Skip to content

MockHttpServletRequest#setContentType fails with StringIndexOutOfBoundsException #29255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rwinch opened this issue Oct 4, 2022 · 2 comments
Closed

MockHttpServletRequest#setContentType fails with StringIndexOutOfBoundsException #29255

rwinch opened this issue Oct 4, 2022 · 2 comments
Assignees
@rstoyanchev
Labels
in: test Issues in the test module in: web Issues in web modules (web, webmvc, webflux, websocket) type: bug A general bug
Milestone
6.0.5

Comments

@rwinch
Copy link
Member

rwinch commented Oct 4, 2022
edited by sbrannen
Loading

For the default Locale of en_US, the following code:

MockHttpServletRequest request = new MockHttpServletRequest();
request.setContentType("İcharset=");

fails with:

java.lang.StringIndexOutOfBoundsException: begin 10, end 9, length 9
	at java.base/java.lang.String.checkBoundsBeginEnd(String.java:4604)
	at java.base/java.lang.String.substring(String.java:2707)
	at java.base/java.lang.String.substring(String.java:2680)
	at org.springframework.mock.web.MockHttpServletRequest.setContentType(MockHttpServletRequest.java:495)

The problem is that contentType.toLowerCase() changes the length of the String, so when using the index on the original String causes a StringIndexOutOfBoundsException.

This is causing failures to be reported to Spring Security by the oss-fuzz project which generated random inputs for their test cases which resulted in this error being reported to Spring Security.

While the header is invalid it would be nice to be able to test invalid headers using the mock object.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Oct 4, 2022
@rstoyanchev rstoyanchev added in: test Issues in the test module in: web Issues in web modules (web, webmvc, webflux, websocket) labels Jan 24, 2023
@rstoyanchev
Copy link
Contributor

We actually fail in the handling of the parse exception, while trying to extract the charset, and as a result the original exception is lost. We should address that indeed.

@rstoyanchev rstoyanchev added type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Jan 30, 2023
@rstoyanchev rstoyanchev added this to the 6.0.5 milestone Jan 30, 2023
@rstoyanchev rstoyanchev self-assigned this Feb 7, 2023
@rstoyanchev rstoyanchev changed the title MockHttpServletRequest.setContent fails with StringIndexOutOfBoundsException MockHttpServletRequest#setContentType fails with StringIndexOutOfBoundsException Feb 7, 2023
@rstoyanchev
Copy link
Contributor

Fixed in 9c0b28f, but commit refers to the wrong issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rstoyanchev rstoyanchev

Labels
in: test Issues in the test module in: web Issues in web modules (web, webmvc, webflux, websocket) type: bug A general bug
Projects
None yet
Milestone
6.0.5
Development

No branches or pull requests
3 participants
@rwinch @rstoyanchev @spring-projects-issues