UriComponentsBuilder handles invalid port numbers correctly by glqdlt · Pull Request #26905 · spring-projects/spring-framework

glqdlt · 2021-05-07T10:15:49Z

Hello.
Fixed a bug in the'UriComponentBuilder' class.
The bug occurs in'UriComponentBuilder#fromUriString()'.
A bug occurs when the port of the argument is not a number.

This issue occurs with the 'PORT_PATTERN' regular expression.
If port is not a number, the regular expression is not captured.
This is a good regex, but it causes problems.

You can check the issue in the test code below.

UriComponents stringPort = UriComponentsBuilder.fromUriString("http://localhost:port/path").build();
assertThat(stringPort.getScheme()).isEqualTo("http");
assertThat(stringPort.getHost()).isEqualTo("localhost");
assertThat(stringPort.getPath()).isEqualTo("/path"); 
// expected: "/path", but was "port/path"

'PORT' that is not captured is captured by'PATH_PATTERN'.
private static final String PATH_PATTERN = "([^?#]*)";

I have fixed this bug.
Thank you.

glqdlt · 2021-05-07T15:39:42Z

Sorry. I made a mistake.
Corrected a typo in the PR title and commit message.

(before) Fix bug when 'UriComponentsBuilder#fromUriString()' port was not numer.
(after) Fix bug when 'UriComponentsBuilder#fromUriString()' port was not number.

See gh-26905

glqdlt · 2021-05-10T04:04:28Z

Hello @rstoyanchev
Sorry, there is a serious bug in this pull request.
i fixed a bug (#26918), Could you please review it?
Thank you.

rstoyanchev · 2021-05-10T05:54:22Z

This has broken a Boot test case with a URL such as "http://localhost:52567?trace=false&message=false".

rstoyanchev · 2021-05-10T09:27:36Z

@glqdlt my apologies, I saw your comment but missed the fact you had opened a separate PR. For future reference, simply push your changes to the same branch in order to update the PR.

glqdlt · 2021-05-11T12:44:22Z

@rstoyanchev thank you very much for the comments.

This commit revisits the recently updated `PORT_PATTERN` in `UriComponentsBuilder`. The fix introduced in gh-26905 fails with ambiguous URL patterns, especially when the port and path parts of the pattern are hard to differentiate, for example "https://localhost:{port}{path}". This commit reinstates the previous behavior without undoing the actual fix. The only limitation introduced here is the fact that only a single pattern variable is allowed for the port pattern part. Fixes gh-27039

See spring-projectsgh-26905

Closes spring-projectsgh-26905

The pattern was changed in 65797d0 to check for characters up until "/", instead of for digits, but now also checks up until "?" and "#". Closes spring-projectsgh-26905

This commit revisits the recently updated `PORT_PATTERN` in `UriComponentsBuilder`. The fix introduced in spring-projectsgh-26905 fails with ambiguous URL patterns, especially when the port and path parts of the pattern are hard to differentiate, for example "https://localhost:{port}{path}". This commit reinstates the previous behavior without undoing the actual fix. The only limitation introduced here is the fact that only a single pattern variable is allowed for the port pattern part. Fixes spring-projectsgh-27039

spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label May 7, 2021

rstoyanchev self-assigned this May 7, 2021

rstoyanchev added in: web Issues in web modules (web, webmvc, webflux, websocket) type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels May 7, 2021

rstoyanchev added this to the 5.3.7 milestone May 7, 2021

Fix bug when 'UriComponentsBuilder#fromUriString()' port was not number.

fd6659e

glqdlt changed the title ~~Fix bug when 'UriComponentsBuilder#fromUriString()' port was not numer.~~ Fix bug when 'UriComponentsBuilder#fromUriString()' port was not number. May 7, 2021

glqdlt force-pushed the fix/UriComponentsBuilderNonNumberPort branch from 4e11755 to fd6659e Compare May 7, 2021 15:34

rstoyanchev pushed a commit that referenced this pull request May 7, 2021

UriComponentsBuilder handles invalid port correctly

65797d0

See gh-26905

rstoyanchev closed this in e0fa58a May 7, 2021

rstoyanchev changed the title ~~Fix bug when 'UriComponentsBuilder#fromUriString()' port was not number.~~ UriComponentsBuilder handles invalid port numbers correctly May 7, 2021

nguyensach mentioned this pull request May 8, 2021

UriComponentsBuilder when with port and query or fragment but no path #26910

Closed

glqdlt mentioned this pull request May 10, 2021

Bug Fix the port regular expression in'UriComponentsBuilder'. #26918

Closed

rstoyanchev reopened this May 10, 2021

rstoyanchev closed this in 0468ef4 May 10, 2021

sync-by-unito Bot mentioned this pull request May 12, 2021

Bump spring.version from 5.3.6 to 5.3.7 liquibase/liquibase-hibernate#325

Merged

izeye mentioned this pull request May 18, 2021

Polish PORT_PATTERN in UriComponentsBuilder #26951

Merged

bclozel mentioned this pull request Jun 8, 2021

Revisit fix for gh-26905 in UriComponentsBuilder #27039

Closed

sync-by-unito Bot mentioned this pull request Jun 10, 2021

Bump spring.version from 5.3.7 to 5.3.8 liquibase/liquibase-hibernate#336

Closed

fanjiwang1992 mentioned this pull request Nov 8, 2021

高版本spring(5.3.7以及以上)UriComponentsBuilder的URI_PATTERN发生变化，没办法识别CSE的URI(cse://appid:servicename/...)) apache/servicecomb-java-chassis#2631

Closed

happyWilliam0 mentioned this pull request Nov 10, 2021

The spring-framework 5.3.12 does not support the servicecomb address like cse://appId:microserviceName/xxx/xxxx/xxxx #27663

Closed

lxbzmy pushed a commit to lxbzmy/spring-framework that referenced this pull request Mar 26, 2022

UriComponentsBuilder handles invalid port correctly

416a023

See spring-projectsgh-26905

lxbzmy pushed a commit to lxbzmy/spring-framework that referenced this pull request Mar 26, 2022

Polishing contribution

f52547a

Closes spring-projectsgh-26905

sbrannen mentioned this pull request May 25, 2022

HierarchicalUriComponents::getPort() throws NumberFormatException with invalid port in URI #28521

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

UriComponentsBuilder handles invalid port numbers correctly#26905

UriComponentsBuilder handles invalid port numbers correctly#26905
glqdlt wants to merge 1 commit intospring-projects:mainfrom
glqdlt:fix/UriComponentsBuilderNonNumberPort

glqdlt commented May 7, 2021

Uh oh!

glqdlt commented May 7, 2021

Uh oh!

glqdlt commented May 10, 2021

Uh oh!

rstoyanchev commented May 10, 2021 •

edited

Loading

Uh oh!

rstoyanchev commented May 10, 2021

Uh oh!

glqdlt commented May 11, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

glqdlt commented May 7, 2021

Uh oh!

glqdlt commented May 7, 2021

Uh oh!

glqdlt commented May 10, 2021

Uh oh!

rstoyanchev commented May 10, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

rstoyanchev commented May 10, 2021

Uh oh!

glqdlt commented May 11, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

rstoyanchev commented May 10, 2021 •

edited

Loading