root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Upgrade to Undertow 2.3.4.Final 

Closes gh-34304
This commit is contained in:
Andy Wilkinson 2023-02-20 16:32:30 +00:00
parent 6e2be8b284
commit c40e9f437f
4 changed files with 40 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
View File

@ -1534,10 +1534,19 @@ public class ServerProperties {
* Whether the server should decode percent encoded slash characters. Enabling * Whether the server should decode percent encoded slash characters. Enabling
* encoded slashes can have security implications due to different servers * encoded slashes can have security implications due to different servers
* interpreting the slash differently. Only enable this if you have a legacy * interpreting the slash differently. Only enable this if you have a legacy
* application that requires it. * application that requires it. Has no effect when server.undertow.decode-slash
* is set.
*/ */
private boolean allowEncodedSlash = false; private boolean allowEncodedSlash = false;
/**
* Whether encoded slash characters (%2F) should be decoded. Decoding can cause
* security problems if a front-end proxy does not perform the same decoding. Only
* enable this if you have a legacy application that requires it. When set,
* server.undertow.allow-encoded-slash has no effect.
*/
private Boolean decodeSlash;
/** /**
* Whether the URL should be decoded. When disabled, percent-encoded characters in * Whether the URL should be decoded. When disabled, percent-encoded characters in
* the URL will be left as-is. * the URL will be left as-is.
@ -1631,14 +1640,25 @@ public class ServerProperties {
this.maxCookies = maxCookies; this.maxCookies = maxCookies;
} }
@DeprecatedConfigurationProperty(replacement = "server.undertow.decode-slash")
@Deprecated(forRemoval = true, since = "3.0.3")
public boolean isAllowEncodedSlash() { public boolean isAllowEncodedSlash() {
return this.allowEncodedSlash; return this.allowEncodedSlash;
} }
@Deprecated(forRemoval = true, since = "3.0.3")
public void setAllowEncodedSlash(boolean allowEncodedSlash) { public void setAllowEncodedSlash(boolean allowEncodedSlash) {
this.allowEncodedSlash = allowEncodedSlash; this.allowEncodedSlash = allowEncodedSlash;
} }
public Boolean getDecodeSlash() {
return this.decodeSlash;
}
public void setDecodeSlash(Boolean decodeSlash) {
this.decodeSlash = decodeSlash;
}
public boolean isDecodeUrl() { public boolean isDecodeUrl() {
return this.decodeUrl; return this.decodeUrl;
} }

12
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/embedded/UndertowWebServerFactoryCustomizer.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2022 the original author or authors. * Copyright 2012-2023 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -98,7 +98,7 @@ public class UndertowWebServerFactoryCustomizer
map.from(properties::getMaxParameters).to(serverOptions.option(UndertowOptions.MAX_PARAMETERS)); map.from(properties::getMaxParameters).to(serverOptions.option(UndertowOptions.MAX_PARAMETERS));
map.from(properties::getMaxHeaders).to(serverOptions.option(UndertowOptions.MAX_HEADERS)); map.from(properties::getMaxHeaders).to(serverOptions.option(UndertowOptions.MAX_HEADERS));
map.from(properties::getMaxCookies).to(serverOptions.option(UndertowOptions.MAX_COOKIES)); map.from(properties::getMaxCookies).to(serverOptions.option(UndertowOptions.MAX_COOKIES));
map.from(properties::isAllowEncodedSlash).to(serverOptions.option(UndertowOptions.ALLOW_ENCODED_SLASH)); mapSlashProperties(properties, serverOptions);
map.from(properties::isDecodeUrl).to(serverOptions.option(UndertowOptions.DECODE_URL)); map.from(properties::isDecodeUrl).to(serverOptions.option(UndertowOptions.DECODE_URL));
map.from(properties::getUrlCharset).as(Charset::name).to(serverOptions.option(UndertowOptions.URL_CHARSET)); map.from(properties::getUrlCharset).as(Charset::name).to(serverOptions.option(UndertowOptions.URL_CHARSET));
map.from(properties::isAlwaysSetKeepAlive).to(serverOptions.option(UndertowOptions.ALWAYS_SET_KEEP_ALIVE)); map.from(properties::isAlwaysSetKeepAlive).to(serverOptions.option(UndertowOptions.ALWAYS_SET_KEEP_ALIVE));
@ -109,6 +109,14 @@ public class UndertowWebServerFactoryCustomizer
map.from(properties.getOptions()::getSocket).to(socketOptions.forEach(socketOptions::option)); map.from(properties.getOptions()::getSocket).to(socketOptions.forEach(socketOptions::option));
} }
@SuppressWarnings({ "deprecation", "removal" })
private void mapSlashProperties(Undertow properties, ServerOptions serverOptions) {
PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
map.from(properties::isAllowEncodedSlash).to(serverOptions.option(UndertowOptions.ALLOW_ENCODED_SLASH));
map.from(properties::getDecodeSlash).to(serverOptions.option(UndertowOptions.DECODE_SLASH));
}
private boolean isPositive(Number value) { private boolean isPositive(Number value) {
return value.longValue() > 0; return value.longValue() > 0;
} }

9
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/embedded/UndertowWebServerFactoryCustomizerTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2022 the original author or authors. * Copyright 2012-2023 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -150,11 +150,18 @@ class UndertowWebServerFactoryCustomizerTests {
} }
@Test @Test
@Deprecated(forRemoval = true, since = "3.0.3")
void allowEncodedSlashes() { void allowEncodedSlashes() {
bind("server.undertow.allow-encoded-slash=true"); bind("server.undertow.allow-encoded-slash=true");
assertThat(boundServerOption(UndertowOptions.ALLOW_ENCODED_SLASH)).isTrue(); assertThat(boundServerOption(UndertowOptions.ALLOW_ENCODED_SLASH)).isTrue();
} }
@Test
void enableSlashDecoding() {
bind("server.undertow.decode-slash=true");
assertThat(boundServerOption(UndertowOptions.DECODE_SLASH)).isTrue();
}
@Test @Test
void disableUrlDecoding() { void disableUrlDecoding() {
bind("server.undertow.decode-url=false"); bind("server.undertow.decode-url=false");

2
spring-boot-project/spring-boot-dependencies/build.gradle
View File

@ -1489,7 +1489,7 @@ bom {
] ]
} }
} }
library("Undertow", "2.3.3.Final") { library("Undertow", "2.3.4.Final") {
group("io.undertow") { group("io.undertow") {
modules = [ modules = [
"undertow-core", "undertow-core",