fix: replace getQueryString with getParameter to avoid reading request inputstream (#424)

Author: mr3

arex-agent-bootstrap/src/main/java/io/arex/agent/bootstrap/util/StringUtil.java

@@ -143,6 +143,39 @@ public static String substring(String str, int start) {
         return start > str.length() ? EMPTY : str.substring(start);
     }
 
+    public static String substring(final String str, int start, int end) {
+        if (str == null) {
+            return null;
+        }
+
+        // handle negatives
+        if (end < 0) {
+            end = str.length() + end; // remember end is negative
+        }
+        if (start < 0) {
+            start = str.length() + start; // remember start is negative
+        }
+
+        // check length next
+        if (end > str.length()) {
+            end = str.length();
+        }
+
+        // if start is greater than end, return ""
+        if (start > end) {
+            return EMPTY;
+        }
+
+        if (start < 0) {
+            start = 0;
+        }
+        if (end < 0) {
+            end = 0;
+        }
+
+        return str.substring(start, end);
+    }
+
     public static String[] split(final String source, final char separator) {
         return split(source, separator, false);
     }

arex-agent-bootstrap/src/test/java/io/arex/agent/bootstrap/util/StringUtilTest.java

@@ -10,6 +10,9 @@
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.CsvSource;
+import org.junit.jupiter.params.provider.EmptySource;
+import org.junit.jupiter.params.provider.NullSource;
+import org.junit.jupiter.params.provider.ValueSource;
 
 class StringUtilTest {
     @Test
@@ -119,6 +122,19 @@ void substring() {
         assertEquals("abc", actualResult);
     }
 
+    @Test
+    void substring_start_end() {
+        assertNull(StringUtil.substring(null, 0, 0));
+        assertEquals("", StringUtil.substring("", 0 ,  0));
+        assertEquals("ab", StringUtil.substring("abc", 0, 2));
+        assertEquals("", StringUtil.substring("abc", 2, 0));
+        assertEquals("c", StringUtil.substring("abc", 2, 4));
+        assertEquals("", StringUtil.substring("abc", 4, 6));
+        assertEquals("", StringUtil.substring("abc", 2, 2));
+        assertEquals("b", StringUtil.substring("abc", -2, -1));
+        assertEquals("ab", StringUtil.substring("abc", -4, 2));
+    }
+
     @Test
     void split() {
         String[] actualResult = StringUtil.split(null, ',');

arex-instrumentation/servlet/arex-httpservlet/src/main/java/io/arex/inst/httpservlet/ServletAdviceHelper.java

@@ -261,7 +261,7 @@ private static <TRequest> boolean shouldSkip(ServletAdapter<TRequest, ?> adapter
 
     private static <TRequest, TResponse> String getRedirectRecordId(ServletAdapter<TRequest, TResponse> adapter,
         TRequest httpServletRequest) {
-        String redirectRecordId = adapter.getParameter(httpServletRequest, ArexConstants.RECORD_ID);
+        String redirectRecordId = adapter.getParameterFromQueryString(httpServletRequest, ArexConstants.RECORD_ID);
         if (StringUtil.isEmpty(redirectRecordId)) {
             return null;
         }
@@ -273,7 +273,7 @@ private static <TRequest, TResponse> String getRedirectRecordId(ServletAdapter<T
         }
 
         ArexContext context = ContextManager.getContext(redirectRecordId);
-        if (context.isRedirectRequest(referer)) {
+        if (context != null && context.isRedirectRequest(referer)) {
             return redirectRecordId;
         }
 

arex-instrumentation/servlet/arex-httpservlet/src/main/java/io/arex/inst/httpservlet/adapter/ServletAdapter.java

@@ -1,5 +1,6 @@
 package io.arex.inst.httpservlet.adapter;
 
+import io.arex.agent.bootstrap.util.StringUtil;
 import org.springframework.web.context.request.NativeWebRequest;
 
 import javax.annotation.Nullable;
@@ -68,5 +69,22 @@ void addListener(ServletAdapter<HttpServletRequest, HttpServletResponse> adapter
 
     boolean markProcessed(HttpServletRequest httpServletRequest, String mark);
 
-    String getParameter(HttpServletRequest httpServletRequest, String name);
+    String getQueryString(HttpServletRequest httpServletRequest);
+
+    default String getParameterFromQueryString(HttpServletRequest httpServletRequest, String name) {
+        String queryString = getQueryString(httpServletRequest);
+        if (StringUtil.isEmpty(queryString)) {
+            return null;
+        }
+
+        int lastIndex = queryString.lastIndexOf(name);
+        if (lastIndex < 0) {
+            return null;
+        }
+
+        int start = lastIndex + name.length() + 1;
+        int end  = queryString.indexOf("&", start);
+        end = end < 0 ? queryString.length() : end;
+        return StringUtil.substring(queryString, start, end);
+    }
 }

arex-instrumentation/servlet/arex-httpservlet/src/main/java/io/arex/inst/httpservlet/adapter/impl/ServletAdapterImplV3.java

@@ -226,7 +226,7 @@ public boolean markProcessed(HttpServletRequest httpServletRequest, String mark)
     }
 
     @Override
-    public String getParameter(HttpServletRequest servletRequest, String name) {
-        return servletRequest.getParameter(name);
+    public String getQueryString(HttpServletRequest servletRequest) {
+        return servletRequest.getQueryString();
     }
 }

arex-instrumentation/servlet/arex-httpservlet/src/main/java/io/arex/inst/httpservlet/adapter/impl/ServletAdapterImplV5.java

