From 18058a43b509cf7ba4677d7a4d1f23a41ec9c0a8 Mon Sep 17 00:00:00 2001 From: dilanSachi Date: Mon, 4 Dec 2023 09:58:01 +0530 Subject: [PATCH 1/6] [Automated] Update the native jar versions --- ballerina/Ballerina.toml | 6 +++--- ballerina/CompilerPlugin.toml | 2 +- ballerina/Dependencies.toml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ballerina/Ballerina.toml b/ballerina/Ballerina.toml index c0b542a51c..1a999b248b 100644 --- a/ballerina/Ballerina.toml +++ b/ballerina/Ballerina.toml @@ -1,7 +1,7 @@ [package] org = "ballerina" name = "http" -version = "2.10.4" +version = "2.10.5" authors = ["Ballerina"] keywords = ["http", "network", "service", "listener", "client"] repository = "https://github.com/ballerina-platform/module-ballerina-http" @@ -16,8 +16,8 @@ graalvmCompatible = true [[platform.java17.dependency]] groupId = "io.ballerina.stdlib" artifactId = "http-native" -version = "2.10.4" -path = "../native/build/libs/http-native-2.10.4.jar" +version = "2.10.5" +path = "../native/build/libs/http-native-2.10.5-SNAPSHOT.jar" [[platform.java17.dependency]] groupId = "io.ballerina.stdlib" diff --git a/ballerina/CompilerPlugin.toml b/ballerina/CompilerPlugin.toml index f281c204da..d169504d52 100644 --- a/ballerina/CompilerPlugin.toml +++ b/ballerina/CompilerPlugin.toml @@ -3,4 +3,4 @@ id = "http-compiler-plugin" class = "io.ballerina.stdlib.http.compiler.HttpCompilerPlugin" [[dependency]] -path = "../compiler-plugin/build/libs/http-compiler-plugin-2.10.4.jar" +path = "../compiler-plugin/build/libs/http-compiler-plugin-2.10.5-SNAPSHOT.jar" diff --git a/ballerina/Dependencies.toml b/ballerina/Dependencies.toml index f17306eb50..afcb80ecc4 100644 --- a/ballerina/Dependencies.toml +++ b/ballerina/Dependencies.toml @@ -76,7 +76,7 @@ modules = [ [[package]] org = "ballerina" name = "http" -version = "2.10.4" +version = "2.10.5" dependencies = [ {org = "ballerina", name = "auth"}, {org = "ballerina", name = "cache"}, From b114e02ef1364179df5c85bd88f6260c6aa63343 Mon Sep 17 00:00:00 2001 From: dilanSachi Date: Mon, 4 Dec 2023 12:10:03 +0530 Subject: [PATCH 2/6] [Automated] Update the native jar versions --- ballerina-tests/http-interceptor-tests/Ballerina.toml | 6 +++--- ballerina-tests/http-interceptor-tests/Dependencies.toml | 6 +++--- ballerina-tests/http-test-common/Ballerina.toml | 2 +- ballerina-tests/http-test-common/Dependencies.toml | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/ballerina-tests/http-interceptor-tests/Ballerina.toml b/ballerina-tests/http-interceptor-tests/Ballerina.toml index 0a326c6adc..496a7c0b15 100644 --- a/ballerina-tests/http-interceptor-tests/Ballerina.toml +++ b/ballerina-tests/http-interceptor-tests/Ballerina.toml @@ -1,17 +1,17 @@ [package] org = "ballerina" name = "http_interceptor_tests" -version = "2.10.4" +version = "2.10.5" [[dependency]] org = "ballerina" name = "http_test_common" repository = "local" -version = "2.10.4" +version = "2.10.5" [platform.java17] graalvmCompatible = true [[platform.java17.dependency]] scope = "testOnly" -path = "../../test-utils/build/libs/http-test-utils-2.10.4.jar" +path = "../../test-utils/build/libs/http-test-utils-2.10.5-SNAPSHOT.jar" diff --git a/ballerina-tests/http-interceptor-tests/Dependencies.toml