Changes to address query string encoding/reading from issues #146, #154, and #156

Author: sapessi

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequest.java

@@ -290,17 +290,25 @@ protected Cookie[] parseCookieHeaderValue(String headerValue) {
      * @param parameters A Map<String, String> of query string parameters
      * @return The generated query string for the URI
      */
-    protected String generateQueryString(Map<String, String> parameters) {
+    protected String generateQueryString(EncodingQueryStringParameterMap parameters) {
         if (parameters == null || parameters.size() == 0) {
             return null;
         }
         if (queryString != null) {
             return queryString;
         }
 
-        queryString =  parameters.keySet().stream()
-                .map(key -> key + "=" + parameters.get(key))
-                .collect(Collectors.joining("&"));
+        StringBuilder queryStringBuilder = new StringBuilder();
+
+        parameters.keySet().stream().forEach(k -> parameters.get(k).stream().forEach(v -> {
+            queryStringBuilder.append("&");
+            queryStringBuilder.append(k);
+            queryStringBuilder.append("=");
+            queryStringBuilder.append(v);
+        }));
+
+        queryString = queryStringBuilder.toString();
+        queryString = queryString.substring(1); // remove the first & - faster to do it here than adding logic in the Lambda
         return queryString;
     }
 

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsProxyHttpServletRequest.java

@@ -86,6 +86,7 @@ public class AwsProxyHttpServletRequest extends AwsHttpServletRequest {
     private SecurityContext securityContext;
     private Map<String, List<String>> urlEncodedFormParameters;
     private Map<String, Part> multipartFormParameters;
+    private EncodingQueryStringParameterMap queryStringParameters;
     private static Logger log = LoggerFactory.getLogger(AwsProxyHttpServletRequest.class);
     private ContainerConfig config;
 
@@ -104,6 +105,9 @@ public AwsProxyHttpServletRequest(AwsProxyRequest awsProxyRequest, Context lambd
         this.request = awsProxyRequest;
         this.securityContext = awsSecurityContext;
         this.config = config;
+
+        this.queryStringParameters = new EncodingQueryStringParameterMap(config.isQueryStringCaseSensitive(), config.getUriEncoding());
+        this.queryStringParameters.putAllMapEncoding(request.getQueryStringParameters());
     }
 
 
@@ -222,7 +226,7 @@ public String getContextPath() {
 
     @Override
     public String getQueryString() {
-        return this.generateQueryString(request.getQueryStringParameters());
+        return this.generateQueryString(queryStringParameters);
     }
 
 
@@ -419,7 +423,11 @@ public ServletInputStream getInputStream()
 
     @Override
     public String getParameter(String s) {
-        String queryStringParameter = getQueryStringParameterCaseInsensitive(s);
+        String paramKey = s;
+        if (config.isQueryStringCaseSensitive()) {
+            paramKey = paramKey.toLowerCase(Locale.getDefault());
+        }
+        String queryStringParameter = queryStringParameters.getFirst(paramKey);
         if (queryStringParameter != null) {
             return queryStringParameter;
         }
@@ -436,33 +444,31 @@ public String getParameter(String s) {
     @Override
     public Enumeration<String> getParameterNames() {
         List<String> paramNames = new ArrayList<>();
-        if (request.getQueryStringParameters() != null) {
-            paramNames.addAll(request.getQueryStringParameters().keySet());
-        }
+        paramNames.addAll(queryStringParameters.keySet());
         paramNames.addAll(getFormUrlEncodedParametersMap().keySet());
         return Collections.enumeration(paramNames);
     }
 
 
     @Override
+    @SuppressFBWarnings("PZLA_PREFER_ZERO_LENGTH_ARRAYS") // suppressing this as according to the specs we should be returning null here if we can't find params
     public String[] getParameterValues(String s) {
-        List<String> values = new ArrayList<>();
-        String queryStringValue = getQueryStringParameterCaseInsensitive(s);
-        if (queryStringValue != null) {
-            values.add(queryStringValue);
+        String paramKey = s;
+        if (config.isQueryStringCaseSensitive()) {
+            paramKey = paramKey.toLowerCase(Locale.getDefault());
         }
+        List<String> values = new ArrayList<>();
+        values.addAll(queryStringParameters.get(paramKey));
 
