Merge pull request #334 from PerimeterX/release/v6.9.2

Release/v6.9.2

CHANGELOG.md

@@ -1,5 +1,8 @@
 # Change Log
 
+## [v6.9.2](https://github.com/PerimeterX/perimeterx-java-sdk/compare/6.9.2...HEAD) (2023-11-15)
+- Fixed potential XHR first party issue.
+
 ## [v6.9.1](https://github.com/PerimeterX/perimeterx-java-sdk/compare/6.9.1...HEAD) (2023-11-13)
 - Added blocked URL to ABR and captcha template
 
@@ -12,7 +15,7 @@
 - Fixed the Block and Captcha pages, aligning them with the specified design and adding hard block functionality to align with spec.
 - Fixed Risk UUID to ensure it is set even when encountering a server-to-server error.
 - Fixed Async Activities Schema Addressed issues with the activity schema to ensure data accuracy and integrity.
-- Fixed resource management issue  in various code locations.
+- Fixed resource management issue in various code locations.
 
 ## [v6.8.1](https://github.com/PerimeterX/perimeterx-java-sdk/compare/6.8.1...HEAD) (2023-10-22)
 - Fixed handling of cookies with illegal arguments.

README.md

@@ -4,7 +4,7 @@
 
 # [PerimeterX](http://www.perimeterx.com) Java SDK
 
-> Latest stable version: [v6.9.1](https://search.maven.org/#artifactdetails%7Ccom.perimeterx%7Cperimeterx-sdk%7C6.9.0%7Cjar)
+> Latest stable version: [v6.9.2](https://search.maven.org/#artifactdetails%7Ccom.perimeterx%7Cperimeterx-sdk%7C6.9.2%7Cjar)
 
 ## Table of Contents
 

pom.xml

@@ -7,7 +7,7 @@
     <name>PerimeterX JAVA SDK</name>
     <groupId>com.perimeterx</groupId>
     <artifactId>perimeterx-sdk</artifactId>
-    <version>6.9.1</version>
+    <version>6.9.2</version>
 
     <packaging>jar</packaging>
     <description>PerimeterX Java SDK</description>

px_metadata.json

@@ -1,5 +1,5 @@
 {
-  "version": "6.9.1",
+  "version": "6.9.2",
   "supported_features": [
     "advanced_blocking_response",
     "bypass_monitor_header",

src/main/java/com/perimeterx/api/additionalContext/PXHDSource.java

@@ -0,0 +1,16 @@
+package com.perimeterx.api.additionalContext;
+
+public enum PXHDSource {
+    COOKIE("cookie"),
+    RISK("risk");
+
+    private final String value;
+
+    PXHDSource(String value) {
+        this.value = value;
+    }
+
+    public String getValue() {
+        return value;
+    }
+}

src/main/java/com/perimeterx/api/proxy/DefaultReverseProxy.java

@@ -3,7 +3,6 @@
 import com.perimeterx.api.providers.IPProvider;
 import com.perimeterx.http.IPXHttpClient;
 import com.perimeterx.http.IPXOutgoingRequest;
-import com.perimeterx.http.PXApacheHttpClient;
 import com.perimeterx.models.configuration.PXConfiguration;
 import com.perimeterx.models.proxy.PredefinedResponse;
 import com.perimeterx.utils.Constants;
@@ -107,15 +106,30 @@ public boolean reversePxXhr(HttpServletRequest req, HttpServletResponse res) thr
             return true;
         }
 
-        String originalUrl = req.getRequestURI().substring(xhrReversePrefix.length());
+        final String originalUrl = req.getRequestURI().substring(xhrReversePrefix.length());
+        final RemoteServer remoteServer = new RemoteServer(collectorUrl, originalUrl, req, res, ipProvider, proxyClient, predefinedResponse, predefinedResponseHelper, pxConfiguration);
+        IPXOutgoingRequest proxyRequest = null;
 
-        RemoteServer remoteServer = new RemoteServer(collectorUrl, originalUrl, req, res, ipProvider, proxyClient, predefinedResponse, predefinedResponseHelper, pxConfiguration);
-        IPXOutgoingRequest proxyRequest = remoteServer.prepareProxyRequest();
-        remoteServer.handleResponse(proxyRequest, true);
+        try {
+            proxyRequest = remoteServer.prepareProxyRequest();
+            remoteServer.handleResponse(proxyRequest, true);
+        } catch (Exception e) {
+            logger.error("reversePxXhr - failed to handle xhr request, error :: ", e.getMessage());
+            safelyCloseInputStream(proxyRequest);
+
+            throw e;
+        }
 
         return true;
     }
 
+    private void safelyCloseInputStream(IPXOutgoingRequest proxyRequest) throws IOException {
+        final boolean inputStreamExist = proxyRequest != null && proxyRequest.getBody() != null && proxyRequest.getBody().getInputStream() != null;
+        if (inputStreamExist) {
+            proxyRequest.getBody().getInputStream().close();
+        }
+    }
+
     @Override
     public boolean reverseCaptcha(HttpServletRequest req, HttpServletResponseWrapper res) throws IOException, URISyntaxException {
         if (!req.getRequestURI().contains(captchaReversePrefix)) {

src/main/java/com/perimeterx/api/proxy/RemoteServer.java

@@ -2,15 +2,17 @@
 
 import com.perimeterx.api.providers.IPProvider;
 import com.perimeterx.http.*;
+import com.perimeterx.http.PXOutgoingRequestImpl.PXOutgoingRequestImplBuilder;
 import com.perimeterx.models.configuration.PXConfiguration;
 import com.perimeterx.models.proxy.PredefinedResponse;
 import com.perimeterx.utils.PXLogger;
-import org.apache.http.*;
+import org.apache.http.HttpHeaders;
+import org.apache.http.HttpHost;
+import org.apache.http.HttpStatus;
 import org.apache.http.client.utils.URIUtils;
 import org.apache.http.message.BasicHeader;
 import org.apache.http.message.HeaderGroup;
 
