From 1703b71563ed6b159965c8962b71015c9f74c583 Mon Sep 17 00:00:00 2001 From: Riley Park Date: Mon, 12 Aug 2024 19:45:30 -0700 Subject: [PATCH 1/2] Fix incorrect weak ETag assertion See gh-33374 --- .../src/main/java/org/springframework/http/HttpHeaders.java | 4 ++-- .../java/org/springframework/http/HttpHeadersTests.java | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/spring-web/src/main/java/org/springframework/http/HttpHeaders.java b/spring-web/src/main/java/org/springframework/http/HttpHeaders.java index 601cd1b3a61..fe4ab934ae0 100644 --- a/spring-web/src/main/java/org/springframework/http/HttpHeaders.java +++ b/spring-web/src/main/java/org/springframework/http/HttpHeaders.java @@ -1048,8 +1048,8 @@ public class HttpHeaders implements MultiValueMap, Serializable */ public void setETag(@Nullable String etag) { if (etag != null) { - Assert.isTrue(etag.startsWith("\"") || etag.startsWith("W/"), - "Invalid ETag: does not start with W/ or \""); + Assert.isTrue(etag.startsWith("\"") || etag.startsWith("W/\""), + "Invalid ETag: does not start with W/\" or \""); Assert.isTrue(etag.endsWith("\""), "Invalid ETag: does not end with \""); set(ETAG, etag); } diff --git a/spring-web/src/test/java/org/springframework/http/HttpHeadersTests.java b/spring-web/src/test/java/org/springframework/http/HttpHeadersTests.java index 059e3a98162..0b53e092cc4 100644 --- a/spring-web/src/test/java/org/springframework/http/HttpHeadersTests.java +++ b/spring-web/src/test/java/org/springframework/http/HttpHeadersTests.java @@ -196,6 +196,12 @@ class HttpHeadersTests { assertThatIllegalArgumentException().isThrownBy(() -> headers.setETag(eTag)); } + @Test + void illegalETagWithoutQuoteAfterWSlash() { + String etag = "W/v2.6\""; + assertThatIllegalArgumentException().as("Invalid Weak ETag").isThrownBy(() -> headers.setETag(etag)); + } + @Test void ifMatch() { String ifMatch = "\"v2.6\""; From fe4fd004291a1f2704281eb839609cf9e2fb5bea Mon Sep 17 00:00:00 2001 From: rstoyanchev Date: Tue, 13 Aug 2024 16:59:13 +0300 Subject: [PATCH 2/2] Polishing contribution Closes gh-33374 --- .../main/java/org/springframework/http/HttpHeaders.java | 7 +++---- .../java/org/springframework/http/HttpHeadersTests.java | 6 +++--- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/spring-web/src/main/java/org/springframework/http/HttpHeaders.java b/spring-web/src/main/java/org/springframework/http/HttpHeaders.java index fe4ab934ae0..6afe9f5003b 100644 --- a/spring-web/src/main/java/org/springframework/http/HttpHeaders.java +++ b/spring-web/src/main/java/org/springframework/http/HttpHeaders.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -1048,9 +1048,8 @@ public class HttpHeaders implements MultiValueMap, Serializable */ public void setETag(@Nullable String etag) { if (etag != null) { - Assert.isTrue(etag.startsWith("\"") || etag.startsWith("W/\""), - "Invalid ETag: does not start with W/\" or \""); - Assert.isTrue(etag.endsWith("\""), "Invalid ETag: does not end with \""); + Assert.isTrue(etag.startsWith("\"") || etag.startsWith("W/\""), "ETag does not start with W/\" or \""); + Assert.isTrue(etag.endsWith("\""), "ETag does not end with \""); set(ETAG, etag); } else { diff --git a/spring-web/src/test/java/org/springframework/http/HttpHeadersTests.java b/spring-web/src/test/java/org/springframework/http/HttpHeadersTests.java index 0b53e092cc4..80d62a344ac 100644 --- a/spring-web/src/test/java/org/springframework/http/HttpHeadersTests.java +++ b/spring-web/src/test/java/org/springframework/http/HttpHeadersTests.java @@ -191,15 +191,15 @@ class HttpHeadersTests { } @Test - void illegalETag() { + void illegalETagWithoutQuotes() { String eTag = "v2.6"; assertThatIllegalArgumentException().isThrownBy(() -> headers.setETag(eTag)); } @Test - void illegalETagWithoutQuoteAfterWSlash() { + void illegalWeakETagWithoutLeadingQuote() { String etag = "W/v2.6\""; - assertThatIllegalArgumentException().as("Invalid Weak ETag").isThrownBy(() -> headers.setETag(etag)); + assertThatIllegalArgumentException().isThrownBy(() -> headers.setETag(etag)); } @Test