SLING-12844 check content type violations for committed responses if they where not commited due to sendError or sendRedirect

Author: RemoLiechti

src/main/java/org/apache/sling/engine/impl/SlingJakartaHttpServletResponseImpl.java

@@ -48,6 +48,15 @@
 public class SlingJakartaHttpServletResponseImpl extends HttpServletResponseWrapper
         implements SlingJakartaHttpServletResponse {
 
+    /**
+     * The reason why the response was committed. This is used to determine whether
+     * the change to the content type header can be ignored or not.
+     */
+    public static enum CommitReason {
+        SEND_ERROR,
+        SEND_REDIRECT
+    }
+
     private static final String CALL_STACK_MESSAGE = "Call stack causing the content type override violation: ";
 
     private static final Logger LOG = LoggerFactory.getLogger(SlingJakartaHttpServletResponseImpl.class);
@@ -77,14 +86,16 @@ public static class WriterAlreadyClosedException extends IllegalStateException {
 
     private final boolean firstSlingResponse;
 
+    private CommitReason committedReason;
+
     public SlingJakartaHttpServletResponseImpl(RequestData requestData, HttpServletResponse response) {
         super(response);
         this.requestData = requestData;
         this.firstSlingResponse = !(response instanceof SlingJakartaHttpServletResponse);
 
         if (firstSlingResponse) {
-            for (final StaticResponseHeader mapping :
-                    requestData.getSlingRequestProcessor().getAdditionalResponseHeaders()) {
+            for (final StaticResponseHeader mapping : requestData.getSlingRequestProcessor()
+                    .getAdditionalResponseHeaders()) {
                 response.addHeader(mapping.getResponseHeaderName(), mapping.getResponseHeaderValue());
             }
         }
@@ -269,6 +280,7 @@ public void addIntHeader(final String name, final int value) {
     @Override
     public void sendRedirect(final String location) throws IOException {
         if (!this.isProtectHeadersOnInclude()) {
+            this.committedReason = CommitReason.SEND_REDIRECT;
             super.sendRedirect(location);
         }
     }
@@ -305,7 +317,10 @@ private String getCurrentStackTrace() {
 
     @Override
     public void setContentType(final String type) {
-        if (this.isCommitted() || !isInclude()) {
+        boolean isCommitedDueToSendErrorOrRedirect = this.isCommitted()
+                && (CommitReason.SEND_ERROR.equals(this.committedReason)
+                        || CommitReason.SEND_REDIRECT.equals(this.committedReason));
+        if (isCommitedDueToSendErrorOrRedirect || !isInclude()) {
             super.setContentType(type);
         } else {
             Optional<String> message = checkContentTypeOverride(type);
@@ -369,8 +384,7 @@ private List<String> getLastMessagesOfProgressTracker() {
         // consumption errors when close to infinite recursive calls are made
         int nrOfOriginalMessages = 0;
         boolean gotCut = false;
-        Iterator<String> messagesIterator =
-                requestData.getRequestProgressTracker().getMessages();
+        Iterator<String> messagesIterator = requestData.getRequestProgressTracker().getMessages();
         LinkedList<String> lastMessages = new LinkedList<>();
         while (messagesIterator.hasNext()) {
             nrOfOriginalMessages++;
@@ -449,8 +463,8 @@ private String findUnmatchedTimerStarts() {
     private String getMessage(@Nullable String currentContentType, @Nullable String setContentType) {
         String unmatchedStartTimers = findUnmatchedTimerStarts();
 
-        String allMessages =
-                getLastMessagesOfProgressTracker().stream().collect(Collectors.joining(System.lineSeparator()));
+        String allMessages = getLastMessagesOfProgressTracker().stream()
+                .collect(Collectors.joining(System.lineSeparator()));
 
         if (!isCheckContentTypeOnInclude()) {
             return String.format(
@@ -497,6 +511,8 @@ public void sendError(int status, String message) throws IOException {
         if (!this.isProtectHeadersOnInclude()) {
             checkCommitted();
 
