//
// ========================================================================
// Copyright (c) 1995-2017 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.rewrite.handler;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.util.URIUtil;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
/**
* This rule can be used to protect against invalid unicode characters in a url making it into applications.
* <p>
* The logic is as follows.
* <ul>
* <li>if decoded uri character is an iso control character return code/reason</li>
* <li>if no UnicodeBlock is found for character return code/reason</li>
* <li>if character is in UnicodeBlock.SPECIALS return code/reason</li>
* </ul>
*/
public class ValidUrlRule extends Rule
{
private static final Logger LOG = Log.getLogger(ValidUrlRule.class);
String _code = "400";
String _reason = "Illegal Url";
public ValidUrlRule()
{
_handling = true;
_terminating = true;
}
/* ------------------------------------------------------------ */
/**
* Sets the response status code.
*
* @param code
* response code
*/
public void setCode(String code)
{
_code = code;
}
/* ------------------------------------------------------------ */
/**
* Sets the reason for the response status code. Reasons will only reflect if the code value is greater or equal to 400.
*
* @param reason the reason
*/
public void setReason(String reason)
{
_reason = reason;
}
@Override
public String matchAndApply(String target, HttpServletRequest request, HttpServletResponse response) throws IOException
{
// best to decide the request uri and validate that
// String uri = request.getRequestURI();
String uri = URIUtil.decodePath(request.getRequestURI());
for (int i = 0; i < uri.length();)
{
int codepoint = uri.codePointAt(i);
if (!isValidChar(uri.codePointAt(i)))
{
int code = Integer.parseInt(_code);
// status code 400 and up are error codes so include a reason
if (code >= 400)
{
response.sendError(code,_reason);
}
else
{
response.setStatus(code);
}
// we have matched, return target and consider it is handled
return target;
}
i += Character.charCount(codepoint);
}
// we have not matched so return null
return null;
}
protected boolean isValidChar(int codepoint)
{
Character.UnicodeBlock block = Character.UnicodeBlock.of(codepoint);
LOG.debug("{} {} {} {}", Character.charCount(codepoint), codepoint, block, Character.isISOControl(codepoint));
return (!Character.isISOControl(codepoint)) && block != null && block != Character.UnicodeBlock.SPECIALS;
}
public String toString()
{
return super.toString() + "[" + _code + ":" + _reason + "]";
}
}