Additional unit testing and a new integration test for V1 and V2 of the proxy protocol.

Author: spericas

common/testing/http-junit5/src/main/java/io/helidon/common/testing/http/junit5/SocketHttpClient.java

@@ -453,6 +453,22 @@ public void request(String method, String path, String protocol, String host, It
         }
     }
 
+    /**
+     * Write raw proxy protocol header before a request.
+     *
+     * @param header header to write
+     */
+    public void writeProxyHeader(byte[] header) {
+        try {
+            if (socket == null) {
+                connect();
+            }
+            socket.getOutputStream().write(header);
+        } catch (IOException e) {
+            throw new UncheckedIOException(e);
+        }
+    }
+
     /**
      * Disconnect from server socket.
      */

common/testing/junit5/src/main/java/io/helidon/common/testing/junit5/HexStringDecoder.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2023 Oracle and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.helidon.common.testing.junit5;
+
+public final class HexStringDecoder {
+
+    private HexStringDecoder() {
+    }
+
+    /**
+     * Utility method to decode hex strings. For example, "\0x0D\0x0A\0x0D\0x0A" is decoded
+     * as a 4-byte array with hex values 0D 0A 0D 0A.
+     *
+     * @param s string to decode
+     * @return decoded string as byte array
+     */
+    public static byte[] decodeHexString(String s) {
+        if (s.isEmpty() || s.length() % 4 != 0) {
+            throw new IllegalArgumentException("Invalid hex string");
+        }
+        byte[] bytes = new byte[s.length() / 4];
+        for (int i = 0, j = 0; i < s.length(); i += 4) {
+            char c1 = s.charAt(i + 2);
+            byte b1 = (byte) (Character.isDigit(c1) ? c1 - '0' : c1 - 'A' + 10);
+            char c2 = s.charAt(i + 3);
+            byte b2 = (byte) (Character.isDigit(c2) ? c2 - '0' : c2 - 'A' + 10);
+            bytes[j++] = (byte) (((b1 << 4) & 0xF0) | (b2 & 0x0F));
+        }
+        return bytes;
+    }
+}

webserver/tests/webserver/src/test/java/io/helidon/webserver/tests/ProxyProtocolTest.java

@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2023 Oracle and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.helidon.webserver.tests;
+
+import io.helidon.common.testing.http.junit5.SocketHttpClient;
+import io.helidon.http.Method;
+import io.helidon.http.Status;
+import io.helidon.webserver.ProxyProtocolData;
+import io.helidon.webserver.WebServerConfig;
+import io.helidon.webserver.http.HttpRules;
+import io.helidon.webserver.testing.junit5.ServerTest;
+import io.helidon.webserver.testing.junit5.SetUpRoute;
+import io.helidon.webserver.testing.junit5.SetUpServer;
+import org.junit.jupiter.api.Test;
+
+import static java.nio.charset.StandardCharsets.US_ASCII;
+import static org.hamcrest.CoreMatchers.startsWith;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static io.helidon.common.testing.junit5.HexStringDecoder.decodeHexString;
+
+@ServerTest
+class ProxyProtocolTest {
+
+    static final String V2_PREFIX = "\0x0D\0x0A\0x0D\0x0A\0x00\0x0D\0x0A\0x51\0x55\0x49\0x54\0x0A";
+
+    private final SocketHttpClient socketHttpClient;
+
+    ProxyProtocolTest(SocketHttpClient socketHttpClient) {
+        this.socketHttpClient = socketHttpClient;
+    }
+
+    @SetUpServer
+    static void setupServer(WebServerConfig.Builder builder) {
+        builder.enableProxyProtocol(true);
+    }
+
+    @SetUpRoute
+    static void routing(HttpRules routing) {
+        routing.get("/", (req, res) -> {
+            ProxyProtocolData data = req.proxyProtocolData().orElse(null);
+            if (data != null
+                    && data.family() == ProxyProtocolData.Family.IPv4
+                    && data.protocol() == ProxyProtocolData.Protocol.TCP
+                    && data.sourceAddress().equals("192.168.0.1")
+                    && data.destAddress().equals("192.168.0.11")
+                    && data.sourcePort() == 56324
+                    && data.destPort() == 443) {
+                res.status(Status.OK_200).send();
+                return;
+            }
+            res.status(Status.INTERNAL_SERVER_ERROR_500).send();
+        });
+    }
+
+    /**
+     * V1 encoding in this test was manually verified with Wireshark.
+     */
+    @Test
+    void testProxyProtocolV1IPv4() {
+        socketHttpClient.writeProxyHeader("PROXY TCP4 192.168.0.1 192.168.0.11 56324 443\r\n".getBytes(US_ASCII));
+        String s = socketHttpClient.sendAndReceive(Method.GET, "");
+        assertThat(s, startsWith("HTTP/1.1 200 OK"));
+    }
+
+    /**
+     * V2 encoding in this test was manually verified with Wireshark.
+     */
+    @Test
+    void testProxyProtocolV2IPv4() {
+        String header = V2_PREFIX
+                + "\0x20\0x11\0x00\0x0C"    // version, family/protocol, length
+                + "\0xC0\0xA8\0x00\0x01"    // 192.168.0.1
+                + "\0xC0\0xA8\0x00\0x0B"    // 192.168.0.11
+                + "\0xDC\0x04"              // 56324
+                + "\0x01\0xBB";             // 443
+        socketHttpClient.writeProxyHeader(decodeHexString(header));
+        String s = socketHttpClient.sendAndReceive(Method.GET, "");
+        assertThat(s, startsWith("HTTP/1.1 200 OK"));
+    }
+}

