org/browse/JDK-8245245).
> 
> The backport is clean as far as the actual `OpeningHandshake.java` goes. The test needed a little tweak so as to compile with `SimpleSSLContext` and also to handle the fact that the erroneous response does not bring a response body.
> 
> The test passes with the patch, fails without it.
> 
> 
> $ make clean run-test TEST="jtreg:test/jdk/java/net/httpclient/websocket/HandshakeUrlEncodingTest.java"
> ...
> ==============================
> Test summary
> ==============================
>    TEST                                              TOTAL  PASS  FAIL ERROR   
>    jtreg:test/jdk/java/net/httpclient/websocket/HandshakeUrlEncodingTest.java
>                                                          1     1     0     0   
> ==============================
> TEST SUCCESS
> 
> Stopping sjavac server
> Finished building targets 'clean run-test' in configuration 'linux-x86_64-normal-server-release'
> 
> In addition to that, I compiled and executed the original `WebSocketTest.java` reproducer found on  [JDK-8245245](https://bugs.openjdk.org/browse/JDK-8245245) JIRA.
> 
> 
> ## Unpatched Temurin-11.0.17+8  ❌ 
> 
> $ java WebSocketTest 
> Http Request
> http://localhost:8000/?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
> Server RequestURI: /?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
> WebSocket Request
> ws://localhost:8000/?&raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
> Server RequestURI: /?&raw=abc+def/ghi=xyz&encoded=abc+def/ghi=xyz
> 
> 
> ## Patched jdk11u ✔ 
> 
> $ java WebSocketTest 
> Http Request
> http://localhost:8000/?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
> Server RequestURI: /?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
> WebSocket Request
> ws://localhost:8000/?&raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
> Server RequestURI: /?&raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
> 
> The patched version correctly leaves the latter part of the query param encoded.

@Karm Please change the PR title to `Backport c07ce7eec71aefbd3cb624e03ca53f5148d01f19` so that the bots recognize this as a backport. Please be sure to run `:jdk_net` test group before/after as well.

-------------

PR: https://git.openjdk.org/jdk11u-dev/pull/1558

More information about the jdk-updates-dev mailing list