Merge pull request #1918 from fl4via/backport-fixes_2.2.x

[UNDERTOW-2713 / 2667 / 2654 / 2689 / 2698 / 2688] Backport fixes and enhancements to 2.2.x

Author: fl4via

CONTRIBUTING.md

@@ -220,4 +220,13 @@ Only then, you can push it to origin. If you edited a commit that was already in
 
 ```bash
 git push origin --force UNDERTOW-XXXX-my_cool_feature
-```
+```
+
+#### Legal
+
+All contributions to this repository are licensed under the Apache License, version 2.0 or later, or, if another license is specified as governing the file or directory being modified, such other license.
+
+All contributions are subject to the Developer Certificate of Origin (DCO). The DCO text is also included verbatim in the dco.txt file in the root directory of the repository.
+Compliance with Laws and Regulations
+
+All contributions must comply with applicable laws and regulations, including U.S. export control and sanctions restrictions. For background, see the Linux Foundation’s guidance: Navigating Global Regulations and Open Source: US OFAC Sanctions.

core/pom.xml

@@ -42,6 +42,7 @@
         <https>false</https>
         <openssl>false</openssl>
         <test.ipv6>false</test.ipv6>
+        <test.long.runners>true</test.long.runners>
         <bufferSize>8192</bufferSize>
         <libraryPath></libraryPath>
         <java.library.path></java.library.path>
@@ -108,7 +109,7 @@
             <artifactId>junit</artifactId>
             <scope>test</scope>
         </dependency>
-        
+
         <dependency>
             <groupId>org.apache.directory.server</groupId>
             <artifactId>apacheds-all</artifactId>
@@ -245,6 +246,7 @@
                         <test.https>${https}</test.https>
                         <test.openssl>${openssl}</test.openssl>
                         <test.bufferSize>${bufferSize}</test.bufferSize>
+                        <test.long.runners>${test.long.runners}</test.long.runners>
                         <default.server.address>localhost</default.server.address>
                         <default.server.port>7777</default.server.port>
                         <java.util.logging.manager>org.jboss.logmanager.LogManager</java.util.logging.manager>
@@ -260,7 +262,17 @@
     </build>
 
     <profiles>
-
+      <profile>
+          <id>disable.long.runners</id>
+          <activation>
+                <property>
+                    <name>dlr</name>
+                </property>
+            </activation>
+          <properties>
+              <test.long.runners>false</test.long.runners>
+          </properties>
+      </profile>
         <profile>
             <id>mac</id>
             <activation>

core/src/main/java/io/undertow/client/http2/Http2ClientExchange.java

@@ -36,6 +36,7 @@
 import io.undertow.util.AbstractAttachable;
 import io.undertow.util.HeaderMap;
 import io.undertow.util.Protocols;
+import io.undertow.util.StatusCodes;
 
 /**
  * @author Stuart Douglas
@@ -140,6 +141,6 @@ ClientResponse createResponse(Http2StreamSourceChannel result) {
         final String status = result.getHeaders().getFirst(Http2Channel.STATUS);
         int statusCode = Integer.parseInt(status);
         headers.remove(Http2Channel.STATUS);
-        return new ClientResponse(statusCode, status.substring(3), Protocols.HTTP_2_0, headers);
+        return new ClientResponse(statusCode, StatusCodes.getReason(statusCode), Protocols.HTTP_2_0, headers);
     }
 }

core/src/main/java/io/undertow/server/handlers/proxy/ProxyHandler.java

@@ -70,6 +70,7 @@
 import javax.net.ssl.SSLPeerUnverifiedException;
 import java.io.Closeable;
 import java.io.IOException;
+import java.net.Inet6Address;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.nio.channels.Channel;
@@ -577,7 +578,11 @@ public void run() {
 
             if(rewriteHostHeader) {
                 InetSocketAddress targetAddress = clientConnection.getConnection().getPeerAddress(InetSocketAddress.class);
-                request.getRequestHeaders().put(Headers.HOST, targetAddress.getHostString() + ":" + targetAddress.getPort());
+                if(targetAddress.getAddress() instanceof Inet6Address) {
+                    request.getRequestHeaders().put(Headers.HOST, NetworkUtils.formatPossibleIpv6Address(targetAddress.getHostString()) + ":" + targetAddress.getPort());
+                } else {
+                    request.getRequestHeaders().put(Headers.HOST, targetAddress.getHostString() + ":" + targetAddress.getPort());
+                }
                 request.getRequestHeaders().put(Headers.X_FORWARDED_HOST, exchange.getRequestHeaders().getFirst(Headers.HOST));
             }
             if(log.isDebugEnabled()) {
@@ -728,6 +733,7 @@ public void completed(final ClientExchange result) {
             final HeaderMap inboundResponseHeaders = response.getResponseHeaders();
             final HeaderMap outboundResponseHeaders = exchange.getResponseHeaders();
