search

timsbiomed / issues

TIMS issue tracker.
https://github.com/orgs/timsbiomed/projects/9/views/1
1 stars 0 forks source link

Server crashes when invalid chars in URL #61

Open joeflack4 opened 2 years ago

joeflack4 commented 2 years ago

Overview

I was just doing an ad hoc query in the address bar of my browser; didn't remember if this was the valid way to do it, but didn't expect a crash either.

I tried: http://20.119.216.32:8000/r4/CodeSystem?_summary=true?system=http://snomed.org

Error message

Short err: Error parsing HTTP request header java.lang.IllegalArgumentException: Invalid character found in method name

Full log:

Oct  2 21:28:45 HAPI-N3C-Ubuntu timsts[85298]: 2022-10-02 21:28:45.023 [http-nio-0.0.0.0-8000-exec-7] INFO  o.a.coyote.http11.Http11Processor [DirectJDKLog.java:175] Error parsing HTTP request header
Oct  2 21:28:45 HAPI-N3C-Ubuntu timsts[85298]:  Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
Oct  2 21:28:45 HAPI-N3C-Ubuntu timsts[85298]: java.lang.IllegalArgumentException: Invalid character found in method name [0x160x030x010x00u0x010x000x00q0x030x030x98${0xe40x880x010xfb0xfb0xe90x11Rb0xfa0xb8'O70xae0x87|.^0x12"0xb3BG0x920x82c0x860xbc0x000x000x1a0xc0/0xc0+0xc00x110xc00x070xc00x130xc00x090xc00x140xc00x0a0x000x050x00/0x0050xc00x120x000x0a0x010x000x00.0x000x050x000x050x010x000x000x000x000x000x0a0x000x080x000x060x000x170x000x180x000x190x000x0b0x000x020x010x000x000x0d0x000x0a0x000x080x040x010x040x030x020x010x020x030xff0x010x000x010x00...]. HTTP method names must be tokens
Oct  2 21:28:45 HAPI-N3C-Ubuntu timsts[85298]: #011at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:419)
Oct  2 21:28:45 HAPI-N3C-Ubuntu timsts[85298]: #011at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:269)
Oct  2 21:28:45 HAPI-N3C-Ubuntu timsts[85298]: #011at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
Oct  2 21:28:45 HAPI-N3C-Ubuntu timsts[85298]: #011at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:895)
Oct  2 21:28:45 HAPI-N3C-Ubuntu timsts[85298]: #011at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1732)
Oct  2 21:28:45 HAPI-N3C-Ubuntu timsts[85298]: #011at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
Oct  2 21:28:45 HAPI-N3C-Ubuntu timsts[85298]: #011at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
Oct  2 21:28:45 HAPI-N3C-Ubuntu timsts[85298]: #011at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
Oct  2 21:28:45 HAPI-N3C-Ubuntu timsts[85298]: #011at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
Oct  2 21:28:45 HAPI-N3C-Ubuntu timsts[85298]: #011at java.base/java.lang.Thread.run(Thread.java:833)

Additional info

I see that swagger does the character conversion for us. This is what it gave me:

http://20.119.216.32:8000/r4/CodeSystem?system=http%3A%2F%2Fsnomed.org

chrisroederucdenver commented 2 years ago

from a bash shell, curl works when you quote the URL. I can't remember if powershell has curl on it. You could also try a linux subsystem.

joeflack4 commented 2 years ago

That's a good suggestion. Still want to take note of this case, just in case a user does this. Honestly I'll probably run into this issue as well especially when I want to demonstrate something to someone. This is really a HAPI issue that ideally they would fix, not us.

chrisroederucdenver commented 2 years ago

I'd guess it's a URL encoding thing and not a HAPI thing. The slashes and colon are reserved in URL.

joeflack4 commented 2 years ago

What I mean is, the code within our codebase which parses out these URLs (and is resulting in Error parsing HTTP request header, java.lang.IllegalArgumentException: Invalid character found in method name) is likely HAPI source code or from a library being imported from within the HAPI source code, not anything that Shahim has written on top of that (I haven't written any Java for this project; at least not yet).

chrisroederucdenver commented 2 years ago

Did you dig deep enough to see what URL was received? (I haven't)

joeflack4 commented 2 years ago

Nope, but there's a pretty high probability that the invalid character is the /, I would say.

chrisroederucdenver commented 1 year ago

BTW, "crash" in my world means the server goes down and quits responding to requests, needs to be restarted. Is this just an error on that one request?

joeflack4 commented 1 year ago

I think it did go down, but it's been too long for me to remember. This may have been fixed by Shahim already. Not going to give it a go right at this moment, but I suppose easily check and see if this still happens.