https://bz.apache.org/bugzilla/show_bug.cgi?id=60808
Bug ID: 60808
Summary: ServletRequest.getParameterMap() not fully immutable
Product: Tomcat 8
Version: 8.5.x-trunk
Hardware: PC
OS: Mac OS X 10.1
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: woon...@apache.org
Target Milestone: ----
A corner case was discovered: if
request.getParameterMap().keySet().retainAll(set) is called even after the
internal ParameterMap is locked.
Reproducible step:
- Create a simple JSP page like this:
<%
// test.jsp
out.println("request.getParameterMap(): " + request.getParameterMap());
request.getParameterMap().keySet().retainAll(java.util.Collections.emptySet());
out.println("request.getParameterMap(): " + request.getParameterMap());
%>
- Request the page. e.g, http://localhost:8080/examples/test.jsp?p1=v1&p2=v2
- You will notice the second output is empty.
According to the javadoc of javax.servlet.ServletRequest#getParameterMap(), the
returned map must be immutable. But, its #keySet() seems to return a mutable
set. It could have returned an unmodifiable set at least like
Collections.unmodifiableMap(map) does.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