             exchange.setStatusCode(response.getResponseCode());
+            exchange.setReasonPhrase(response.getStatus());
             copyHeaders(exchange, outboundResponseHeaders, inboundResponseHeaders);
 
             if (exchange.isUpgrade()) {

core/src/main/java/io/undertow/server/protocol/http2/Http2ServerConnection.java

@@ -89,8 +89,6 @@
  */
 public class Http2ServerConnection extends ServerConnection {
 
-    private static final HttpString STATUS = new HttpString(":status");
-
     private final Http2Channel channel;
     private final Http2StreamSourceChannel requestChannel;
     private final Http2DataStreamSinkChannel responseChannel;
@@ -193,7 +191,7 @@ public StreamSinkConduit wrap(ConduitFactory<StreamSinkConduit> factory, HttpSer
 
                 HeaderMap headers = newExchange.getResponseHeaders();
                 DateUtils.addDateHeaderIfRequired(exchange);
-                headers.add(STATUS, exchange.getStatusCode());
+                headers.add(Http2Channel.STATUS, exchange.getStatusCode());
                 Connectors.flattenCookies(exchange);
                 Http2HeadersStreamSinkChannel sink = new Http2HeadersStreamSinkChannel(channel, requestChannel.getStreamId(), headers);
 
@@ -333,7 +331,7 @@ protected ConduitStreamSourceChannel getSourceChannel() {
     protected StreamSinkConduit getSinkConduit(HttpServerExchange exchange, StreamSinkConduit conduit) {
         HeaderMap headers = responseChannel.getHeaders();
         DateUtils.addDateHeaderIfRequired(exchange);
-        headers.add(STATUS, exchange.getStatusCode());
+        headers.add(Http2Channel.STATUS, exchange.getStatusCode());
         Connectors.flattenCookies(exchange);
         if(!Connectors.isEntityBodyAllowed(exchange)) {
             //we are not allowed to send an entity body for some requests

core/src/main/java/io/undertow/util/ByteRange.java

@@ -85,7 +85,7 @@ public static ByteRange parse(String rangeHeader) {
                     //represents the last N bytes
                     //internally we represent this using a -1 as the start position
                     long val = Long.parseLong(part.substring(1));
-                    if(val < 0) {
+                    if(val <= 0) {
                         UndertowLogger.REQUEST_LOGGER.debugf("Invalid range spec %s", rangeHeader);
                         return null;
                     }
@@ -132,9 +132,15 @@ public RangeResponseResult getResponseResult(final long resourceContentLength, S
         long end = getEnd(0);
         long rangeLength;
         if(ifRange != null && !ifRange.isEmpty()) {
+            // RFC 9110 requires strong comparison for If-Range
+            // Weak ETags (W/"...") should not match
+            if(ifRange.length() > 2 && ifRange.startsWith("W/")){
+                return null;
+            }
+
             if(ifRange.charAt(0) == '"') {
                 //entity tag
-                if(eTag != null && !eTag.equals(ifRange)) {
+                if(eTag == null || !eTag.equals(ifRange)) {
                     return null;
                 }
             } else {

core/src/test/java/io/undertow/server/handlers/PreseverStatusTestCase.java

@@ -0,0 +1,69 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2025 Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package io.undertow.server.handlers;
+
+import java.io.IOException;
+import java.util.concurrent.ExecutionException;
+
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import io.undertow.server.HttpHandler;
+import io.undertow.server.HttpServerExchange;
+import io.undertow.testutils.DefaultServer;
+import io.undertow.testutils.HttpOneOnly;
+import io.undertow.testutils.TestHttpClient;
+import io.undertow.util.StatusCodes;
+
+@RunWith(DefaultServer.class)
+@HttpOneOnly // Http2 does NOT have way to transfer status: https://httpwg.org/specs/rfc7540.html#rfc.section.8.1.2.4
+             // https://www.rfc-editor.org/rfc/rfc9113.html#name-response-pseudo-header-fiel
+public class PreseverStatusTestCase {
+    private static final String CUSTOM_REASON = "Its just a flesh wound";
+
+    @Before
+    public void setup() {
+
+        DefaultServer.setRootHandler(new BlockingHandler(new HttpHandler() {
+
+            @Override
+            public void handleRequest(HttpServerExchange exchange) throws Exception {
+                exchange.setStatusCode(StatusCodes.TOO_MANY_REQUESTS);
+                exchange.setReasonPhrase(CUSTOM_REASON);
+            }}));
+    }
+
+    @Test
+    public void testWindowSliding() throws ExecutionException, InterruptedException {
+        TestHttpClient client = new TestHttpClient();
+        try {
+            HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL());
+            HttpResponse result = client.execute(get);
+            Assert.assertEquals(StatusCodes.TOO_MANY_REQUESTS, result.getStatusLine().getStatusCode());
