search

cjstehno / ersatz

🤖 A simulated HTTP server for testing client code with configurable responses.
https://cjstehno.github.io/ersatz
Apache License 2.0
47 stars 5 forks source link

Look at replacing fileupload lib #152

Closed cjstehno closed 1 year ago

cjstehno commented 2 years ago

The fileupload library has not been touched in a few years and one of the dependencies is out of date and starting to flag security warnings.

Consider replacing it with:

https://stackoverflow.com/questions/37839418/multipart-form-data-example-using-undertow

All I use it for is parsing multipart request data.

cjstehno commented 2 years ago

Looks like this would mean implementing my own version since the undertow API is very tied to the server itself. It's not all that tough of a spec so maybe not a bad idea. Could base it on the apache library as well for the little gotchas that probably exist or at least use their unit tests. I would also consider pulling it into a separate jar so that it could be excluded when not needed.

cjstehno commented 2 years ago

Some references:

https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.2 https://stackoverflow.com/questions/913626/what-should-a-multipart-http-request-with-multiple-files-look-like

Maybe even just extract the small amount of code I use from FileUpload and bring it in for use.

cjstehno commented 1 year ago

The flagged security issues have been addressed with a release of the library.