webserver/webserver/src/main/java/io/helidon/webserver/ProxyProtocolHandler.java

@@ -35,6 +35,7 @@ class ProxyProtocolHandler implements Supplier<ProxyProtocolData> {
     private static final System.Logger LOGGER = System.getLogger(ProxyProtocolHandler.class.getName());
 
     private static final int MAX_V1_FIELD_LENGTH = 40;
+    private static final int MAX_TLV_BYTES_TO_SKIP = 128 * 4;        // 128 entries
 
     static final byte[] V1_PREFIX = {
             (byte) 'P',
@@ -239,7 +240,10 @@ static ProxyProtocolData handleV2Protocol(PushbackInputStream inputStream) throw
             }
         }
 
-        // skip any TLV vectors
+        // skip any TLV vectors up to our max for security reasons
+        if (headerLength > MAX_TLV_BYTES_TO_SKIP) {
+            throw BAD_PROTOCOL_EXCEPTION;
+        }
         while (headerLength > 0) {
             headerLength -= (int) inputStream.skip(headerLength);
         }

webserver/webserver/src/test/java/io/helidon/webserver/ProxyProtocolHandlerTest.java

@@ -27,6 +27,7 @@
 import static org.hamcrest.CoreMatchers.nullValue;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.junit.jupiter.api.Assertions.assertThrows;
+import static io.helidon.common.testing.junit5.HexStringDecoder.decodeHexString;
 
 class ProxyProtocolHandlerTest {
 
@@ -116,17 +117,63 @@ void basicV2TestIPv6() throws IOException {
         assertThat(data.destPort(), is(443));
     }
 
-    private static byte[] decodeHexString(String s) {
-        assert !s.isEmpty() && s.length() % 4 == 0;
+    @Test
+    void unknownV2Test() throws IOException {
+        String header = V2_PREFIX_2
+                + "\0x20\0x00\0x00\0x40"    // version, family/protocol, length=64
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD"
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD"
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD"
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD"
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD"
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD"
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD"
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD";
+        ProxyProtocolData data = ProxyProtocolHandler.handleV2Protocol(new PushbackInputStream(
+                new ByteArrayInputStream(decodeHexString(header))));
+        assertThat(data.family(), is(ProxyProtocolData.Family.UNKNOWN));
+        assertThat(data.protocol(), is(ProxyProtocolData.Protocol.UNKNOWN));
+        assertThat(data.sourceAddress(), nullValue());
+        assertThat(data.destAddress(), nullValue());
+        assertThat(data.sourcePort(), is(-1));
+        assertThat(data.destPort(), is(-1));
+    }
 
-        byte[] bytes = new byte[s.length() / 4];
-        for (int i = 0, j = 0; i < s.length(); i += 4) {
-            char c1 = s.charAt(i + 2);
-            byte b1 = (byte) (Character.isDigit(c1) ? c1 - '0' : c1 - 'A' + 10);
-            char c2 = s.charAt(i + 3);
-            byte b2 = (byte) (Character.isDigit(c2) ? c2 - '0' : c2 - 'A' + 10);
-            bytes[j++] = (byte) (((b1 << 4) & 0xF0) | (b2 & 0x0F));
-        }
-        return bytes;
+    @Test
+    void badV2Test() {
+        String header1 = V2_PREFIX_2
+                + "\0x20\0x21\0x00\0x0C"
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD"
+                + "\0xAA\0xAA\0xBB\0xBB"    // bad source
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD"
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD"
+                + "\0xDC\0x04"
+                + "\0x01\0xBB";
+        assertThrows(RequestException.class, () ->
+                ProxyProtocolHandler.handleV2Protocol(new PushbackInputStream(
+                        new ByteArrayInputStream(decodeHexString(header1)))));
+
+        String header2 = V2_PREFIX_2
+                + "\0x20\0x21\0x0F\0xFF"    // bad length, over our limit
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD"
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD"
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD"
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD"
+                + "\0xDC\0x04"
+                + "\0x01\0xBB";
+        assertThrows(RequestException.class, () ->
+                ProxyProtocolHandler.handleV2Protocol(new PushbackInputStream(
+                        new ByteArrayInputStream(decodeHexString(header2)))));
+
+        String header3 = V2_PREFIX_2
+                + "\0x20\0x21\0x00\0x0C"
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD"
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD"
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD"
+                + "\0xAA\0xAA\0xBB\0xBB\0xCC\0xCC\0xDD\0xDD"
+                + "\0xDC\0x04";             // missing dest port
+        assertThrows(RequestException.class, () ->
+                ProxyProtocolHandler.handleV2Protocol(new PushbackInputStream(
+                        new ByteArrayInputStream(decodeHexString(header3)))));
     }
 }