Merge branch 'main' into 976-query-params-not-urldecoded

Author: deki

.github/dependabot.yml

@@ -18,6 +18,9 @@ updates:
       slf4j:
         patterns:
           - "org.slf4j:*"
+      jackson:
+        patterns:
+          - "com.fasterxml.jackson.*:*"
       log4j:
         patterns:
           - "org.apache.logging.log4j:*"
@@ -36,7 +39,7 @@ updates:
     groups:
       jersey:
         patterns:
-          - "org.glassfish.jersey:*"
+          - "org.glassfish.jersey.*:*"
       spring:
         patterns:
           - "org.springframework:*"
@@ -46,5 +49,8 @@ updates:
       log4j:
         patterns:
           - "org.apache.logging.log4j:*"
+      jackson:
+        patterns:
+          - "com.fasterxml.jackson.*:*"
     schedule:
       interval: "weekly"

.github/workflows/continuous-integration-workflow.yml

@@ -79,6 +79,8 @@ jobs:
         run: ./gha_build.sh springboot3 false false -Dspringboot.version=3.1.12 -Dspring.version=6.0.21 -Dspringsecurity.version=6.1.9 -Ddependency-check.skip=true
       - name: Build with Spring Boot 3.2.x
         run: ./gha_build.sh springboot3 false false -Dspringboot.version=3.2.7 -Dspring.version=6.1.10 -Dspringsecurity.version=6.2.5 -Ddependency-check.skip=true
+      - name: Build with Spring Boot 3.3.x
+        run: ./gha_build.sh springboot3 false false -Dspringboot.version=3.3.6 -Dspring.version=6.1.15 -Dspringsecurity.version=6.3.5 -Ddependency-check.skip=true
 
 # temporarily disabled as Struts is not released at the moment
 #  build_struts2:

aws-serverless-java-container-core/pom.xml

@@ -60,7 +60,7 @@
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-web</artifactId>
-            <version>6.3.4</version>
+            <version>6.4.1</version>
             <scope>test</scope>
         </dependency>
     </dependencies>

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/HttpUtils.java

@@ -0,0 +1,68 @@
+package com.amazonaws.serverless.proxy.internal;
+
+import org.apache.commons.io.Charsets;
+
+import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
+import java.nio.charset.UnsupportedCharsetException;
+
+public final class HttpUtils {
+
+    static final String HEADER_KEY_VALUE_SEPARATOR = "=";
+    static final String HEADER_VALUE_SEPARATOR = ";";
+    static final String ENCODING_VALUE_KEY = "charset";
+
+
+    static public Charset parseCharacterEncoding(String contentTypeHeader,Charset defaultCharset) {
+        // we only look at content-type because content-encoding should only be used for
+        // "binary" requests such as gzip/deflate.
+        if (contentTypeHeader == null) {
+            return defaultCharset;
+        }
+
+        String[] contentTypeValues = contentTypeHeader.split(HEADER_VALUE_SEPARATOR);
+        if (contentTypeValues.length <= 1) {
+            return defaultCharset;
+        }
+
+        for (String contentTypeValue : contentTypeValues) {
+            if (contentTypeValue.trim().startsWith(ENCODING_VALUE_KEY)) {
+                String[] encodingValues = contentTypeValue.split(HEADER_KEY_VALUE_SEPARATOR);
+                if (encodingValues.length <= 1) {
+                    return defaultCharset;
+                }
+                try {
+                    return Charsets.toCharset(encodingValues[1]);
+                } catch (UnsupportedCharsetException ex) {
+                    return defaultCharset;
+                }
+            }
+        }
+        return defaultCharset;
+    }
+
+
+    static public String appendCharacterEncoding(String currentContentType, String newEncoding) {
+        if (currentContentType == null || currentContentType.trim().isEmpty()) {
+            return null;
+        }
+
+        if (currentContentType.contains(HEADER_VALUE_SEPARATOR)) {
+            String[] contentTypeValues = currentContentType.split(HEADER_VALUE_SEPARATOR);
+            StringBuilder contentType = new StringBuilder(contentTypeValues[0]);
+
+            for (int i = 1; i < contentTypeValues.length; i++) {
+                String contentTypeValue = contentTypeValues[i];
+                String contentTypeString = HEADER_VALUE_SEPARATOR + " " + contentTypeValue;
+                if (contentTypeValue.trim().startsWith(ENCODING_VALUE_KEY)) {
+                    contentTypeString = HEADER_VALUE_SEPARATOR + " " + ENCODING_VALUE_KEY + HEADER_KEY_VALUE_SEPARATOR + newEncoding;
+                }
+                contentType.append(contentTypeString);
+            }
+
+            return contentType.toString();
+        } else {
+            return currentContentType + HEADER_VALUE_SEPARATOR + " " + ENCODING_VALUE_KEY + HEADER_KEY_VALUE_SEPARATOR + newEncoding;
+        }
+    }
+}

