Skip to content

[UNDERTOW-2370] Guard against non-servlet ctx request with ServletNam… #1758

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[UNDERTOW-2370] Guard against non-servlet ctx request with ServletNam… #1758

wants to merge 1 commit into from

Conversation

baranowb
Copy link
Contributor

…eAttribute in access log
Issue: https://issues.redhat.com/browse/UNDERTOW-2370

@baranowb baranowb requested review from fl4via and ropalka July 15, 2025 07:02
@baranowb baranowb added bug fix Contains bug fix(es) enhancement Enhances existing behaviour or code labels Jul 15, 2025
msfm
msfm suggested changes Jul 15, 2025
View reviewed changes
servlet/src/main/java/io/undertow/servlet/attribute/ServletNameAttribute.java
if (src != null) {
return src.getCurrentServlet().getManagedServlet().getServletInfo().getName();
} else {
return UNDEFINED;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you explain the reasoning behind intentionally returning "No-Servlet" here?

I was thinking that returning null would be sufficient, as it gets logged as - in the access log by default. This would also align with other ExchangeAttributes, which typically return null when a value isn't available.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

UX, looks better than "null".

Copy link
Contributor

@msfm msfm Sep 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To clarify, my suggestion of returning null does not result in the string "null" being logged. Instead, the access log mechanism converts it to -, which is the standard convention for an empty value in Undertow.

My main concern is consistency. All other ExchangeAttributes (like RequestHeaderAttribute, ResponseHeaderAttribute, RemoteUserAttribute, etc.) return null and are logged as -. Introducing a custom "No-Servlet" string here would create a special case and make the logs less uniform.

For this reason, I still believe that returning null is the most appropriate approach.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ropalka ropalka Awaiting requested review from ropalka

@fl4via fl4via Awaiting requested review from fl4via

1 more reviewer

@msfm msfm msfm requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

bug fix Contains bug fix(es) enhancement Enhances existing behaviour or code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@baranowb @msfm