From a4c7fc39624a1ed62867298e86413a0f173984aa Mon Sep 17 00:00:00 2001
From: gregw <gregw@webtide.com>
Date: Wed, 8 Mar 2023 18:30:08 +0100
Subject: [PATCH] Fully decode #9444

getServletPath and getPathInfo will never return an encoded path segment. Instead, they will throw an IllegalArgumentException if they are called when there is a URI with violations.
---
 .../eclipse/jetty/ee10/servlet/ServletApiRequest.java  |  2 ++
 .../org/eclipse/jetty/ee10/servlet/DispatcherTest.java |  4 ++--
 .../org/eclipse/jetty/ee10/servlet/EncodedURITest.java | 10 ++++++----
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/ServletApiRequest.java b/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/ServletApiRequest.java
index 3bdec54134dd..9329c18e29a0 100644
--- a/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/ServletApiRequest.java
+++ b/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/ServletApiRequest.java
@@ -378,6 +378,8 @@ private void checkForUriComplianceViolations()
             {
                 switch (violation)
                 {
+                    // TODO optionally don't throw?
+                    // TODO review which violations
                     case AMBIGUOUS_PATH_SEGMENT, AMBIGUOUS_PATH_SEPARATOR, AMBIGUOUS_PATH_PARAMETER, AMBIGUOUS_PATH_ENCODING ->
                         // TODO throw new BadMessage.IllegalArgumentException("Ambiguous URI encoding");
                         throw new BadMessageException("Ambiguous URI encoding");
diff --git a/jetty-ee10/jetty-ee10-servlet/src/test/java/org/eclipse/jetty/ee10/servlet/DispatcherTest.java b/jetty-ee10/jetty-ee10-servlet/src/test/java/org/eclipse/jetty/ee10/servlet/DispatcherTest.java
index 7792cc3f0aca..50af4a837056 100644
--- a/jetty-ee10/jetty-ee10-servlet/src/test/java/org/eclipse/jetty/ee10/servlet/DispatcherTest.java
+++ b/jetty-ee10/jetty-ee10-servlet/src/test/java/org/eclipse/jetty/ee10/servlet/DispatcherTest.java
@@ -212,12 +212,12 @@ public void testForwardWithParam() throws Exception
         String expected = """
             HTTP/1.1 200 OK\r
             Content-Type: text/plain\r
-            Content-Length: 56\r
+            Content-Length: 54\r
             Connection: close\r
             \r
             /context\r
             /EchoURI\r
-            /x%20x\r
+            /x x\r
             /context/EchoURI/x%20x;a=1\r
             """;
         assertEquals(expected, responses);
diff --git a/jetty-ee10/jetty-ee10-servlet/src/test/java/org/eclipse/jetty/ee10/servlet/EncodedURITest.java b/jetty-ee10/jetty-ee10-servlet/src/test/java/org/eclipse/jetty/ee10/servlet/EncodedURITest.java
index bb836cf47398..77adcf052408 100644
--- a/jetty-ee10/jetty-ee10-servlet/src/test/java/org/eclipse/jetty/ee10/servlet/EncodedURITest.java
+++ b/jetty-ee10/jetty-ee10-servlet/src/test/java/org/eclipse/jetty/ee10/servlet/EncodedURITest.java
@@ -27,6 +27,7 @@
 import jakarta.servlet.http.HttpServlet;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.eclipse.jetty.http.UriCompliance;
 import org.eclipse.jetty.server.HttpConfiguration;
 import org.eclipse.jetty.server.LocalConnector;
 import org.eclipse.jetty.server.Server;
@@ -149,6 +150,7 @@ public void testCanonicallyEncodedUris(String separator) throws Exception
         context2.setContextPath("/context_path".replace("_", separator));
         _contextCollection.addHandler(context2);
         context2.addServlet(TestServlet.class, URIUtil.decodePath("/test_servlet/*".replace("_", separator)));
+        _connector.getConnectionFactory(HttpConfiguration.ConnectionFactory.class).getHttpConfiguration().setUriCompliance(UriCompliance.UNSAFE);
         _server.start();
 
         String response = _connector.getResponse("GET /context_path/test_servlet/path_info HTTP/1.0\n\n".replace("_", separator));
@@ -157,8 +159,8 @@ public void testCanonicallyEncodedUris(String separator) throws Exception
         assertThat(response, Matchers.containsString("contextPath=/context_path".replace("_", separator)));
         if ("%2F".equals(separator))
         {
-            assertThat(response, Matchers.containsString("servletPath=org.eclipse.jetty.http.BadMessage$IllegalArgumentException: 400: Ambiguous URI encoding"));
-            assertThat(response, Matchers.containsString("pathInfo=org.eclipse.jetty.http.BadMessage$IllegalArgumentException: 400: Ambiguous URI encoding"));
+            assertThat(response, Matchers.containsString("servletPath=org.eclipse.jetty.http.BadMessageException: 400: Ambiguous URI encoding"));
+            assertThat(response, Matchers.containsString("pathInfo=org.eclipse.jetty.http.BadMessageException: 400: Ambiguous URI encoding"));
         }
         else
         {
@@ -179,7 +181,7 @@ public void service(HttpServletRequest request, HttpServletResponse response) th
             {
                 response.getWriter().println("servletPath=" + request.getServletPath());
             }
-            catch (IllegalArgumentException e)
+            catch (Throwable e)
             {
                 response.getWriter().println("servletPath=" + e);
             }
@@ -187,7 +189,7 @@ public void service(HttpServletRequest request, HttpServletResponse response) th
             {
                 response.getWriter().println("pathInfo=" + request.getPathInfo());
             }
-            catch (IllegalArgumentException e)
+            catch (Throwable e)
             {
                 response.getWriter().println("pathInfo=" + e);
             }