Package org.eclipse.jetty.http

Enum Class UriCompliance.Violation

java.lang.Object
java.lang.Enum<UriCompliance.Violation>
org.eclipse.jetty.http.UriCompliance.Violation
All Implemented Interfaces:
Serializable, Comparable<UriCompliance.Violation>, Constable, ComplianceViolation
Enclosing class:
UriCompliance
public static enum UriCompliance.Violation extends Enum<UriCompliance.Violation> implements ComplianceViolation
These are URI compliance "violations", which may be allowed by the compliance mode. These are actual violations of the RFC, as they represent additional requirements in excess of the strict compliance of RFC 3986. A compliance mode that contains one or more of these Violations, allows request to violate the corresponding additional requirement.

  • Enum Constant Details

    • AMBIGUOUS_PATH_SEGMENT

      public static final UriCompliance.Violation AMBIGUOUS_PATH_SEGMENT
      Allow ambiguous path segments e.g. /foo/%2e%2e/bar. When allowing this Violation, the application developer/deployer must ensure that the decoded URI path is not passed to any API that may inadvertently normalize dot or double dot segments. Any resulting '.' characters in the decoded path should be treated as literal characters.

    • AMBIGUOUS_EMPTY_SEGMENT

      public static final UriCompliance.Violation AMBIGUOUS_EMPTY_SEGMENT
      Allow ambiguous empty segments e.g. //. When allowing this Violation, the application developer/deployer must ensure that the application behaves as desired when it receives a URI path containing //. Specifically, any URI pattern matching for security concerns needs to be carefully audited.

    • AMBIGUOUS_PATH_SEPARATOR

      public static final UriCompliance.Violation AMBIGUOUS_PATH_SEPARATOR
      Allow ambiguous path separator within a URI segment e.g. /foo/b%2fr When allowing this Violation, the application developer/deployer must be aware that the decoded URI path is ambiguous and that it is not possible to distinguish in the decoded path a real path separator versus an encoded separator character. Any URI matching based on decoded segments may be affected by this ambiguity. It is highly recommended that applications using this violation work only with encoded URI paths. Some APIs that return decoded paths may throw an exception rather than return such an ambiguous path.

    • AMBIGUOUS_PATH_PARAMETER

      public static final UriCompliance.Violation AMBIGUOUS_PATH_PARAMETER
      Allow ambiguous path parameters within a URI segment e.g. /foo/..;/bar or /foo/%2e%2e;param/bar. Since a dot or double dot segment with a parameter will not be normalized, then when allowing this Violation, the application developer/deployer must ensure that the decoded URI path is not passed to any API that may inadvertently normalize dot or double dot segments.

    • AMBIGUOUS_PATH_ENCODING

      public static final UriCompliance.Violation AMBIGUOUS_PATH_ENCODING
      Allow ambiguous path encoding within a URI segment e.g. /%2557EB-INF. When allowing this Violation, the deployer must ensure that the decoded URI path is not passed to any API that may inadvertently further decode any percent encoded characters. Any resulting `%` character in the decoded path should be treated as a literal character.

    • UTF16_ENCODINGS

      public static final UriCompliance.Violation UTF16_ENCODINGS
      Allow UTF-16 encoding eg /foo%u2192bar.

    • BAD_UTF8_ENCODING

      public static final UriCompliance.Violation BAD_UTF8_ENCODING
      Allow Bad UTF-8 encodings to be substituted by the replacement character.

    • SUSPICIOUS_PATH_CHARACTERS

      public static final UriCompliance.Violation SUSPICIOUS_PATH_CHARACTERS
      Allow encoded path characters not allowed by the Servlet spec rules.

    • ILLEGAL_PATH_CHARACTERS

      public static final UriCompliance.Violation ILLEGAL_PATH_CHARACTERS
      Allow path characters not allowed in the path portion of the URI and HTTP specs.

      This would allow characters that fall outside of the unreserved / pct-encoded / sub-delims / ":" / "@" ABNF

    • USER_INFO

      public static final UriCompliance.Violation USER_INFO
      Allow user info in the authority portion of the URI and HTTP specs.

  • Method Details

    • values

      public static UriCompliance.Violation[] values()
      Returns an array containing the constants of this enum class, in the order they are declared.
      Returns:
      an array containing the constants of this enum class, in the order they are declared

    • valueOf

      public static UriCompliance.Violation valueOf(String name)
      Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)
      Parameters:
      name - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum class has no constant with the specified name
      NullPointerException - if the argument is null

    • getName

      public String getName()
      Specified by:
      getName in interface ComplianceViolation
      Returns:
      The name of the violation.

    • getURL

      public String getURL()
      Specified by:
      getURL in interface ComplianceViolation
      Returns:
      A URL to the specification that provides more information regarding the requirement that may be violated.

    • getDescription

      public String getDescription()
      Specified by:
      getDescription in interface ComplianceViolation
      Returns:
      A short description of the violation.