         String[] formBodyValues = getFormBodyParameterCaseInsensitive(s);
         if (formBodyValues != null) {
             values.addAll(Arrays.asList(formBodyValues));
         }
 
         if (values.size() == 0) {
-            return new String[0];
+            return null;
         } else {
-            String[] valuesArray = new String[values.size()];
-            valuesArray = values.toArray(valuesArray);
-            return valuesArray;
+            return values.toArray(new String[0]);
         }
     }
 
@@ -472,24 +478,14 @@ public Map<String, String[]> getParameterMap() {
         Map<String, String[]> output = new HashMap<>();
 
         Map<String, List<String>> params = getFormUrlEncodedParametersMap();
+        params.entrySet().stream().parallel().forEach(e -> {
+            output.put(e.getKey(), e.getValue().toArray(new String[0]));
+        });
 
-        if (request.getQueryStringParameters() != null) {
-            for (Map.Entry<String, String> entry : request.getQueryStringParameters().entrySet()) {
-                if (params.containsKey(entry.getKey()) && !params.get(entry.getKey()).contains(entry.getValue())) {
-                    params.get(entry.getKey()).add(entry.getValue());
-                } else {
-                    List<String> valueList = new ArrayList<>();
-                    valueList.add(entry.getValue());
-                    params.put(entry.getKey(), valueList);
-                }
-            }
-        }
+        queryStringParameters.keySet().stream().parallel().forEach(e -> {
+            output.put(e, queryStringParameters.get(e).toArray(new String[0]));
+        });
 
-        for (Map.Entry<String, List<String>> entry : params.entrySet()) {
-            String[] valuesArray = new String[entry.getValue().size()];
-            valuesArray = entry.getValue().toArray(valuesArray);
-            output.put(entry.getKey(), valuesArray);
-        }
         return output;
     }
 
@@ -631,6 +627,14 @@ public AsyncContext startAsync(ServletRequest servletRequest, ServletResponse se
         return null;
     }
 
+    //-------------------------------------------------------------
+    // Methods - Protected
+    //-------------------------------------------------------------
+
+    protected EncodingQueryStringParameterMap getQueryParametersMap() {
+        return queryStringParameters;
+    }
+
     //-------------------------------------------------------------
     // Methods - Private
     //-------------------------------------------------------------
@@ -656,21 +660,6 @@ private String getHeaderCaseInsensitive(String key) {
         return null;
     }
 
-
-    private String getQueryStringParameterCaseInsensitive(String key) {
-        if (request.getQueryStringParameters() == null) {
-            return null;
-        }
-
-        for (String requestParamKey : request.getQueryStringParameters().keySet()) {
-            if (key.toLowerCase(Locale.ENGLISH).equals(requestParamKey.toLowerCase(Locale.ENGLISH))) {
-                return request.getQueryStringParameters().get(requestParamKey);
-            }
-        }
-        return null;
-    }
-
-
     private String[] getFormBodyParameterCaseInsensitive(String key) {
         List<String> values = getFormUrlEncodedParametersMap().get(key);
         if (values != null) {

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/EncodingQueryStringParameterMap.java