+            this.committedReason = CommitReason.SEND_ERROR;
+
             final SlingRequestProcessorImpl eh = getRequestData().getSlingRequestProcessor();
             eh.handleError(status, message, requestData.getSlingRequest(), this);
         }
@@ -771,8 +787,7 @@ private String map(String url) {
     }
 
     private String removeContextPath(final String path) {
-        final String contextPath =
-                this.getRequestData().getSlingRequest().getContextPath().concat("/");
+        final String contextPath = this.getRequestData().getSlingRequest().getContextPath().concat("/");
         if (contextPath.length() > 1 && path.startsWith(contextPath)) {
             return path.substring(contextPath.length() - 1);
         }

src/test/java/org/apache/sling/engine/impl/SlingHttpServletResponseImplTest.java

@@ -49,61 +49,104 @@ public class SlingHttpServletResponseImplTest {
 
     private static final String ACTIVE_SERVLET_NAME = "activeServlet";
     String[] logMessages = {
-        "0 TIMER_START{Request Processing}",
-        "6 COMMENT timer_end format is {<elapsed microseconds>,<timer name>} <optional message>",
-        "17 LOG Method=GET, PathInfo=null",
-        "20 TIMER_START{handleSecurity}",
-        "2104 TIMER_END{2081,handleSecurity} authenticator org.apache.sling.auth.core.impl.SlingAuthenticator@6367091e returns true",
-        "2478 TIMER_START{ResourceResolution}",
-        "2668 TIMER_END{189,ResourceResolution} URI=/content/slingshot.html resolves to Resource=JcrNodeResource, type=slingshot/Home, superType=null, path=/content/slingshot",
-        "2678 LOG Resource Path Info: SlingRequestPathInfo: path='/content/slingshot', selectorString='null', extension='html', suffix='null'",
-        "2678 TIMER_START{ServletResolution}",
-        "2683 TIMER_START{resolveServlet(/content/slingshot)}",
-        "3724 TIMER_END{1040,resolveServlet(/content/slingshot)} Using servlet /libs/slingshot/Home/html.jsp",
-        "3727 TIMER_END{1047,ServletResolution} URI=/content/slingshot.html handled by Servlet=/libs/slingshot/Home/html.jsp",
-        "3736 LOG Applying REQUESTfilters",
-        "3751 LOG Calling filter: com.composum.sling.nodes.mount.remote.RemoteRequestFilter",
-        "4722 TIMER_START{/libs/slingshot/Component/head.html.jsp#1}",
-        "3757 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter",
-        "4859 TIMER_END{135,/libs/slingshot/Component/head.html.jsp#1}",
-        "3765 LOG Calling filter: org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter",
-        "2678 TIMER_START{ServletResolution}",
-        "2683 TIMER_START{resolveServlet(/content/slingshot)}",
-        "2678 TIMER_START{ServletResolution}",
-        "2683 TIMER_START{resolveServlet(/content/slingshot)}",
-        "3724 TIMER_END{1040,resolveServlet(/content/slingshot)} Using servlet /libs/slingshot/Home/html.jsp",
-        "3727 TIMER_END{1047,ServletResolution} URI=/content/slingshot.html handled by Servlet=/libs/slingshot/Home/html.jsp",
-        "3724 TIMER_END{1040,resolveServlet(/content/slingshot)} Using servlet /libs/slingshot/Home/html.jsp",
-        "3727 TIMER_END{1047,ServletResolution} URI=/content/slingshot.html handled by Servlet=/libs/slingshot/Home/html.jsp",
-        "3774 LOG Applying Componentfilters",
-        "3797 TIMER_START{/libs/slingshot/Home/html.jsp#0}",
-        "3946 LOG Adding bindings took 18 microseconds",
-        "4405 LOG Including resource JcrNodeResource, type=slingshot/Home, superType=null, path=/content/slingshot (SlingRequestPathInfo: path='/content/slingshot', selectorString='head', extension='html', suffix='null')",
