On 28/03/17 15:23, Katya Todorova wrote: > Hi, >> r1787662 adds Host header validation along with a fair number of unit tests. >> It includes a performance test which indicates - on my machine at least >> - that the performance impact is in the noise. I'd like to see better >> performance for full IPv6 addresses but the current code looks to be >> acceptable. >> The validation is not yet integrated into the request processing. My >> primary reason for not integrating it is that it will trigger a 400 >> response if the header is invalid and I don't want to incorrectly reject >> valid headers. Therefore I have a request. Please try and break these >> new parsers. > > > I’ve looked at the new http host parsers and tried some test data. > Most of the test cases have already been covered but still several > issues popped up:
Thanks for the additional test cases. This is exactly the sort of feedback I was looking for. Would you like to get more involved in Tomcat development? If so, turning these into a patch for the unit tests could be good place to start. You'll need to mark the tests with @Ignore for now until the underlying bugs are fixed. For bonus points, fix the bugs in the parser so the tests pass. Mark > > - IPv6 addresses containing ::: are considered valid while they should > not be - e.g . [:::2222:3333:4444:5555:6666:7777:8888] > > (except when “:::” are located in the end , in that case the host is > rejected as invalid) > > - IPv4 part of IPv6 addresses should not contain leading zeros > according to the following part of the specification: > > IPv4address = dec-octet "." dec-octet "." dec-octet "." dec-octet > > dec-octet = DIGIT ; 0-9 > > / %x31-39 DIGIT ; 10-99 > > / "1" 2DIGIT ; 100-199 > > / "2" %x30-34 DIGIT ; 200-249 > > / "25" %x30-35 ; 250-255 > > However, whether leading zeros are permitted or not seems to be a > matter of a recommendation rather than a strict rule. This may lead > to ambiguity since many sources over the internet consider 01.02.03.04 > as valid but [::01.02.03.04] as invalid. > > - IPv6 Host containing any symbol other than : after ] is considered > valid though these trailing symbols after the ] are ignored > > e.g. [::1]’, [::1] a > > - It seems that compression just before the IPv4 part is not handled > correctly. > > This one is considered invalid but should be valid [a:b:c:d:e::1.2.3.4] > > Most of the test data has been taken from here: > > [1] http://home.deds.nl/~aeron/regex/invalid_ipv6.txt > [2] http://home.deds.nl/~aeron/regex/valid_ipv6.txt > > >> Please commit any values you test with. > > >> Once we are happy with the quality of these parsers, I'll integrate them >> into the request processing. >> Mark > > Kind regards, > > Katya > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