@@ -0,0 +1,89 @@
+package com.amazonaws.serverless.proxy.internal.servlet;
+
+
+import com.amazonaws.serverless.proxy.internal.SecurityUtils;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.ws.rs.core.MultivaluedHashMap;
+
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+
+
+/**
+ * query string parameters container. The main purpose of this object is to apply the required transformation to query
+ * string parameters coming from API Gateway. Specifically, parameters names and values need to be un-escaped and url-encoded
+ * again.
+ */
+public class EncodingQueryStringParameterMap extends MultivaluedHashMap<String, String> {
+
+    private boolean isCaseSensitive;
+    private String encoding;
+    private static Logger log = LoggerFactory.getLogger(EncodingQueryStringParameterMap.class);
+
+    private static final long serialVersionUID = 42L;
+
+    /**
+     * Creates a new instance of the parameters map. This allows the configuration to specify whether query string parameter
+     * names should be case sensitive or not.
+     * @param caseSensitive Whether parameters should be case sensitive. If the value is <code>true</code>, parameters names
+     *  are automatically trnasformed to lower case as they are added to the map.
+     */
+    public EncodingQueryStringParameterMap(final boolean caseSensitive, final String enc) {
+        isCaseSensitive = caseSensitive;
+        encoding = enc;
+    }
+
+    public void putAllMapEncoding(final Map<String, String> parametersMap) {
+        if (parametersMap == null) {
+            return;
+        }
+        parametersMap.entrySet().stream().forEach(e -> {
+            String key = e.getKey();
+            if (!isCaseSensitive) {
+                key = key.toLowerCase(Locale.getDefault());
+            }
+            key = unescapeAndEncode(key);
+
+            String value = unescapeAndEncode(e.getValue());
+            putSingle(key, value);
+        });
+    }
+
+    public void putAllMultiValuedMapEncoding(final MultivaluedHashMap<String, String> parametersMap) {
+        if (parametersMap == null) {
+            return;
+        }
+        parametersMap.entrySet().stream().forEach(e -> {
+            String key = e.getKey();
+            if (!isCaseSensitive) {
+                key = key.toLowerCase(Locale.getDefault());
+            }
+            key = unescapeAndEncode(key);
+
+            List newValueList = new ArrayList();
+            // we don't expect the values to be many so we don't parallel()
+            e.getValue().stream().forEach(v -> {
+                newValueList.add(unescapeAndEncode(v));
+            });
+
+            put(key, newValueList);
+        });
+    }
+
+    private String unescapeAndEncode(final String value) {
+        try {
+            return URLEncoder.encode(value, encoding);
+        } catch (UnsupportedEncodingException e) {
+            log.error("Could not url encode parameter value: " + SecurityUtils.crlf(value), e);
+        }
+
+        return null;
+    }
+}

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/testutils/AwsProxyRequestBuilder.java

@@ -147,6 +147,11 @@ public AwsProxyRequestBuilder body(String body) {
         return this;
     }
 
+    public AwsProxyRequestBuilder nullBody() {
+        this.request.setBody(null);
+        return this;
+    }
+
     public AwsProxyRequestBuilder body(Object body) {
         if (request.getHeaders() != null && request.getHeaders().get(HttpHeaders.CONTENT_TYPE).equals(MediaType.APPLICATION_JSON)) {
             try {

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/model/ContainerConfig.java

@@ -21,6 +21,7 @@ public static ContainerConfig defaultConfig() {
         configuration.setConsolidateSetCookieHeaders(true);
         configuration.setUseStageAsServletContext(false);
         configuration.setValidFilePaths(DEFAULT_FILE_PATHS);
+        configuration.setQueryStringCaseSensitive(false);
 
         return configuration;
     }
@@ -36,6 +37,7 @@ public static ContainerConfig defaultConfig() {
     private boolean useStageAsServletContext;
     private List<String> validFilePaths;
     private List<String> customDomainNames;
+    private boolean queryStringCaseSensitive;
 
     public ContainerConfig() {
         validFilePaths = new ArrayList<>();
@@ -197,4 +199,24 @@ public List<String> getCustomDomainNames() {
     public void enableLocalhost() {
         customDomainNames.add("localhost");
     }
+
+
+    /**
+     * Whether query string parameters in the request should be case sensitive or not. By default
+     * this is set to <code>false</code> for backward compatibility.
+     * @return <code>true</code> if the parameter matching algorithm is case sensitive
+     */
+    public boolean isQueryStringCaseSensitive() {
+        return queryStringCaseSensitive;
+    }
+
+
+    /**
+     * Sets whether query string parameter names should be treated as case sensitive. The default
+     * value of this option is <code>false</code> for backward compatibility.
+     * @param queryStringCaseSensitive Tells the framework to treat query string parmaeter names as case sensitive
+     */
+    public void setQueryStringCaseSensitive(boolean queryStringCaseSensitive) {
+        this.queryStringCaseSensitive = queryStringCaseSensitive;
+    }
 }

aws-serverless-java-container-core/src/test/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequestTest.java

