Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mutate breaks functionality of StrictFirewallHttpHeaders with recently modified HttpHeaders#writabeHttpHeaders #16069

Open
MichalStehlikCz opened this issue Nov 12, 2024 · 1 comment
Open

Mutate breaks functionality of StrictFirewallHttpHeaders with recently modified HttpHeaders#writabeHttpHeaders #16069

MichalStehlikCz opened this issue Nov 12, 2024 · 1 comment
Assignees
@rwinch
Labels
in: web An issue in web modules (web, webmvc) status: waiting-for-triage An issue we've not yet triaged type: bug A general bug

Comments

@MichalStehlikCz
Copy link

Describe the bug
When request wrapped by StrictServerWebExchangeFirewall / StrictFirewallHttpRequest is mutated, header sanitization provided by StrictFirewallHttpHeaders is removed

This is due to fact that

  • HttpHeaders#writabeHttpHeaders implementation is weird, instead of retrieval and copying of header values, it unwraps inner-most multivalue map and uses it in new (mutable) HttpHeaders instance
  • mutated request uses these new HttpHeaders and does not invoke http headers from delegate

Expected behavior
Mutated request should be protected by StrictFirewallHttpHeaders sanitization.
@MichalStehlikCz MichalStehlikCz added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Nov 12, 2024
@MichalStehlikCz
Copy link
Author

This test illustrates described behaviour

	@Test
	void getMutatedFirewalledExchangeGetHeaderWhenNotAllowedHeaderNameThenException() {
		this.firewall.setAllowedHeaderNames((name) -> !name.equals("bad name"));
		ServerWebExchange exchange = getFirewalledExchange();
		ServerWebExchange mutatedExchange = exchange.mutate()
				.request(exchange.getRequest().mutate().build())
				.build();
		HttpHeaders headers = mutatedExchange.getRequest().getHeaders();
		assertThatExceptionOfType(ServerExchangeRejectedException.class).isThrownBy(() -> headers.get("bad name"));
	}

@sjohnr sjohnr added the in: web An issue in web modules (web, webmvc) label Nov 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: web An issue in web modules (web, webmvc) status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rwinch @sjohnr @MichalStehlikCz