Merge pull request #799 from jooby-project/788

MediaType improvement for malware attack against known route. fix  #788

Author: jknack

jooby/src/main/java/org/jooby/Err.java

@@ -39,6 +39,25 @@
 @SuppressWarnings("serial")
 public class Err extends RuntimeException {
 
+  /**
+   * Exception thrown from {@link MediaType#parse(String)} in case of encountering an invalid media
+   * type specification String.
+   *
+   * @author edgar
+   */
+  public static class BadMediaType extends Err {
+
+    /**
+     * Creates a new {@link BadMediaType}.
+     *
+     * @param message
+     */
+    public BadMediaType(final String message) {
+      super(Status.BAD_REQUEST, message);
+    }
+
+  }
+
   /**
    * Missing parameter/header or request attribute.
    *

jooby/src/main/java/org/jooby/MediaType.java

@@ -501,8 +501,9 @@ public final String toString() {
    *
    * @param type A media type to parse.
    * @return An immutable {@link MediaType}.
+   * @throws Err.BadMediaType For bad media types.
    */
-  public static MediaType valueOf(final String type) {
+  public static MediaType valueOf(final String type) throws Err.BadMediaType {
     return parse(type).get(0);
   }
 
@@ -530,12 +531,14 @@ public int hashCode() {
         result.add(all);
       } else {
         String[] typeAndSubtype = parts[0].split("/");
-        checkArgument(typeAndSubtype.length == 2, "Bad media type found '%s' while parsing '%s'",
-            type, value);
+        if (typeAndSubtype.length != 2) {
+          throw new Err.BadMediaType(value);
+        }
         String stype = typeAndSubtype[0].trim();
         String subtype = typeAndSubtype[1].trim();
-        checkArgument(!(stype.equals("*") && !subtype.equals("*")),
-            "Bad media type found '%s' while parsing '%s'", type, value);
+        if ("*".equals(stype) && !"*".equals(subtype)) {
+          throw new Err.BadMediaType(value);
+        }
         Map<String, String> parameters = DEFAULT_PARAMS;
         if (parts.length > 1) {
           parameters = new LinkedHashMap<>(DEFAULT_PARAMS);
@@ -560,8 +563,9 @@ public int hashCode() {
    *
    * @param types Media types to parse.
    * @return An list of immutable {@link MediaType}.
+   * @throws Err.BadMediaType For bad media types.
    */
-  public static List<MediaType> valueOf(final String... types) {
+  public static List<MediaType> valueOf(final String... types) throws Err.BadMediaType {
     requireNonNull(types, "Types are required.");
     List<MediaType> result = new ArrayList<>();
     for (String type : types) {
@@ -575,8 +579,9 @@ public static List<MediaType> valueOf(final String... types) {
    *
    * @param value The string separated by commas.
    * @return One ore more {@link MediaType}.
+   * @throws Err.BadMediaType For bad media types.
    */
-  public static List<MediaType> parse(final String value) {
+  public static List<MediaType> parse(final String value) throws Err.BadMediaType {
     return cache.computeIfAbsent(value, MediaType::parseInternal);
   }
 

jooby/src/test/java/org/jooby/MediaTypeTest.java

@@ -179,17 +179,17 @@ public void eq() {
     assertNotEquals(MediaType.json, new Object());
   }
 
-  @Test(expected = IllegalArgumentException.class)
+  @Test(expected = Err.BadMediaType.class)
   public void badMediaType() {
     MediaType.valueOf("");
   }
 
-  @Test(expected = IllegalArgumentException.class)
+  @Test(expected = Err.BadMediaType.class)
   public void badMediaType2() {
     MediaType.valueOf("application/and/something");
   }
 
-  @Test(expected = IllegalArgumentException.class)
+  @Test(expected = Err.BadMediaType.class)
   public void badMediaType3() {
     MediaType.valueOf("*/json");
   }