incubator-juneau git commit: Prevent possible OOM in case of DDOS.

jamesbognar Tue, 02 May 2017 05:31:59 -0700

Repository: incubator-juneau
Updated Branches:
  refs/heads/master c3609d051 -> 831a2bd9f



Prevent possible OOM in case of DDOS.

Project: http://git-wip-us.apache.org/repos/asf/incubator-juneau/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-juneau/commit/831a2bd9
Tree: http://git-wip-us.apache.org/repos/asf/incubator-juneau/tree/831a2bd9
Diff: http://git-wip-us.apache.org/repos/asf/incubator-juneau/diff/831a2bd9

Branch: refs/heads/master
Commit: 831a2bd9f8da1c924f385c654b363b904b2905a7
Parents: c3609d0
Author: JamesBognar <[email protected]>
Authored: Tue May 2 08:31:30 2017 -0400
Committer: JamesBognar <[email protected]>
Committed: Tue May 2 08:31:30 2017 -0400

----------------------------------------------------------------------
 .../java/org/apache/juneau/https/AcceptTest.java  |  1 -
 .../main/java/org/apache/juneau/http/Accept.java  | 18 ++++++++++++------
 .../org/apache/juneau/http/AcceptEncoding.java    | 18 ++++++++++++------
 .../java/org/apache/juneau/http/ContentType.java  | 16 +++++++++++-----
 4 files changed, 35 insertions(+), 18 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-juneau/blob/831a2bd9/juneau-core-test/src/test/java/org/apache/juneau/https/AcceptTest.java
----------------------------------------------------------------------
diff --git 
a/juneau-core-test/src/test/java/org/apache/juneau/https/AcceptTest.java 
b/juneau-core-test/src/test/java/org/apache/juneau/https/AcceptTest.java
index dd905a6..8a2b174 100644
--- a/juneau-core-test/src/test/java/org/apache/juneau/https/AcceptTest.java
+++ b/juneau-core-test/src/test/java/org/apache/juneau/https/AcceptTest.java
@@ -42,7 +42,6 @@ public class AcceptTest {
                        { "SimpleNoMatch-2", "text/jso", "['text/json']", -1 },
                        { "SimpleNoMatch-3", "text/json", 
"['application/json']", -1 },
                        { "SimpleNoMatch-4", "text/json", "[]", -1 },
-                       { "SimpleNoMatch-5", null, "['text/json']", -1 },
                        
                        // Meta-character matches
                        { "MetaMatch-1", "text/*", 
"['text/a','text/b+c','text/b+d+e']", 2 },

http://git-wip-us.apache.org/repos/asf/incubator-juneau/blob/831a2bd9/juneau-core/src/main/java/org/apache/juneau/http/Accept.java
----------------------------------------------------------------------
diff --git a/juneau-core/src/main/java/org/apache/juneau/http/Accept.java 
b/juneau-core/src/main/java/org/apache/juneau/http/Accept.java
index ce7119f..5fabc73 100644
--- a/juneau-core/src/main/java/org/apache/juneau/http/Accept.java
+++ b/juneau-core/src/main/java/org/apache/juneau/http/Accept.java
@@ -122,7 +122,7 @@ import org.apache.juneau.internal.*;
  */
 public final class Accept {
 
-       private static final boolean nocache = 
Boolean.getBoolean("juneau.nocache");
+       private static final boolean nocache = 
Boolean.getBoolean("juneau.http.Accept.nocache");
        private static final ConcurrentHashMap<String,Accept> cache = new 
ConcurrentHashMap<String,Accept>();
 
        private final MediaTypeRange[] mediaRanges;
@@ -132,19 +132,25 @@ public final class Accept {
         * Returns a parsed <code>Accept</code> header.
         *
         * @param s The <code>Accept</code> header string.
-        * @return The parsed <code>Accept</code> header.
+        * @return The parsed <code>Accept</code> header, or <jk>null</jk> if 
the string was null.
         */
        public static Accept forString(String s) {
                if (s == null)
-                       s = "null";
-               Accept a = cache.get(s);
-               if (a == null) {
+                       return null;
+
+               // Prevent OOM in case of DDOS
+               if (cache.size() > 1000)
+                       cache.clear();
+
+               while (true) {
+                       Accept a = cache.get(s);
+                       if (a != null)
+                               return a;
                        a = new Accept(s);
                        if (nocache)
                                return a;
                        cache.putIfAbsent(s, a);
                }
-               return cache.get(s);
        }
 
