Skip to content

Rethrow cookie parsing failure as IllegalArgumentException#2761

Merged
bulldozer-bot[bot] merged 1 commit intodevelopfrom
pkoenig/cookie
Jan 6, 2026
Merged

Rethrow cookie parsing failure as IllegalArgumentException#2761
bulldozer-bot[bot] merged 1 commit intodevelopfrom
pkoenig/cookie

Conversation

@pkoenig10
Copy link
Member

@pkoenig10 pkoenig10 commented Jan 5, 2026
edited
Loading

Before this PR

If a request contains more cookies than the configured maximum (200 by default), then the HttpServerExchange methods to obtain cookies will throw an IllegalStateException. This can result in false positives for internal errors monitors.

java.lang.IllegalStateException: {throwable0_message}
	at io.undertow.util.Cookies.createCookie(Cookies.java:397)
	at io.undertow.util.Cookies.parseCookie(Cookies.java:291)
	at io.undertow.util.Cookies.parseRequestCookies(Cookies.java:246)
	at io.undertow.util.Cookies.parseRequestCookies(Cookies.java:224)
	at io.undertow.util.Cookies.parseRequestCookies(Cookies.java:215)
	at io.undertow.server.HttpServerExchange.requestCookies(HttpServerExchange.java:1248)
	at io.undertow.server.HttpServerExchange.getRequestCookie(HttpServerExchange.java:1229)
	at com.palantir.conjure.java.undertow.runtime.ConjureContexts$ConjureServerRequestContext.cookie(ConjureContexts.java:85)
	...

After this PR

Catch these exceptions and re-throw them as SafeIllegalArgumentException.

@changelog-app
Copy link

changelog-app bot commented Jan 5, 2026
edited by pkoenig10
Loading

Generate changelog in changelog/@unreleased

Type (Select exactly one)

  • Feature (Adding new functionality)
  • Improvement (Improving existing functionality)
  • Fix (Fixing an issue with existing functionality)
  • Break (Creating a new major version by breaking public APIs)
  • Deprecation (Removing functionality in a non-breaking way)
  • Migration (Automatically moving data/functionality to a new system)

Description

Throw IllegalArgumentException instead of IllegalStateException when request contains too many cookies.

Check the box to generate changelog(s)

  • Generate changelog entry

@pkoenig10 pkoenig10 requested review from bjlaub and mpritham January 5, 2026 16:44
@changelog-app
Copy link

changelog-app bot commented Jan 5, 2026

Successfully generated changelog entry!

Need to regenerate?

Simply interact with the changelog bot comment again to regenerate these entries.

📋Changelog Preview

💡 Improvements

  • Throw IllegalArgumentException instead of IllegalStateException when request contains too many cookies. (#2761)

kunalrkak
kunalrkak reviewed Jan 6, 2026
View reviewed changes
Copy link
Contributor

@kunalrkak kunalrkak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One nit, otherwise lgtm!

...dertow-runtime/src/main/java/com/palantir/conjure/java/undertow/runtime/ConjureContexts.java
Comment on lines +93 to +96
if (cookie == null) {
return Optional.empty();
}
return Optional.of(cookie.getValue());
Copy link
Contributor

@kunalrkak kunalrkak Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe Optional#ofNullable here?

Copy link
Member Author

@pkoenig10 pkoenig10 Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This value should never be null in a parsed cookie.

Copy link
Contributor

@kunalrkak kunalrkak Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm, how is that better implied in this code block vs using ofNullable? seems like we're handling it in the same way, just more verbose

Copy link
Member Author

@pkoenig10 pkoenig10 Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I personally find this way easier to read. It's consistent with the code structure other places we read cookies (the files touched in this PR) and avoids the lambda allocation.

kunalrkak
kunalrkak approved these changes Jan 6, 2026
View reviewed changes
Copy link
Contributor

@kunalrkak kunalrkak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@bulldozer-bot bulldozer-bot bot merged commit f95c07b into develop Jan 6, 2026
5 checks passed
@bulldozer-bot bulldozer-bot bot deleted the pkoenig/cookie branch January 6, 2026 21:58
@autorelease3
Copy link

autorelease3 bot commented Jan 6, 2026

Released 8.67.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kunalrkak kunalrkak kunalrkak approved these changes

@bjlaub bjlaub Awaiting requested review from bjlaub

@mpritham mpritham Awaiting requested review from mpritham

Assignees

No one assigned

Labels

autorelease merge when ready

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pkoenig10 @kunalrkak