Oleg, > StandardMethods.TRACE.name <http://standardmethods.trace.name/>() + "requests may not include an entity."
I think you are missing a space before "request": StandardMethods.TRACE.name <http://standardmethods.trace.name/>() + " requests may not include an entity." Gary On Wed, Apr 10, 2019 at 1:20 PM <[email protected]> wrote: > This is an automated email from the ASF dual-hosted git repository. > > olegk pushed a commit to branch HTTPCLIENT-1981 > in repository > https://gitbox.apache.org/repos/asf/httpcomponents-client.git > > commit 63a6bd760ec1ec1f8daa6faf5a669aee3da3a06e > Author: Jay Modi <jay at elastic dot com> > AuthorDate: Wed Apr 10 19:13:12 2019 +0200 > > HTTPCLIENT-1981: disallow TRACE requests with an enclosed entity > --- > .../http/async/methods/AsyncRequestBuilder.java | 5 +++ > .../hc/client5/http/classic/methods/HttpTrace.java | 7 ++++ > .../http/classic/methods/RequestBuilder.java | 5 +++ > .../async/methods/TestAsyncRequestBuilder.java} | 39 > +++++----------------- > .../http/classic/methods/TestHttpTrace.java} | 35 > ++++--------------- > .../http/classic/methods/TestRequestBuilder.java | 7 ++++ > 6 files changed, 39 insertions(+), 59 deletions(-) > > diff --git > a/httpclient5/src/main/java/org/apache/hc/client5/http/async/methods/AsyncRequestBuilder.java > b/httpclient5/src/main/java/org/apache/hc/client5/http/async/methods/AsyncRequestBuilder.java > index 97c567b..59d332e 100644 > --- > a/httpclient5/src/main/java/org/apache/hc/client5/http/async/methods/AsyncRequestBuilder.java > +++ > b/httpclient5/src/main/java/org/apache/hc/client5/http/async/methods/AsyncRequestBuilder.java > @@ -430,6 +430,11 @@ public class AsyncRequestBuilder { > } > } > } > + > + if (entityProducerCopy != null && > StandardMethods.TRACE.name().equalsIgnoreCase(method)) > { > + throw new IllegalStateException(StandardMethods.TRACE.name() > + "requests may not include an entity."); > + } > + > final ConfigurableHttpRequest request = host != null ? > new ConfigurableHttpRequest(method, host, > !TextUtils.isBlank(path) ? path : "/") : > new ConfigurableHttpRequest(method, uri != null ? uri : > URI.create("/")); > diff --git > a/httpclient5/src/main/java/org/apache/hc/client5/http/classic/methods/HttpTrace.java > b/httpclient5/src/main/java/org/apache/hc/client5/http/classic/methods/HttpTrace.java > index 17092a1..a937ba2 100644 > --- > a/httpclient5/src/main/java/org/apache/hc/client5/http/classic/methods/HttpTrace.java > +++ > b/httpclient5/src/main/java/org/apache/hc/client5/http/classic/methods/HttpTrace.java > @@ -29,6 +29,8 @@ package org.apache.hc.client5.http.classic.methods; > > import java.net.URI; > > +import org.apache.hc.core5.http.HttpEntity; > + > /** > * HTTP TRACE method. > * > @@ -60,4 +62,9 @@ public class HttpTrace extends HttpUriRequestBase { > this(URI.create(uri)); > } > > + @Override > + public void setEntity(final HttpEntity entity) { > + throw new IllegalStateException(METHOD_NAME + " requests may not > include an entity."); > + } > + > } > diff --git > a/httpclient5/src/main/java/org/apache/hc/client5/http/classic/methods/RequestBuilder.java > b/httpclient5/src/main/java/org/apache/hc/client5/http/classic/methods/RequestBuilder.java > index 4a3572a..6a70bc6 100644 > --- > a/httpclient5/src/main/java/org/apache/hc/client5/http/classic/methods/RequestBuilder.java > +++ > b/httpclient5/src/main/java/org/apache/hc/client5/http/classic/methods/RequestBuilder.java > @@ -482,6 +482,11 @@ public class RequestBuilder { > } > } > } > + > + if (entityCopy != null && > StandardMethods.TRACE.name().equalsIgnoreCase(method)) > { > + throw new IllegalStateException(StandardMethods.TRACE.name() > + "requests may not include an entity."); > + } > + > final HttpUriRequestBase result = new HttpUriRequestBase(method, > uriNotNull); > result.setVersion(this.version != null ? this.version : > HttpVersion.HTTP_1_1); > if (this.headerGroup != null) { > diff --git > a/httpclient5/src/main/java/org/apache/hc/client5/http/classic/methods/HttpTrace.java > b/httpclient5/src/test/java/org/apache/hc/client5/http/async/methods/TestAsyncRequestBuilder.java > similarity index 59% > copy from > httpclient5/src/main/java/org/apache/hc/client5/http/classic/methods/HttpTrace.java > copy to > httpclient5/src/test/java/org/apache/hc/client5/http/async/methods/TestAsyncRequestBuilder.java > index 17092a1..cb1e5e9 100644 > --- > a/httpclient5/src/main/java/org/apache/hc/client5/http/classic/methods/HttpTrace.java > +++ > b/httpclient5/src/test/java/org/apache/hc/client5/http/async/methods/TestAsyncRequestBuilder.java > @@ -25,39 +25,18 @@ > * > */ > > -package org.apache.hc.client5.http.classic.methods; > +package org.apache.hc.client5.http.async.methods; > > -import java.net.URI; > +import org.apache.hc.core5.http.nio.entity.BasicAsyncEntityProducer; > +import org.junit.Test; > > -/** > - * HTTP TRACE method. > - * > - * @since 4.0 > - */ > -public class HttpTrace extends HttpUriRequestBase { > - > - private static final long serialVersionUID = 1L; > - > - public final static String METHOD_NAME = "TRACE"; > - > - /** > - * Creates a new instance initialized with the given URI. > - * > - * @param uri a non-null request URI. > - * @throws IllegalArgumentException if the uri is null. > - */ > - public HttpTrace(final URI uri) { > - super(METHOD_NAME, uri); > - } > +public class TestAsyncRequestBuilder { > > - /** > - * Creates a new instance initialized with the given URI. > - * > - * @param uri a non-null request URI. > - * @throws IllegalArgumentException if the uri is invalid. > - */ > - public HttpTrace(final String uri) { > - this(URI.create(uri)); > + @Test(expected = IllegalStateException.class) > + public void testBuildTraceWithEntity() { > + final AsyncRequestBuilder builder = > AsyncRequestBuilder.create("TRACE").setUri("/path"); > + builder.setEntity(new BasicAsyncEntityProducer("stuff")); > + builder.build(); > } > > } > diff --git > a/httpclient5/src/main/java/org/apache/hc/client5/http/classic/methods/HttpTrace.java > b/httpclient5/src/test/java/org/apache/hc/client5/http/classic/methods/TestHttpTrace.java > similarity index 62% > copy from > httpclient5/src/main/java/org/apache/hc/client5/http/classic/methods/HttpTrace.java > copy to > httpclient5/src/test/java/org/apache/hc/client5/http/classic/methods/TestHttpTrace.java > index 17092a1..27089d2 100644 > --- > a/httpclient5/src/main/java/org/apache/hc/client5/http/classic/methods/HttpTrace.java > +++ > b/httpclient5/src/test/java/org/apache/hc/client5/http/classic/methods/TestHttpTrace.java > @@ -27,37 +27,14 @@ > > package org.apache.hc.client5.http.classic.methods; > > -import java.net.URI; > +import org.junit.Test; > > -/** > - * HTTP TRACE method. > - * > - * @since 4.0 > - */ > -public class HttpTrace extends HttpUriRequestBase { > - > - private static final long serialVersionUID = 1L; > - > - public final static String METHOD_NAME = "TRACE"; > - > - /** > - * Creates a new instance initialized with the given URI. > - * > - * @param uri a non-null request URI. > - * @throws IllegalArgumentException if the uri is null. > - */ > - public HttpTrace(final URI uri) { > - super(METHOD_NAME, uri); > - } > +public class TestHttpTrace { > > - /** > - * Creates a new instance initialized with the given URI. > - * > - * @param uri a non-null request URI. > - * @throws IllegalArgumentException if the uri is invalid. > - */ > - public HttpTrace(final String uri) { > - this(URI.create(uri)); > + @Test(expected = IllegalStateException.class) > + public void testHttpTraceSetEntity() { > + final HttpTrace httpTrace = new HttpTrace("/path"); > + httpTrace.setEntity(null); > } > > } > diff --git > a/httpclient5/src/test/java/org/apache/hc/client5/http/classic/methods/TestRequestBuilder.java > b/httpclient5/src/test/java/org/apache/hc/client5/http/classic/methods/TestRequestBuilder.java > index f121933..b6789c2 100644 > --- > a/httpclient5/src/test/java/org/apache/hc/client5/http/classic/methods/TestRequestBuilder.java > +++ > b/httpclient5/src/test/java/org/apache/hc/client5/http/classic/methods/TestRequestBuilder.java > @@ -264,6 +264,13 @@ public class TestRequestBuilder { > assertBuild(StandardCharsets.ISO_8859_1); > } > > + @Test(expected = IllegalStateException.class) > + public void testBuildTraceWithEntity() { > + final RequestBuilder requestBuilder = > RequestBuilder.create("TRACE").setUri("/path"); > + requestBuilder.setEntity(new StringEntity("foo")); > + requestBuilder.build(); > + } > + > private void assertBuild(final Charset charset) throws Exception { > final RequestBuilder requestBuilder = > RequestBuilder.create("GET").setCharset(charset); > requestBuilder.setUri("https://somehost.com/stuff";); > >