        private Accept(String raw) {

http://git-wip-us.apache.org/repos/asf/incubator-juneau/blob/831a2bd9/juneau-core/src/main/java/org/apache/juneau/http/AcceptEncoding.java
----------------------------------------------------------------------
diff --git 
a/juneau-core/src/main/java/org/apache/juneau/http/AcceptEncoding.java 
b/juneau-core/src/main/java/org/apache/juneau/http/AcceptEncoding.java
index e8c6886..8d83401 100644
--- a/juneau-core/src/main/java/org/apache/juneau/http/AcceptEncoding.java
+++ b/juneau-core/src/main/java/org/apache/juneau/http/AcceptEncoding.java
@@ -80,7 +80,7 @@ import org.apache.juneau.internal.*;
  */
 public final class AcceptEncoding {
 
-       private static final boolean nocache = 
Boolean.getBoolean("juneau.nocache");
+       private static final boolean nocache = 
Boolean.getBoolean("juneau.http.AcceptEncoding.nocache");
        private static final ConcurrentHashMap<String,AcceptEncoding> cache = 
new ConcurrentHashMap<String,AcceptEncoding>();
 
        private final TypeRange[] typeRanges;
@@ -90,19 +90,25 @@ public final class AcceptEncoding {
         * Returns a parsed <code>Accept-Encoding</code> header.
         *
         * @param s The <code>Accept-Encoding</code> header string.
-        * @return The parsed <code>Accept-Encoding</code> header.
+        * @return The parsed <code>Accept-Encoding</code> header, or 
<jk>null</jk> if the string was null.
         */
        public static AcceptEncoding forString(String s) {
                if (s == null)
-                       s = "null";
-               AcceptEncoding a = cache.get(s);
-               if (a == null) {
+                       return null;
+
+               // Prevent OOM in case of DDOS
+               if (cache.size() > 1000)
+                       cache.clear();
+
+               while (true) {
+                       AcceptEncoding a = cache.get(s);
+                       if (a != null)
+                               return a;
                        a = new AcceptEncoding(s);
                        if (nocache)
                                return a;
                        cache.putIfAbsent(s, a);
                }
-               return cache.get(s);
        }
 
        private AcceptEncoding(String raw) {

http://git-wip-us.apache.org/repos/asf/incubator-juneau/blob/831a2bd9/juneau-core/src/main/java/org/apache/juneau/http/ContentType.java
----------------------------------------------------------------------
diff --git a/juneau-core/src/main/java/org/apache/juneau/http/ContentType.java 
b/juneau-core/src/main/java/org/apache/juneau/http/ContentType.java
index 7f5570f..fcf48d8 100644
--- a/juneau-core/src/main/java/org/apache/juneau/http/ContentType.java
+++ b/juneau-core/src/main/java/org/apache/juneau/http/ContentType.java
@@ -34,26 +34,32 @@ import java.util.concurrent.*;
  */
 public class ContentType extends MediaType {
 
-       private static final boolean nocache = 
Boolean.getBoolean("juneau.nocache");
+       private static final boolean nocache = 
Boolean.getBoolean("juneau.http.ContentType.nocache");
        private static final ConcurrentHashMap<String,ContentType> cache = new 
ConcurrentHashMap<String,ContentType>();
 
        /**
         * Returns a parsed <code>Content-Type</code> header.
         *
         * @param s The <code>Content-Type</code> header string.
-        * @return The parsed <code>Content-Type</code> header.
+        * @return The parsed <code>Content-Type</code> header, or 
<jk>null</jk> if the string was null.
         */
        public static ContentType forString(String s) {
                if (s == null)
                        return null;
-               ContentType mt = cache.get(s);
-               if (mt == null) {
+
+               // Prevent OOM in case of DDOS
+               if (cache.size() > 1000)
+                       cache.clear();
+
+               while (true) {
+                       ContentType mt = cache.get(s);
+                       if (mt != null)
+                               return mt;
                        mt = new ContentType(s);
                        if (nocache)
                                return mt;
                        cache.putIfAbsent(s, mt);
                }
-               return cache.get(s);
        }
 
        private ContentType(String s) {

incubator-juneau git commit: Prevent possible OOM in case of DDOS.

Reply via email to