Modify HTTPRequestParser to use a a byte buffer before converting to a String

mmanes · mmanes · commit dfa0134cf24f · 2024-06-06T17:13:37.000-06:00
Update value character validator
Add test
diff --git a/java-http.iml b/java-http.iml
@@ -72,11 +72,11 @@
     <orderEntry type="module-library" scope="TEST">
       <library>
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/.savant/cache/org/testng/testng/7.8.0/testng-7.8.0.jar!/" />
+          <root url="jar://$MODULE_DIR$/.savant/cache/org/testng/testng/7.10.2/testng-7.10.2.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/.savant/cache/org/testng/testng/7.8.0/testng-7.8.0-src.jar!/" />
+          <root url="jar://$MODULE_DIR$/.savant/cache/org/testng/testng/7.10.2/testng-7.10.2-src.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
@@ -105,11 +105,11 @@
     <orderEntry type="module-library" scope="TEST">
       <library>
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/.savant/cache/org/webjars/jquery/3.6.1/jquery-3.6.1.jar!/" />
+          <root url="jar://$MODULE_DIR$/.savant/cache/org/webjars/jquery/3.7.1/jquery-3.7.1.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/.savant/cache/org/webjars/jquery/3.6.1/jquery-3.6.1-src.jar!/" />
+          <root url="jar://$MODULE_DIR$/.savant/cache/org/webjars/jquery/3.7.1/jquery-3.7.1-src.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
diff --git a/src/main/java/io/fusionauth/http/server/HTTPRequestProcessor.java b/src/main/java/io/fusionauth/http/server/HTTPRequestProcessor.java
@@ -15,7 +15,9 @@
  */
 package io.fusionauth.http.server;
 
+import java.io.ByteArrayOutputStream;
 import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
 
 import io.fusionauth.http.HTTPMethod;
 import io.fusionauth.http.HTTPValues.Headers;
@@ -34,8 +36,8 @@
 public class HTTPRequestProcessor {
   private final int bufferSize;
 
-  // TODO : Should this be sized with a configuration parameter?
-  private final StringBuilder builder = new StringBuilder();
+  // Allocate a 4k buffer for starters, it will grow as needed.
+  private final ByteArrayOutputStream byteBuffer = new ByteArrayOutputStream(4096);
 
   private final HTTPServerConfiguration configuration;
 
@@ -78,28 +80,27 @@ public RequestState processBodyBytes() {
 
   public RequestState processPreambleBytes(ByteBuffer buffer) {
     while (buffer.hasRemaining()) {
-      // TODO : Can we get some performance using ByteBuffer rather than StringBuilder here?
 
       // If there is a state transition, store the value properly and reset the builder (if needed)
       byte ch = buffer.get();
       RequestPreambleState nextState = preambleState.next(ch);
       if (nextState != preambleState) {
         switch (preambleState) {
-          case RequestMethod -> request.setMethod(HTTPMethod.of(builder.toString()));
-          case RequestPath -> request.setPath(builder.toString());
-          case RequestProtocol -> request.setProtocol(builder.toString());
-          case HeaderName -> headerName = builder.toString();
-          case HeaderValue -> request.addHeader(headerName, builder.toString());
+          case RequestMethod -> request.setMethod(HTTPMethod.of(byteBuffer.toString(StandardCharsets.UTF_8)));
+          case RequestPath -> request.setPath(byteBuffer.toString(StandardCharsets.UTF_8));
+          case RequestProtocol -> request.setProtocol(byteBuffer.toString(StandardCharsets.UTF_8));
+          case HeaderName -> headerName = byteBuffer.toString(StandardCharsets.UTF_8);
+          case HeaderValue -> request.addHeader(headerName, byteBuffer.toString(StandardCharsets.UTF_8));
         }
 
