Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-2163

Predicate Language cannot set attribute to empty string

    XMLWordPrintable

Details

    Description

      The following predicate handler, 

      set( attribute=%{i,X-Tomcat-DocRoot}, value='' )

      produces a nasty parsing exception 

      java.lang.StringIndexOutOfBoundsException: index -1,length 0
        at java.base/java.lang.String.checkIndex(Unknown Source)
        at java.base/java.lang.AbstractStringBuilder.charAt(Unknown Source)
        at java.base/java.lang.StringBuilder.charAt(Unknown Source)
        at io.undertow.server.handlers.builder.PredicatedHandlersParser.tokenize(PredicatedHandlersParser.java:617)
        at io.undertow.server.handlers.builder.PredicatedHandlersParser.parse(PredicatedHandlersParser.java:84)

      It doesn't seem that the parser was designed to handle the simple scenario of empty quotes!  

      Leaving off the `value` parameter from the handler parses OK,

      set( attribute=%{i,X-Tomcat-DocRoot} )

      but throws an NPE when the handler actually runs:

      java.lang.NullPointerException: null
        at io.undertow.server.handlers.SetAttributeHandler.handleRequest(SetAttributeHandler.java:117)
        at io.undertow.predicate.PredicatesHandler.handleRequest(PredicatesHandler.java:113)

      The expected behavior for both of these examples would be to initialize the attribute (an HTTP request header in this case) to an empty value.

       

      Attachments

        Issue Links

          incorporates

          Bug - A problem which impairs or prevents the functions of the product. UNDERTOW-1885 Predicate Language: Parsing mishandles escaped quotes in string literal

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. UNDERTOW-1885 Predicate Language: Parsing mishandles escaped quotes in string literal

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component WFCORE-6057 Upgrade Undertow to 2.3.0.Final (CVE-2022-2764)

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: UNDERTOW

              People

                rhn-support-rmartinc Ricardo Martin Camarero
                bdw429s Brad Wood
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: