Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

try to fix Issue 3080 #3406

Open
wants to merge 4 commits into
base: trunk
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion retrofit/src/main/java/retrofit2/RequestBuilder.java
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,16 @@ Request.Builder get() {
} else {
// No query parameters triggered builder creation, just combine the relative URL and base URL.
//noinspection ConstantConditions Non-null if urlBuilder is null.
url = baseUrl.resolve(relativeUrl);
StringBuilder relativeUrlBuilder = new StringBuilder(relativeUrl);
if (relativeUrl.length() > 0) {
if (relativeUrlBuilder.charAt(0) != '/') {
if (!relativeUrl.contains("://")) {
relativeUrlBuilder.insert(0, '/');
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This alters the URL to be absolute which breaks those whose base URLs have path segments.

}
}
}

url = baseUrl.resolve(relativeUrlBuilder.toString());
if (url == null) {
throw new IllegalArgumentException(
"Malformed URL. Base: " + baseUrl + ", Relative: " + relativeUrl);
Expand Down
28 changes: 21 additions & 7 deletions retrofit/src/main/java/retrofit2/RequestFactory.java
Original file line number Diff line number Diff line change
Expand Up @@ -438,16 +438,30 @@ private ParameterHandler<?> parseParameterAnnotation(
}
ParameterizedType parameterizedType = (ParameterizedType) type;
Type iterableType = Utils.getParameterUpperBound(0, parameterizedType);
Converter<?, String> converter = retrofit.stringConverter(iterableType, annotations);
return new ParameterHandler.Query<>(name, converter, encoded).iterable();
try {
Converter<?, String> converter = retrofit.stringConverter(iterableType, annotations);
return new ParameterHandler.Query<>(name, converter, encoded).iterable();
} catch (RuntimeException e) {
// Wide exception range because factories are user code.
throw parameterError(method, e, p, "Unable to create @Query converter for %s", type);
}
} else if (rawParameterType.isArray()) {
Class<?> arrayComponentType = boxIfPrimitive(rawParameterType.getComponentType());
Converter<?, String> converter =
retrofit.stringConverter(arrayComponentType, annotations);
return new ParameterHandler.Query<>(name, converter, encoded).array();
try {
Converter<?, String> converter =
retrofit.stringConverter(arrayComponentType, annotations);
return new ParameterHandler.Query<>(name, converter, encoded).array();
} catch (RuntimeException e) {
throw parameterError(method, e, p, "Unable to create @Query converter for %s", type);
}
} else {
Converter<?, String> converter = retrofit.stringConverter(type, annotations);
return new ParameterHandler.Query<>(name, converter, encoded);
try {
Converter<?, String> converter = retrofit.stringConverter(type, annotations);
return new ParameterHandler.Query<>(name, converter, encoded);
} catch (RuntimeException e) {
// Wide exception range because factories are user code.
throw parameterError(method, e, p, "Unable to create @Query converter for %s", type);
}
}

} else if (annotation instanceof QueryName) {
Expand Down
26 changes: 23 additions & 3 deletions retrofit/src/main/java/retrofit2/Retrofit.java
Original file line number Diff line number Diff line change
Expand Up @@ -387,19 +387,39 @@ public <T> Converter<ResponseBody, T> nextResponseBodyConverter(
/**
* Returns a {@link Converter} for {@code type} to {@link String} from the available {@linkplain
* #converterFactories() factories}.
*
* @throws IllegalArgumentException if no converter available for {@code type}.
*/
public <T> Converter<T, String> stringConverter(Type type, Annotation[] annotations) {
Objects.requireNonNull(type, "type == null");
Objects.requireNonNull(annotations, "annotations == null");

for (int i = 0, count = converterFactories.size(); i < count; i++) {
Converter<?, String> converter =
converterFactories.get(i).stringConverter(type, annotations, this);
int start = 0;
int n = 0;
for (Converter.Factory converterFactory : converterFactories) {
n++;
Converter<?, String> converter = converterFactory.stringConverter(type, annotations, this);
if (converter != null) {
//noinspection unchecked
return (Converter<T, String>) converter;
}
}
for (Annotation annotation : annotations) {
if (annotation.annotationType().getSimpleName().equals("Query")) {
if (type == String.class || n >= 3) {
// Nothing matched. Resort to default converter which just calls toString().
//noinspection unchecked
return (Converter<T, String>) BuiltInConverters.ToStringConverter.INSTANCE;
}
StringBuilder builder =
new StringBuilder("Could not locate String converter for ").append(type).append(".\n");
builder.append(" Tried:");
for (int i = start, count = converterFactories.size(); i < count; i++) {
builder.append("\n * ").append(converterFactories.get(i).getClass().getName());
}
throw new IllegalArgumentException(builder.toString());
}
}

// Nothing matched. Resort to default converter which just calls toString().
//noinspection unchecked
Expand Down
56 changes: 56 additions & 0 deletions retrofit/src/test/java/retrofit2/MalformedUrlTest.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
package retrofit2;

import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;

import okhttp3.ResponseBody;
import okhttp3.mockwebserver.MockResponse;
import okhttp3.mockwebserver.MockWebServer;
import org.junit.Rule;
import org.junit.Test;
import retrofit2.http.GET;
import retrofit2.http.PUT;
import retrofit2.http.Path;

public class MalformedUrlTest {
@Rule public final MockWebServer server = new MockWebServer();

interface Service {
@PUT("user:email={email}/login")
Call<ResponseBody> login(@Path(value = "email") String email);

@GET("./{email}")
Call<ResponseBody> loginRelative(@Path("email") String email);
}

@Test
public void malformedUrlTest() throws Exception {
Retrofit retrofit = new Retrofit.Builder().baseUrl(server.url("/")).build();
Service example = retrofit.create(Service.class);

server.enqueue(new MockResponse().addHeader("Content-Type", "text/plain").setBody("Success"));

Call<ResponseBody> callLogin = example.login("username");
Response<ResponseBody> responseLogin = callLogin.execute();
assertEquals("Success", responseLogin.body().string());
}

@Test
public void relativePathTest() throws Exception {
Retrofit retrofit = new Retrofit.Builder().baseUrl(server.url("/")).build();
Service example = retrofit.create(Service.class);

server.enqueue(new MockResponse().addHeader("Content-Type", "text/plain").setBody("Success"));

Call<ResponseBody> callLoginRel = example.loginRelative("username");
try {
Response<ResponseBody> responseLoginRel = callLoginRel.execute();
assertEquals("Success", responseLoginRel.body().string());
fail();
} catch (IllegalArgumentException e) {
assertThat(e)
.hasMessage("@Path parameters shouldn't perform path traversal ('.' or '..'): username");
}
}
}
103 changes: 103 additions & 0 deletions retrofit/src/test/java/retrofit2/StringConverterTest.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
/*
* Copyright (C) 2013 Square, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package retrofit2;

import static java.lang.annotation.ElementType.METHOD;
import static java.lang.annotation.ElementType.PARAMETER;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
import static junit.framework.TestCase.assertTrue;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.core.StringContains.containsString;

import java.lang.annotation.Annotation;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import java.lang.reflect.Type;
import java.util.concurrent.atomic.AtomicReference;
import okhttp3.ResponseBody;
import okhttp3.mockwebserver.MockWebServer;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import retrofit2.http.GET;
import retrofit2.http.Query;

public final class StringConverterTest {

@Rule public final MockWebServer server = new MockWebServer();

@Rule public ExpectedException exception = ExpectedException.none();

interface Annotated {

@GET("/")
Call<ResponseBody> queryString(@Query("word") String word);

@GET("/")
Call<ResponseBody> queryObject(@Foo @Query("foo") Object foo);

@Target({PARAMETER, METHOD})
@Retention(RUNTIME)
@interface Foo {}
}

@Test
public void queryObjectWithStringConverter() {
final AtomicReference<Annotation[]> annotationsRef = new AtomicReference<>();
class MyConverterFactory extends Converter.Factory {
@Override
public Converter<?, String> stringConverter(
Type type, Annotation[] annotations, Retrofit retrofit) {
annotationsRef.set(annotations);

return (Converter<Object, String>) String::valueOf;
}
}
Retrofit retrofit =
new Retrofit.Builder()
.baseUrl(server.url("/"))
.addConverterFactory(new MyConverterFactory())
.build();
Annotated annotated = retrofit.create(Annotated.class);
annotated.queryObject(null); // Trigger internal setup.

Annotation[] annotations = annotationsRef.get();
assertThat(annotations).hasAtLeastOneElementOfType(Annotated.Foo.class);
}

@Test
public void queryObjectWithoutStringConverter() {
exception.expect(IllegalArgumentException.class);
exception.expectMessage(
containsString(
"Unable to create @Query converter for class java.lang.Object (parameter #1)"));
Retrofit retrofit = new Retrofit.Builder().baseUrl(server.url("/")).build();
Annotated annotated = retrofit.create(Annotated.class);
annotated.queryObject(null); // Trigger internal setup.
}

@Test
public void queryStringWithoutStringConverter() {
Retrofit retrofit = new Retrofit.Builder().baseUrl(server.url("/")).build();
Annotated annotated = retrofit.create(Annotated.class);
try {
annotated.queryString(null); // Trigger internal setup.
assertTrue(true);
} catch (Exception e) {
assertTrue(false);
}
}
}