@@ -27,6 +27,8 @@ public class AwsHttpServletRequestTest {
             .header(HttpHeaders.ACCEPT, "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8").build();
     private static final AwsProxyRequest queryString = new AwsProxyRequestBuilder("/test", "GET")
             .queryString("one", "two").queryString("three", "four").build();
+    private static final AwsProxyRequest encodedQueryString = new AwsProxyRequestBuilder("/test", "GET")
+            .queryString("one", "two").queryString("json", "{\"name\":\"faisal\"}").build();
 
     private static final MockLambdaContext mockContext = new MockLambdaContext();
 
@@ -72,12 +74,23 @@ public void headers_parseHeaderValue_complexAccept() {
     }
 
     @Test
-    public void queyrString_generateQueryString_validQuery() {
+    public void queryString_generateQueryString_validQuery() {
         AwsProxyHttpServletRequest request = new AwsProxyHttpServletRequest(queryString, mockContext, null, config);
 
-        String parsedString = request.generateQueryString(queryString.getQueryStringParameters());
-        assertEquals("one=two&three=four", parsedString);
+        String parsedString = request.generateQueryString(request.getQueryParametersMap());
+        System.out.println(parsedString);
+        assertTrue(parsedString.contains("one=two"));
+        assertTrue(parsedString.contains("three=four"));
+        assertTrue(parsedString.contains("&") && parsedString.indexOf("&") > 0 && parsedString.indexOf("&") < parsedString.length());
+    }
+
+    @Test
+    public void queryStringWithEncodedParams_generateQueryString_validQuery() {
+        AwsProxyHttpServletRequest request = new AwsProxyHttpServletRequest(encodedQueryString, mockContext, null, config);
 
-        // TODO test url encoding, wrong parameters
+        String parsedString = request.generateQueryString(request.getQueryParametersMap());
+        assertTrue(parsedString.contains("one=two"));
+        assertTrue(parsedString.contains("json=%7B%22name%22%3A%22faisal%22%7D"));
+        assertTrue(parsedString.contains("&") && parsedString.indexOf("&") > 0 && parsedString.indexOf("&") < parsedString.length());
     }
 }

aws-serverless-java-container-jersey/src/main/java/com/amazonaws/serverless/proxy/jersey/JerseyHandlerFilter.java

@@ -1,10 +1,8 @@
 package com.amazonaws.serverless.proxy.jersey;
 
 
-import com.amazonaws.serverless.proxy.internal.servlet.AwsProxyHttpServletRequest;
 import com.amazonaws.serverless.proxy.internal.testutils.Timer;
 import com.amazonaws.serverless.proxy.jersey.suppliers.AwsProxyServletRequestSupplier;
-import com.amazonaws.serverless.proxy.model.ApiGatewayRequestContext;
 
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import org.glassfish.jersey.internal.MapPropertiesDelegate;
@@ -59,7 +57,7 @@ public class JerseyHandlerFilter implements Filter, Container {
 
     /**
      * Constructs a new handler filter with a Jax RS application object.
-     * @param jaxApplication
+     * @param jaxApplication The JAX RS application to load
      */
     JerseyHandlerFilter(Application jaxApplication) {
         Timer.start("JERSEY_FILTER_CONSTRUCTOR");
@@ -138,7 +136,7 @@ private ContainerRequest servletRequestToContainerRequest(ServletRequest request
 
         ContainerRequest requestContext = new ContainerRequest(
                 null, // jersey uses "/" by default
-                uriBuilder.build(),
+                uriBuilder.build(), //requestUri,
                 servletRequest.getMethod().toUpperCase(Locale.ENGLISH),
                 (SecurityContext)servletRequest.getAttribute(JAX_SECURITY_CONTEXT_PROPERTY),
                 apiGatewayProperties);
@@ -161,6 +159,7 @@ private ContainerRequest servletRequestToContainerRequest(ServletRequest request
             //requestContext.header(headerKey, servletRequest.getHeader(headerKey));
             requestContext.getHeaders().add(headerKey, servletRequest.getHeader(headerKey));
         }
+
         Timer.stop("JERSEY_SERVLET_REQUEST_TO_CONTAINER");
         return requestContext;
     }