+            Assert.assertEquals(CUSTOM_REASON, result.getStatusLine().getReasonPhrase());
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        } finally {
+            client.getConnectionManager().shutdown();
+        }
+    }
+}

core/src/test/java/io/undertow/server/handlers/RangeRequestTestCase.java

@@ -265,6 +265,16 @@ public void runTest(String path, boolean etag) throws IOException, InterruptedEx
                 response = EntityUtils.toString(result.getEntity());
                 Assert.assertEquals("0123456789", response);
                 Assert.assertNull(result.getFirstHeader(Headers.CONTENT_RANGE_STRING));
+
+                // Test weak ETag in If-Range - should return full content (RFC 9110 requires strong comparison)
+                get = new HttpGet(DefaultServer.getDefaultServerURL() + path);
+                get.addHeader(Headers.RANGE_STRING, "bytes=2-3");
+                get.addHeader(Headers.IF_RANGE_STRING, "W/\"someetag\"");
+                result = client.execute(get);
+                Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
+                response = EntityUtils.toString(result.getEntity());
+                Assert.assertEquals("0123456789", response);
+                Assert.assertNull(result.getFirstHeader(Headers.CONTENT_RANGE_STRING));
             }
         } finally {
             client.getConnectionManager().shutdown();

core/src/test/java/io/undertow/server/handlers/proxy/ProxyHandlerXForwardedForTestCase.java

@@ -3,6 +3,7 @@
 import static io.undertow.Handlers.jvmRoute;
 import static io.undertow.Handlers.path;
 
+import java.net.InetAddress;
 import java.net.URI;
 
 import org.apache.http.HttpResponse;
@@ -197,6 +198,14 @@ public void testRewriteHostHeader() throws Exception {
             Assert.assertEquals("http", result.getFirstHeader(Headers.X_FORWARDED_PROTO.toString()).getValue());
             Assert.assertEquals(String.format("%s:%d", DefaultServer.getHostAddress(), port), result.getFirstHeader(Headers.X_FORWARDED_HOST.toString()).getValue());
             Assert.assertEquals(DefaultServer.getDefaultServerAddress().getAddress().getHostAddress(), result.getFirstHeader(Headers.X_FORWARDED_FOR.toString()).getValue());
+            final String resultHostHeader = result.getFirstHeader(Headers.HOST_STRING).getValue();
+            final int lastInd = resultHostHeader.lastIndexOf(":"); //ipv6 will have more :, we cant split on it.
+            Assert.assertNotEquals(-1, lastInd);
+            final String[] parts = new String[] {resultHostHeader.substring(0,lastInd), resultHostHeader.substring(lastInd+1)};
+            final InetAddress resultAddress = InetAddress.getByName(parts[0]);
+            final InetAddress hostAddress = DefaultServer.getDefaultServerAddress().getAddress();
+            Assert.assertEquals(hostAddress.toString(), resultAddress.toString());
+            Assert.assertEquals(handlerPort+"", parts[1]);
 
         } finally {
             client.getConnectionManager().shutdown();
@@ -240,6 +249,9 @@ public void handleRequest(final HttpServerExchange exchange) throws Exception {
 
             if (exchange.getRequestHeaders().contains(Headers.X_FORWARDED_PORT))
                 exchange.getResponseHeaders().put(Headers.X_FORWARDED_PORT, exchange.getRequestHeaders().getFirst(Headers.X_FORWARDED_PORT));
+
+            if (exchange.getRequestHeaders().contains(Headers.HOST))
+                exchange.getResponseHeaders().put(Headers.HOST, exchange.getRequestHeaders().getFirst(Headers.HOST));
         }
     }
 }

core/src/test/java/io/undertow/testutils/DefaultServer.java

@@ -208,6 +208,7 @@ public class DefaultServer extends BlockJUnit4ClassRunner {
     private static final boolean single = Boolean.getBoolean("test.single");
     private static final boolean openssl = Boolean.getBoolean("test.openssl");
     private static final boolean ipv6 = Boolean.getBoolean("test.ipv6");
+    private static final boolean testLongRunners = Boolean.getBoolean("test.long.runners");
     private static final int runs = Integer.getInteger("test.runs", 1);
 
     private static final DelegatingHandler rootHandler = new DelegatingHandler();
@@ -725,6 +726,18 @@ protected void runChild(FrameworkMethod method, RunNotifier notifier) {
                 return;
             }
         }
+
+        if(!testLongRunners) {
+            IgnoreLongRunning ignoreLongRunners = method.getAnnotation(IgnoreLongRunning.class);
+            if (ignoreLongRunners == null) {
+                ignoreLongRunners = method.getMethod().getDeclaringClass().getAnnotation(IgnoreLongRunning.class);
+            }
+
+            if(ignoreLongRunners != null) {
+                notifier.fireTestIgnored(describeChild(method));
+                return;
+            }
+        }
         try {
             if (runs > 1) {
                 Statement statement = methodBlock(method);