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpApiV2ProxyHttpServletRequest.java

@@ -12,6 +12,7 @@
  */
 package com.amazonaws.serverless.proxy.internal.servlet;
 
+import com.amazonaws.serverless.proxy.internal.HttpUtils;
 import com.amazonaws.serverless.proxy.internal.LambdaContainerHandler;
 import com.amazonaws.serverless.proxy.internal.SecurityUtils;
 import com.amazonaws.serverless.proxy.model.ContainerConfig;
@@ -32,6 +33,7 @@
 import java.io.StringReader;
 import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
+import java.nio.charset.Charset;
 import java.security.Principal;
 import java.time.Instant;
 import java.time.ZonedDateTime;
@@ -232,7 +234,8 @@ public String getCharacterEncoding() {
         if (headers == null) {
             return config.getDefaultContentCharset();
         }
-        return parseCharacterEncoding(headers.getFirst(HttpHeaders.CONTENT_TYPE));
+        Charset charset = HttpUtils.parseCharacterEncoding(headers.getFirst(HttpHeaders.CONTENT_TYPE),null);
+        return charset != null ? charset.name() : null;
     }
 
     @Override
@@ -242,7 +245,7 @@ public void setCharacterEncoding(String s) throws UnsupportedEncodingException {
             return;
         }
         String currentContentType = headers.getFirst(HttpHeaders.CONTENT_TYPE);
-        headers.putSingle(HttpHeaders.CONTENT_TYPE, appendCharacterEncoding(currentContentType, s));
+        headers.putSingle(HttpHeaders.CONTENT_TYPE, HttpUtils.appendCharacterEncoding(currentContentType, s));
     }
 
     @Override

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequest.java

@@ -369,53 +369,9 @@ protected StringBuffer generateRequestURL(String requestPath) {
         return new StringBuffer(getScheme() + "://" + url);
     }
 
-    protected String parseCharacterEncoding(String contentTypeHeader) {
-        // we only look at content-type because content-encoding should only be used for
-        // "binary" requests such as gzip/deflate.
-        if (contentTypeHeader == null) {
-            return null;
-        }
 
-        String[] contentTypeValues = contentTypeHeader.split(HEADER_VALUE_SEPARATOR);
-        if (contentTypeValues.length <= 1) {
-            return null;
-        }
 
-        for (String contentTypeValue : contentTypeValues) {
-            if (contentTypeValue.trim().startsWith(ENCODING_VALUE_KEY)) {
-                String[] encodingValues = contentTypeValue.split(HEADER_KEY_VALUE_SEPARATOR);
-                if (encodingValues.length <= 1) {
-                    return null;
-                }
-                return encodingValues[1];
-            }
-        }
-        return null;
-    }
 
-    protected String appendCharacterEncoding(String currentContentType, String newEncoding) {
-        if (currentContentType == null || currentContentType.trim().isEmpty()) {
-            return null;
-        }
-
-        if (currentContentType.contains(HEADER_VALUE_SEPARATOR)) {
-            String[] contentTypeValues = currentContentType.split(HEADER_VALUE_SEPARATOR);
-            StringBuilder contentType = new StringBuilder(contentTypeValues[0]);
-
-            for (int i = 1; i < contentTypeValues.length; i++) {
-                String contentTypeValue = contentTypeValues[i];
-                String contentTypeString = HEADER_VALUE_SEPARATOR + " " + contentTypeValue;
-                if (contentTypeValue.trim().startsWith(ENCODING_VALUE_KEY)) {
-                    contentTypeString = HEADER_VALUE_SEPARATOR + " " + ENCODING_VALUE_KEY + HEADER_KEY_VALUE_SEPARATOR + newEncoding;
-                }
-                contentType.append(contentTypeString);
-            }
-
-            return contentType.toString();
-        } else {
-            return currentContentType + HEADER_VALUE_SEPARATOR + " " + ENCODING_VALUE_KEY + HEADER_KEY_VALUE_SEPARATOR + newEncoding;
-        }
-    }
 
     protected ServletInputStream bodyStringToInputStream(String body, boolean isBase64Encoded) throws IOException {
         if (body == null) {

