TraceableHttpServletRequest fails to create URI instance when query string contains special characters

When you open urls like `http://localhost:8080/script?a=${b}` in browser, the exception is thrown in `return URI.create(urlBuffer.toString());` line at:

```
	@Override
	public URI getUri() {
		StringBuffer urlBuffer = this.request.getRequestURL();
		if (StringUtils.hasText(this.request.getQueryString())) {
			urlBuffer.append("?");
			urlBuffer.append(this.request.getQueryString());
		}
		return URI.create(urlBuffer.toString());
	}
```

https://github.com/spring-projects/spring-boot/blob/master/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/web/trace/servlet/TraceableHttpServletRequest.java#L56

As a workaround I disabled tracing via `management.trace.http.enabled=false` but it would be nice, if the issue is fixed.

full stacktrace:

```
java.lang.IllegalArgumentException: Illegal character in query at index 32: http://localhost:8080/script?a=${b}
	at java.net.URI.create(URI.java:852) ~[na:1.8.0_172]
	at org.springframework.boot.actuate.web.trace.servlet.TraceableHttpServletRequest.getUri(TraceableHttpServletRequest.java:56) ~[spring-boot-actuator-2.0.2.RELEASE.jar:2.0.2.RELEASE]
	at org.springframework.boot.actuate.trace.http.HttpExchangeTracer$FilteredTraceableRequest.getUri(HttpExchangeTracer.java:130) ~[spring-boot-actuator-2.0.2.RELEASE.jar:2.0.2.RELEASE]
	at org.springframework.boot.actuate.trace.http.HttpTrace$Request.<init>(HttpTrace.java:111) ~[spring-boot-actuator-2.0.2.RELEASE.jar:2.0.2.RELEASE]
	at org.springframework.boot.actuate.trace.http.HttpTrace$Request.<init>(HttpTrace.java:99) ~[spring-boot-actuator-2.0.2.RELEASE.jar:2.0.2.RELEASE]
	at org.springframework.boot.actuate.trace.http.HttpTrace.<init>(HttpTrace.java:49) ~[spring-boot-actuator-2.0.2.RELEASE.jar:2.0.2.RELEASE]
	at org.springframework.boot.actuate.trace.http.HttpExchangeTracer.receivedRequest(HttpExchangeTracer.java:58) ~[spring-boot-actuator-2.0.2.RELEASE.jar:2.0.2.RELEASE]
	at org.springframework.boot.actuate.web.trace.servlet.HttpTraceFilter.doFilterInternal(HttpTraceFilter.java:81) ~[spring-boot-actuator-2.0.2.RELEASE.jar:2.0.2.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) ~[jetty-servlet-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) ~[jetty-servlet-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) ~[spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) ~[jetty-servlet-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) ~[spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) ~[jetty-servlet-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) ~[spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) ~[jetty-servlet-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) ~[jetty-servlet-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) ~[jetty-server-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) ~[jetty-security-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) ~[jetty-server-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) ~[jetty-server-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) ~[jetty-server-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) ~[jetty-server-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) ~[jetty-server-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) ~[jetty-server-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) ~[jetty-servlet-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) ~[jetty-server-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) ~[jetty-server-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) ~[jetty-server-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) ~[jetty-server-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:56) ~[jetty-server-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) ~[jetty-server-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.server.Server.handle(Server.java:531) ~[jetty-server-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352) ~[jetty-server-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) [jetty-server-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281) [jetty-io-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) [jetty-io-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) [jetty-io-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) [jetty-util-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) [jetty-util-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) [jetty-util-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:132) [jetty-util-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:760) ~[jetty-util-9.4.10.v20180503.jar:9.4.10.v20180503]
	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:678) ~[jetty-util-9.4.10.v20180503.jar:9.4.10.v20180503]
	at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_172]
Caused by: java.net.URISyntaxException: Illegal character in query at index 32: http://localhost:8080/script?a=${b}
	at java.net.URI$Parser.fail(URI.java:2848) ~[na:1.8.0_172]
	at java.net.URI$Parser.checkChars(URI.java:3021) ~[na:1.8.0_172]
	at java.net.URI$Parser.parseHierarchical(URI.java:3111) ~[na:1.8.0_172]
	at java.net.URI$Parser.parse(URI.java:3053) ~[na:1.8.0_172]
	at java.net.URI.<init>(URI.java:588) ~[na:1.8.0_172]
	at java.net.URI.create(URI.java:850) ~[na:1.8.0_172]
	... 50 common frames omitted
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

TraceableHttpServletRequest fails to create URI instance when query string contains special characters #13273

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

TraceableHttpServletRequest fails to create URI instance when query string contains special characters #13273

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions