Skip to content

Test #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
zoewangg wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Test #16

zoewangg wants to merge 2 commits into from

Conversation

@zoewangg
Copy link
Owner

@zoewangg zoewangg commented May 15, 2025

Motivation and Context

Modifications

Testing

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING document
  • Local run of mvn install succeeds
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have added tests to cover my changes
  • All new and existing tests passed
  • I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
  • My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • I confirm that this pull request can be released under the Apache 2 license

@zoewang-test
Copy link

zoewang-test bot commented May 15, 2025

Thank you for creating the pull request! 🎉

  • Can you please add a new changelog entry?
  • Can you please confirm that this pull request can be released under the Apache 2 license?
Useful commands for maintainers

  • /tests-integration Run integration tests
  • /tests-stability Run stability tests
  • /tests-performance Run performance tests
  • /tests-all Run all tests
  • /reassign Reassign to another reviewer
  • /override-changelog-check Override changelog check

github-advanced-security[bot]
github-advanced-security bot found potential problems May 15, 2025
View reviewed changes
.../src/test/java/software/amazon/awssdk/http/nio/netty/internal/nrs/HandlerSubscriberTest.java

private DefaultFullHttpRequest emptyHttpRequest() {
return new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, "http://fake.com");
return new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, "http://fake.com", false);

Check warning

Code scanning / CodeQL

Disabled Netty HTTP header validation Medium test

Request splitting vulnerability due to header value verification being disabled.

Copilot Autofix

AI 9 months ago

To fix the issue, we will modify the emptyHttpRequest method to use the constructor of DefaultFullHttpRequest that enables header validation by default. This involves removing the false argument from the constructor call. This change ensures that headers are validated for potential splitting vulnerabilities, even in test code.

Suggested changeset 1
http-clients/netty-nio-client/src/test/java/software/amazon/awssdk/http/nio/netty/internal/nrs/HandlerSubscriberTest.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/http-clients/netty-nio-client/src/test/java/software/amazon/awssdk/http/nio/netty/internal/nrs/HandlerSubscriberTest.java b/http-clients/netty-nio-client/src/test/java/software/amazon/awssdk/http/nio/netty/internal/nrs/HandlerSubscriberTest.java
--- a/http-clients/netty-nio-client/src/test/java/software/amazon/awssdk/http/nio/netty/internal/nrs/HandlerSubscriberTest.java
+++ b/http-clients/netty-nio-client/src/test/java/software/amazon/awssdk/http/nio/netty/internal/nrs/HandlerSubscriberTest.java
@@ -96,3 +96,3 @@
     private DefaultFullHttpRequest emptyHttpRequest() {
-        return new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, "http://fake.com", false);
+        return new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, "http://fake.com");
     }
EOF
@@ -96,3 +96,3 @@
private DefaultFullHttpRequest emptyHttpRequest() {
return new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, "http://fake.com", false);
return new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, "http://fake.com");
}
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zoewangg