         // If the next state is storing, reset the builder
         if (nextState.store()) {
-          builder.delete(0, builder.length());
-          builder.appendCodePoint(ch);
+          byteBuffer.reset();
+          byteBuffer.write(ch);
         }
       } else if (preambleState.store()) {
         // If the current state is storing, store the character
-        builder.appendCodePoint(ch);
+        byteBuffer.write(ch);
       }
 
       preambleState = nextState;
diff --git a/src/main/java/io/fusionauth/http/util/HTTPTools.java b/src/main/java/io/fusionauth/http/util/HTTPTools.java
@@ -119,8 +119,10 @@ public static boolean isURICharacter(byte ch) {
     return ch >= '!' && ch <= '~';
   }
 
+  // RFC9110 section-5.5 allows for "obs-text", which includes 0x80-0xFF, but really shouldn't be used.
   public static boolean isValueCharacter(byte ch) {
-    return isURICharacter(ch) || ch == ' ' || ch == '\t' || ch == '\n';
+    int intVal = ch & 0xFF;  // Convert the value into an integer without extending the sign bit.
+    return isURICharacter(ch) || intVal == ' ' || intVal == '\t' || intVal == '\n' || intVal >= 0x80;
   }
 
   /**
diff --git a/src/test/java/io/fusionauth/http/CoreTest.java b/src/test/java/io/fusionauth/http/CoreTest.java
@@ -288,6 +288,53 @@ public void hugeHeaders(String scheme) throws Exception {
     }
   }
 
+
+  @Test()
+  public void utf8HeaderValues() throws Exception {
+    String scheme = "http";
+    String city = "São Paulo";
+
+    HTTPHandler handler = (req, res) -> {
+      res.setHeader(Headers.ContentType, "text/plain");
+      res.setHeader(Headers.ContentLength, "" + ExpectedResponse.length());
+      res.setHeader("X-Response-Header", city);
+      res.setStatus(200);
+
+      try {
+        OutputStream outputStream = res.getOutputStream();
+        outputStream.write(ExpectedResponse.getBytes());
+        outputStream.close();
+      } catch (IOException e) {
+        throw new RuntimeException(e);
+      }
+    };
+
+    // Java HTTPClient only supports ASCII header values, so send it directly
+    try (HTTPServer ignore = makeServer(scheme, handler).start(); Socket sock = new Socket("127.0.0.1", 4242)) {
+      var os = sock.getOutputStream();
+      var is = sock.getInputStream();
+      os.write("""
+          GET /api/status HTTP/1.1\r
+          Host: localhost:42\r
+          X-Foo: São Paulo\r
+          \r
+          """.getBytes(StandardCharsets.UTF_8));
+      os.flush();
+
+      var resp = new String(is.readAllBytes(), StandardCharsets.UTF_8);
+
+      assertEquals(resp, """
+          HTTP/1.1 200 \r
+          content-length: 16\r
+          content-type: text/plain\r
+          connection: keep-alive\r
+          x-response-header: São Paulo\r
+          \r
+          {"version":"42"}""");
+    }
+  }
+
+
   @Test
   public void keepAliveTimeout() {
     AtomicBoolean called = new AtomicBoolean(false);

Original file line number	Diff line number	Diff line change
`@@ -119,8 +119,10 @@ public static boolean isURICharacter(byte ch) {`
`119`	`119`	`return ch >= '!' && ch <= '~';`
`120`	`120`	`}`
`121`	`121`
	`122`	`+ // RFC9110 section-5.5 allows for "obs-text", which includes 0x80-0xFF, but really shouldn't be used.`
`122`	`123`	`public static boolean isValueCharacter(byte ch) {`
`123`		`- return isURICharacter(ch) \|\| ch == ' ' \|\| ch == '\t' \|\| ch == '\n';`
	`124`	`+ int intVal = ch & 0xFF; // Convert the value into an integer without extending the sign bit.`
	`125`	`+ return isURICharacter(ch) \|\| intVal == ' ' \|\| intVal == '\t' \|\| intVal == '\n' \|\| intVal >= 0x80;`
`124`	`126`	`}`
`125`	`127`
`126`	`128`	`/**`