b/ballerina-tests/http-interceptor-tests/Dependencies.toml index 73259210ab..9255587af4 100644 --- a/ballerina-tests/http-interceptor-tests/Dependencies.toml +++ b/ballerina-tests/http-interceptor-tests/Dependencies.toml @@ -66,7 +66,7 @@ dependencies = [ [[package]] org = "ballerina" name = "http" -version = "2.10.4" +version = "2.10.5" scope = "testOnly" dependencies = [ {org = "ballerina", name = "auth"}, @@ -99,7 +99,7 @@ modules = [ [[package]] org = "ballerina" name = "http_interceptor_tests" -version = "2.10.4" +version = "2.10.5" dependencies = [ {org = "ballerina", name = "http"}, {org = "ballerina", name = "http_test_common"}, @@ -115,7 +115,7 @@ modules = [ [[package]] org = "ballerina" name = "http_test_common" -version = "2.10.4" +version = "2.10.5" scope = "testOnly" dependencies = [ {org = "ballerina", name = "lang.string"}, diff --git a/ballerina-tests/http-test-common/Ballerina.toml b/ballerina-tests/http-test-common/Ballerina.toml index a1cd6aa6cd..8a9e9b671f 100644 --- a/ballerina-tests/http-test-common/Ballerina.toml +++ b/ballerina-tests/http-test-common/Ballerina.toml @@ -1,4 +1,4 @@ [package] org = "ballerina" name = "http_test_common" -version = "2.10.4" +version = "2.10.5" diff --git a/ballerina-tests/http-test-common/Dependencies.toml b/ballerina-tests/http-test-common/Dependencies.toml index 810e229a31..d347a64fac 100644 --- a/ballerina-tests/http-test-common/Dependencies.toml +++ b/ballerina-tests/http-test-common/Dependencies.toml @@ -10,7 +10,7 @@ distribution-version = "2201.8.0" [[package]] org = "ballerina" name = "http_test_common" -version = "2.10.4" +version = "2.10.5" dependencies = [ {org = "ballerina", name = "lang.string"}, {org = "ballerina", name = "mime"}, From dd64d168c7e8458af5f9214f0ae07fc1270ee465 Mon Sep 17 00:00:00 2001 From: dilanSachi Date: Mon, 4 Dec 2023 12:19:32 +0530 Subject: [PATCH 3/6] Add empty auth header check --- .../java/io/ballerina/stdlib/http/api/HttpDispatcher.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/native/src/main/java/io/ballerina/stdlib/http/api/HttpDispatcher.java b/native/src/main/java/io/ballerina/stdlib/http/api/HttpDispatcher.java index 282c61c678..fb2df985ea 100644 --- a/native/src/main/java/io/ballerina/stdlib/http/api/HttpDispatcher.java +++ b/native/src/main/java/io/ballerina/stdlib/http/api/HttpDispatcher.java @@ -490,6 +490,10 @@ public void notifyFailure(BError bError) { } }; + String[] splitValues = authHeader.split(WHITESPACE); + if (splitValues.length != 2) { + return null; + } String jwtValue = authHeader.split(WHITESPACE)[1]; runtime.invokeMethodAsyncSequentially( ValueCreator.createObjectValue(ModuleUtils.getHttpPackage(), JWT_DECODER_CLASS_NAME), From 03de640777b23bfd2d3964d4dd2eef94173e6621 Mon Sep 17 00:00:00 2001 From: dilanSachi Date: Mon, 4 Dec 2023 12:19:39 +0530 Subject: [PATCH 4/6] Add a test case --- .../tests/interceptors_basic_tests.bal | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/ballerina-tests/http-interceptor-tests/tests/interceptors_basic_tests.bal b/ballerina-tests/http-interceptor-tests/tests/interceptors_basic_tests.bal index d29c452f88..d3ce85c5a2 100644 --- a/ballerina-tests/http-interceptor-tests/tests/interceptors_basic_tests.bal +++ b/ballerina-tests/http-interceptor-tests/tests/interceptors_basic_tests.bal @@ -574,6 +574,7 @@ service http:InterceptableService /requestInterceptorJwtInformation on new http: @test:Config{} function testJwtInformationInRequestContext() returns error? { + reqCtxJwtValues = []; http:Client jwtClient = check new("https://localhost:" + jwtInformationInReqCtxtTestPort.toString(), secureSocket = { cert: common:CERT_FILE @@ -602,6 +603,19 @@ function testJwtInformationInRequestContext() returns error? { test:assertEquals(reqCtxJwtValues[1]["scp"], "admin"); } +@test:Config{} +function testEmptyJwtInformationInRequestContext() returns error? { + reqCtxJwtValues = []; + http:Client jwtClient = check new("https://localhost:" + jwtInformationInReqCtxtTestPort.toString(), + secureSocket = { + cert: common:CERT_FILE + }); + http:Response response = check jwtClient->get("/requestInterceptorJwtInformation", {"authorization": "Basic "}); + test:assertEquals(response.statusCode, 500); + check common:assertJsonErrorPayload(check response.getJsonPayload(), "no member found for key: JWT_INFORMATION", + "Internal Server Error", 500, "/requestInterceptorJwtInformation", "GET"); +} + @test:Config{} function testJwtInformationDecodeErrorInRequestContext() returns error? { http:Client jwtClient = check new("https://localhost:" + jwtInformationInReqCtxtTestPort.toString(), From db27f571196331b3fe3680c243e22929dc7a9c4a Mon Sep 17 00:00:00 2001 From: dilanSachi Date: Tue, 5 Dec 2023 09:53:02 +0530 Subject: [PATCH 5/6] Update changelog.md --- changelog.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/changelog.md b/changelog.md index cbcddffc1e..07b11afcda 100644 --- a/changelog.md +++ b/changelog.md @@ -5,6 +5,11 @@ This file contains all the notable changes done to the Ballerina HTTP package th The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## Unreleased + +### Fixed +- [Fix `IndexOutOfBoundsException` when decoding jwt header](https://github.com/ballerina-platform/ballerina-library/issues/5856) + ## [2.10.4] - 2023-11-17 ### Fixed From d3833f355f297e14cfb1ee6efc9106b5c084ec2c Mon Sep 17 00:00:00 2001 From: dilanSachi Date: Tue, 5 Dec 2023 09:56:25 +0530 Subject: [PATCH 6/6] Remove redundant split --- .../main/java/io/ballerina/stdlib/http/api/HttpDispatcher.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/native/src/main/java/io/ballerina/stdlib/http/api/HttpDispatcher.java b/native/src/main/java/io/ballerina/stdlib/http/api/HttpDispatcher.java index fb2df985ea..dba6f94b81 100644 --- a/native/src/main/java/io/ballerina/stdlib/http/api/HttpDispatcher.java +++ b/native/src/main/java/io/ballerina/stdlib/http/api/HttpDispatcher.java @@ -494,7 +494,6 @@ public void notifyFailure(BError bError) { if (splitValues.length != 2) { return null; } - String jwtValue = authHeader.split(WHITESPACE)[1]; runtime.invokeMethodAsyncSequentially( ValueCreator.createObjectValue(ModuleUtils.getHttpPackage(), JWT_DECODER_CLASS_NAME), JWT_DECODE_METHOD_NAME, @@ -503,7 +502,7 @@ public void notifyFailure(BError bError) { decodeCallback, null, PredefinedTypes.TYPE_ANY, - StringUtils.fromString(jwtValue), + StringUtils.fromString(splitValues[1]), true); try { countDownLatch.await();