@@ -226,7 +226,7 @@ public boolean markProcessed(HttpServletRequest httpServletRequest, String mark)
     }
 
     @Override
-    public String getParameter(HttpServletRequest httpServletRequest, String name) {
-        return httpServletRequest.getParameter(name);
+    public String getQueryString(HttpServletRequest httpServletRequest) {
+        return httpServletRequest.getQueryString();
     }
 }

arex-instrumentation/servlet/arex-httpservlet/src/test/java/io/arex/inst/httpservlet/ServletAdviceHelperTest.java

@@ -1,6 +1,7 @@
 package io.arex.inst.httpservlet;
 
 import io.arex.agent.bootstrap.internal.Pair;
+import io.arex.agent.bootstrap.util.StringUtil;
 import io.arex.inst.runtime.config.Config;
 import io.arex.inst.runtime.context.ArexContext;
 import io.arex.inst.runtime.context.ContextManager;
@@ -20,6 +21,7 @@
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.mockito.MockedConstruction;
 import org.mockito.Mockito;
 import org.mockito.junit.jupiter.MockitoExtension;
@@ -100,14 +102,14 @@ static Stream<Arguments> onServiceEnterCase() {
             Mockito.when(adapter.getRequestHeader(any(), eq(ArexConstants.RECORD_ID))).thenReturn("mock");
         };
         Runnable getRedirectRecordId1 = () -> {
-            Mockito.when(adapter.getParameter(any(), eq(ArexConstants.RECORD_ID))).thenReturn(null);
+            Mockito.when(adapter.getParameterFromQueryString(any(), eq(ArexConstants.RECORD_ID))).thenReturn(null);
         };
         Runnable getRedirectRecordId2 = () -> {
-            Mockito.when(adapter.getParameter(any(), eq(ArexConstants.RECORD_ID))).thenReturn("mock-redirectRecordId");
+            Mockito.when(adapter.getParameterFromQueryString(any(), eq(ArexConstants.RECORD_ID))).thenReturn("mock-redirectRecordId");
             Mockito.when(adapter.getRequestHeader(any(), eq("referer"))).thenReturn(null);
         };
         Runnable getRedirectRecordId3 = () -> {
-            Mockito.when(adapter.getParameter(any(), eq(ArexConstants.RECORD_ID))).thenReturn("mock-redirectRecordId");
+            Mockito.when(adapter.getParameterFromQueryString(any(), eq(ArexConstants.RECORD_ID))).thenReturn("mock-redirectRecordId");
             Mockito.when(adapter.getRequestHeader(any(), eq("referer"))).thenReturn("mock-referer");
             ArexContext context = ArexContext.of("mock-record-id");
             context.setAttachment(ArexConstants.REDIRECT_REFERER, "mock-referer");

arex-instrumentation/servlet/arex-httpservlet/src/test/java/io/arex/inst/httpservlet/adapter/impl/ServletAdapterImplV3Test.java

@@ -5,6 +5,7 @@
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.when;
 
+import io.arex.agent.bootstrap.util.StringUtil;
 import io.arex.inst.httpservlet.wrapper.CachedBodyRequestWrapperV3;
 import io.arex.inst.httpservlet.wrapper.CachedBodyResponseWrapperV3;
 import java.io.ByteArrayInputStream;
@@ -20,6 +21,8 @@
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.mockito.Mockito;
 import org.springframework.web.context.request.NativeWebRequest;
 
@@ -266,8 +269,21 @@ void markProcessed() {
     }
 
     @Test
-    void getParameter() {
-        when(mockRequest.getParameter(any())).thenReturn("mock-parameter");
-        assertEquals("mock-parameter", instance.getParameter(mockRequest, "arex-parameter"));
+    void getQueryString() {
+        when(mockRequest.getQueryString()).thenReturn("k1=v1&k2=v2");
+        assertEquals("k1=v1&k2=v2", instance.getQueryString(mockRequest));
+    }
+
+    @ParameterizedTest
+    @ValueSource(strings = {
+        "k1=v1&arex-record-id=mock-redirectRecordId&k2=v2",
+        "k1=v1&arex-record-id=mock-redirectRecordId",
+        "arex-record-id=mock-redirectRecordId&k2=v2",
+        "arex-record-id=mock-redirectRecordId"
+    })
+    void getParameterFromQueryString(String queryString) {
+        when(mockRequest.getQueryString()).thenReturn(queryString);
+        String redirectRecordId = instance.getParameterFromQueryString(mockRequest, "arex-record-id");
+        assertEquals("mock-redirectRecordId", redirectRecordId);
     }
 }

arex-instrumentation/servlet/arex-httpservlet/src/test/java/io/arex/inst/httpservlet/adapter/impl/ServletAdapterImplV5Test.java

@@ -268,8 +268,8 @@ void markProcessed() {
     }
 
     @Test
-    void getParameter() {
-        when(mockRequest.getParameter(any())).thenReturn("mock-parameter");
-        assertEquals("mock-parameter", instance.getParameter(mockRequest, "arex-parameter"));
+    void getQueryString() {
+        when(mockRequest.getQueryString()).thenReturn("k1=v1&k2=v2");
+        assertEquals("k1=v1&k2=v2", instance.getQueryString(mockRequest));
     }
 }