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsProxyHttpServletRequest.java

@@ -13,6 +13,7 @@
 package com.amazonaws.serverless.proxy.internal.servlet;
 
 
+import com.amazonaws.serverless.proxy.internal.HttpUtils;
 import com.amazonaws.serverless.proxy.internal.LambdaContainerHandler;
 import com.amazonaws.serverless.proxy.internal.SecurityUtils;
 import com.amazonaws.serverless.proxy.model.AwsProxyRequest;
@@ -35,6 +36,7 @@
 import java.io.IOException;
 import java.io.StringReader;
 import java.io.UnsupportedEncodingException;
+import java.nio.charset.Charset;
 import java.security.Principal;
 import java.time.Instant;
 import java.time.ZonedDateTime;
@@ -273,7 +275,8 @@ public String getCharacterEncoding() {
         if (request.getMultiValueHeaders() == null) {
             return config.getDefaultContentCharset();
         }
-        return parseCharacterEncoding(request.getMultiValueHeaders().getFirst(HttpHeaders.CONTENT_TYPE));
+        Charset charset = HttpUtils.parseCharacterEncoding(request.getMultiValueHeaders().getFirst(HttpHeaders.CONTENT_TYPE),null);
+        return charset != null ? charset.name() : null;
     }
 
 
@@ -284,12 +287,12 @@ public void setCharacterEncoding(String s)
             request.setMultiValueHeaders(new Headers());
         }
         String currentContentType = request.getMultiValueHeaders().getFirst(HttpHeaders.CONTENT_TYPE);
-        if (currentContentType == null || "".equals(currentContentType)) {
+        if (currentContentType == null || currentContentType.isEmpty()) {
             log.debug("Called set character encoding to " + SecurityUtils.crlf(s) + " on a request without a content type. Character encoding will not be set");
             return;
         }
 
-        request.getMultiValueHeaders().putSingle(HttpHeaders.CONTENT_TYPE, appendCharacterEncoding(currentContentType, s));
+        request.getMultiValueHeaders().putSingle(HttpHeaders.CONTENT_TYPE, HttpUtils.appendCharacterEncoding(currentContentType, s));
     }
 
 

aws-serverless-java-container-jersey/pom.xml

@@ -16,7 +16,7 @@
     </parent>
 
     <properties>
-        <jersey.version>3.1.8</jersey.version>
+        <jersey.version>3.1.9</jersey.version>
     </properties>
 
     <dependencies>

aws-serverless-java-container-spring/pom.xml

@@ -16,8 +16,8 @@
     </parent>
 
     <properties>
-        <spring.version>6.1.14</spring.version>
-        <spring-security.version>6.3.4</spring-security.version>
+        <spring.version>6.2.0</spring.version>
+        <spring-security.version>6.4.1</spring-security.version>
     </properties>
 
     <dependencies>

aws-serverless-java-container-springboot3/pom.xml

@@ -15,17 +15,17 @@
     <version>2.1.0-SNAPSHOT</version>
 
     <properties>
-        <spring.version>6.1.14</spring.version>
-        <springboot.version>3.3.5</springboot.version>
-        <springsecurity.version>6.3.4</springsecurity.version>
+        <spring.version>6.2.0</spring.version>
+        <springboot.version>3.4.0</springboot.version>
+        <springsecurity.version>6.4.1</springsecurity.version>
     </properties>
 
     <dependencies>
         <!-- Core interfaces for the aws-serverless-java-container project -->
         <dependency>
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-function-serverless-web</artifactId>
-            <version>4.1.3</version>
+            <version>4.1.4</version>
         </dependency>
         <dependency>
             <groupId>com.amazonaws.serverless</groupId>