-        "4414 TIMER_START{resolveServlet(/content/slingshot)}",
-        "4670 TIMER_END{253,resolveServlet(/content/slingshot)} Using servlet /libs/slingshot/Component/head.html.jsp",
-        "4673 LOG Applying Includefilters",
-        "4722 TIMER_START{/libs/slingshot/Component/head.html.jsp#1}",
-        "4749 LOG Adding bindings took 4 microseconds"
+            "0 TIMER_START{Request Processing}",
+            "6 COMMENT timer_end format is {<elapsed microseconds>,<timer name>} <optional message>",
+            "17 LOG Method=GET, PathInfo=null",
+            "20 TIMER_START{handleSecurity}",
+            "2104 TIMER_END{2081,handleSecurity} authenticator org.apache.sling.auth.core.impl.SlingAuthenticator@6367091e returns true",
+            "2478 TIMER_START{ResourceResolution}",
+            "2668 TIMER_END{189,ResourceResolution} URI=/content/slingshot.html resolves to Resource=JcrNodeResource, type=slingshot/Home, superType=null, path=/content/slingshot",
+            "2678 LOG Resource Path Info: SlingRequestPathInfo: path='/content/slingshot', selectorString='null', extension='html', suffix='null'",
+            "2678 TIMER_START{ServletResolution}",
+            "2683 TIMER_START{resolveServlet(/content/slingshot)}",
+            "3724 TIMER_END{1040,resolveServlet(/content/slingshot)} Using servlet /libs/slingshot/Home/html.jsp",
+            "3727 TIMER_END{1047,ServletResolution} URI=/content/slingshot.html handled by Servlet=/libs/slingshot/Home/html.jsp",
+            "3736 LOG Applying REQUESTfilters",
+            "3751 LOG Calling filter: com.composum.sling.nodes.mount.remote.RemoteRequestFilter",
+            "4722 TIMER_START{/libs/slingshot/Component/head.html.jsp#1}",
+            "3757 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter",
+            "4859 TIMER_END{135,/libs/slingshot/Component/head.html.jsp#1}",
+            "3765 LOG Calling filter: org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter",
+            "2678 TIMER_START{ServletResolution}",
+            "2683 TIMER_START{resolveServlet(/content/slingshot)}",
+            "2678 TIMER_START{ServletResolution}",
+            "2683 TIMER_START{resolveServlet(/content/slingshot)}",
+            "3724 TIMER_END{1040,resolveServlet(/content/slingshot)} Using servlet /libs/slingshot/Home/html.jsp",
+            "3727 TIMER_END{1047,ServletResolution} URI=/content/slingshot.html handled by Servlet=/libs/slingshot/Home/html.jsp",
+            "3724 TIMER_END{1040,resolveServlet(/content/slingshot)} Using servlet /libs/slingshot/Home/html.jsp",
+            "3727 TIMER_END{1047,ServletResolution} URI=/content/slingshot.html handled by Servlet=/libs/slingshot/Home/html.jsp",
+            "3774 LOG Applying Componentfilters",
+            "3797 TIMER_START{/libs/slingshot/Home/html.jsp#0}",
+            "3946 LOG Adding bindings took 18 microseconds",
+            "4405 LOG Including resource JcrNodeResource, type=slingshot/Home, superType=null, path=/content/slingshot (SlingRequestPathInfo: path='/content/slingshot', selectorString='head', extension='html', suffix='null')",
+            "4414 TIMER_START{resolveServlet(/content/slingshot)}",
+            "4670 TIMER_END{253,resolveServlet(/content/slingshot)} Using servlet /libs/slingshot/Component/head.html.jsp",
+            "4673 LOG Applying Includefilters",
+            "4722 TIMER_START{/libs/slingshot/Component/head.html.jsp#1}",
+            "4749 LOG Adding bindings took 4 microseconds"
     };
 
     @Test
-    public void testNoViolationChecksOnCommitedResponse() {
+    public void testNoViolationChecksOnCommittedResponseWhenSendRedirect() throws IOException {
         final SlingJakartaHttpServletResponse orig = Mockito.mock(SlingJakartaHttpServletResponse.class);
         Mockito.when(orig.isCommitted()).thenReturn(true);
 
         final RequestData requestData = mock(RequestData.class);
         final DispatchingInfo info = new DispatchingInfo(DispatcherType.INCLUDE);
         when(requestData.getDispatchingInfo()).thenReturn(info);
-        info.setProtectHeadersOnInclude(true);
 
         final SlingJakartaHttpServletResponseImpl include = new SlingJakartaHttpServletResponseImpl(requestData, orig);
         SlingJakartaHttpServletResponseImpl spyInclude = Mockito.spy(include);
 
+        spyInclude.sendRedirect("somewhere");
+
+        spyInclude.setContentType("someOtherType");
+        Mockito.verify(orig, times(1)).setContentType(Mockito.any());
+        Mockito.verify(spyInclude, never()).checkContentTypeOverride(Mockito.any());
+    }
+
+    @Test
+    public void testNoViolationChecksOnCommittedResponseWhenSendError() throws IOException {
+        final SlingJakartaHttpServletResponse orig = Mockito.mock(SlingJakartaHttpServletResponse.class);
+
+        final RequestData requestData = mock(RequestData.class);
+        final DispatchingInfo info = new DispatchingInfo(DispatcherType.INCLUDE);
+        when(requestData.getDispatchingInfo()).thenReturn(info);
+        when(requestData.getSlingRequestProcessor()).thenReturn(mock(SlingRequestProcessorImpl.class));
+
+        final SlingJakartaHttpServletResponseImpl include = new SlingJakartaHttpServletResponseImpl(requestData, orig);
+        SlingJakartaHttpServletResponseImpl spyInclude = Mockito.spy(include);
+
+        spyInclude.sendError(501);
+        // send error will eventually commit the response, let's mock this
+        Mockito.when(orig.isCommitted()).thenReturn(true);
+
         spyInclude.setContentType("someOtherType");
         Mockito.verify(orig, times(1)).setContentType(Mockito.any());
         Mockito.verify(spyInclude, never()).checkContentTypeOverride(Mockito.any());
     }
 
+    @Test
+    public void testViolationChecksOnCommittedResponses() throws IOException {
+        final SlingJakartaHttpServletResponse orig = Mockito.mock(SlingJakartaHttpServletResponse.class);
+        Mockito.when(orig.isCommitted()).thenReturn(true);
+
+        final RequestData requestData = mock(RequestData.class);
+        final DispatchingInfo info = new DispatchingInfo(DispatcherType.INCLUDE);
+        when(requestData.getDispatchingInfo()).thenReturn(info);
+        when(requestData.getSlingRequestProcessor()).thenReturn(mock(SlingRequestProcessorImpl.class));
+        final RequestProgressTracker rpt = mock(RequestProgressTracker.class);
+        when(rpt.getMessages()).thenReturn(new ArrayList<String>().iterator());
+        when(requestData.getRequestProgressTracker()).thenReturn(rpt);
+
+        final SlingJakartaHttpServletResponseImpl include = new SlingJakartaHttpServletResponseImpl(requestData, orig);
+        SlingJakartaHttpServletResponseImpl spyInclude = Mockito.spy(include);
+
+        spyInclude.setContentType("someOtherType");
+        Mockito.verify(orig, times(1)).setContentType(Mockito.any());
+        Mockito.verify(spyInclude, Mockito.times(1)).checkContentTypeOverride(Mockito.any());
+    }
+
     @Test
     public void testReset() {
         final SlingJakartaHttpServletResponse originalResponse = mock(SlingJakartaHttpServletResponse.class);
@@ -112,8 +155,8 @@ public void testReset() {
         when(requestData.getDispatchingInfo()).thenReturn(dispatchingInfo);
         dispatchingInfo.setProtectHeadersOnInclude(true);
 
-        final HttpServletResponse includeResponse =
-                new SlingJakartaHttpServletResponseImpl(requestData, originalResponse);
+        final HttpServletResponse includeResponse = new SlingJakartaHttpServletResponseImpl(requestData,
+                originalResponse);
 
         when(originalResponse.isCommitted()).thenReturn(false);
         includeResponse.reset();
@@ -134,8 +177,8 @@ public void testResetOnError() {
 
         // Simulate an error dispatching scenario on a uncommitted response
         DispatchingInfo dispatchingInfo = new DispatchingInfo(DispatcherType.ERROR);
-        final HttpServletResponse includeResponse =
-                new SlingJakartaHttpServletResponseImpl(requestData, originalResponse);
+        final HttpServletResponse includeResponse = new SlingJakartaHttpServletResponseImpl(requestData,
+                originalResponse);
         dispatchingInfo.setProtectHeadersOnInclude(true);
         when(requestData.getDispatchingInfo()).thenReturn(dispatchingInfo);
         when(originalResponse.isCommitted()).thenReturn(false);