-import com.perimeterx.http.PXOutgoingRequestImpl.PXOutgoingRequestImplBuilder;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -32,7 +34,6 @@
 public class RemoteServer {
 
     private final PXLogger logger = PXLogger.getLogger(RemoteServer.class);
-    private final String CONTENT_LENGTH_HEADER = "Content-Length";
 
     private HttpServletResponse res;
     private HttpServletRequest req;
@@ -88,14 +89,7 @@ public IPXOutgoingRequest prepareProxyRequest() throws IOException {
         PXOutgoingRequestImplBuilder requestBuilder = PXOutgoingRequestImpl.builder();
         // Copy the body if content-length exists
         if (getContentLength(req) != -1) {
-            try (InputStream inputStream = req.getInputStream()) {
-                requestBuilder.body(
-                        new PXRequestBody(
-                                inputStream,
-                                getContentLength(req)
-                        )
-                );
-            }
+            requestBuilder.body(new PXRequestBody(req.getInputStream()));
         }
 
         if (!Objects.equals(method, "")) {

src/main/java/com/perimeterx/api/verificationhandler/DefaultVerificationHandler.java

@@ -1,12 +1,12 @@
 package com.perimeterx.api.verificationhandler;
 
 import com.perimeterx.api.activities.ActivityHandler;
+import com.perimeterx.api.additionalContext.PXHDSource;
 import com.perimeterx.api.blockhandler.BlockHandler;
 import com.perimeterx.models.PXContext;
 import com.perimeterx.models.configuration.PXConfiguration;
 import com.perimeterx.models.exceptions.PXException;
 import com.perimeterx.utils.PXLogger;
-import org.apache.commons.lang3.StringUtils;
 
 import javax.servlet.http.HttpServletResponseWrapper;
 import java.io.UnsupportedEncodingException;
@@ -73,18 +73,20 @@ public boolean handleVerification(PXContext context, HttpServletResponseWrapper
 
     private void setPxhdCookie(PXContext context, HttpServletResponseWrapper responseWrapper) {
         try {
-            if (!StringUtils.isEmpty(context.getResponsePxhd())) {
-                final String cookieValue = getCookieValue(context);
+            final boolean riskSource = context.getPxhdSource() != null && context.getPxhdSource().equals(PXHDSource.RISK);
+
+            if (riskSource) {
+                final String cookieValue = getPxhdCookie(context);
 
                 responseWrapper.addHeader(SET_COOKIE_KEY_HEADER, cookieValue);
             }
         } catch (UnsupportedEncodingException e) {
-            logger.error(e.getMessage());
+            logger.error("setPxhdCookie - failed to set PXHD cookie, error :: ",e.getMessage());
         }
     }
 
-    private String getCookieValue(PXContext context) throws UnsupportedEncodingException {
-        final String pxHDCookieValue = context.getResponsePxhd();
+    private String getPxhdCookie(PXContext context) throws UnsupportedEncodingException {
+        final String pxHDCookieValue = context.getPxhd();
         final String pxHDEntry = PXHD_COOKIE_KEY + URLEncoder.encode(pxHDCookieValue, StandardCharsets.UTF_8.name()) + COOKIE_SEPARATOR;
 
         String cookieValue =  pxHDEntry

src/main/java/com/perimeterx/http/IPXOutgoingRequest.java

@@ -1,6 +1,5 @@
 package com.perimeterx.http;
 
-import java.io.InputStream;
 import java.util.List;
 
 public interface IPXOutgoingRequest {

src/main/java/com/perimeterx/http/PXOutgoingRequestImpl.java

@@ -29,10 +29,7 @@ public PXOutgoingRequestImplBuilder stringBody(String body) {
                 return this.body(null);
             }
 
-            PXRequestBody b = new PXRequestBody(
-                    new ByteArrayInputStream(body.getBytes()),
-                    body.length()
-            );
+            PXRequestBody b = new PXRequestBody(new ByteArrayInputStream(body.getBytes()));
             return this.body(b);
         }
     }

src/main/java/com/perimeterx/http/PXRequestBody.java

@@ -9,5 +9,4 @@
 @AllArgsConstructor
 public class PXRequestBody {
     private InputStream inputStream;
-    private long length;
 }

src/main/java/com/perimeterx/http/RequestWrapper.java

@@ -18,6 +18,7 @@
 public class RequestWrapper extends HttpServletRequestWrapper {
     private String body;
     private final Map<String, String> customHeaders;
+    private static final int BUFFER_SIZE = 4096;
 
     public RequestWrapper(HttpServletRequest request) {
         super(request);
@@ -27,11 +28,7 @@ public RequestWrapper(HttpServletRequest request) {
     @Override
     public ServletInputStream getInputStream() throws IOException {
         final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(getBody().getBytes());
-        return new ServletInputStream() {
-            public int read() {
-                return byteArrayInputStream.read();
-            }
-        };
+        return new ServletInputStreamWrapper(byteArrayInputStream);
     }
 
     @Override
@@ -56,7 +53,8 @@ public void addHeader(String name, String value) {
     public synchronized String getBody() throws IOException {
         if (body == null) {
             this.body = "";
-            char[] buffer = new char[4096];
+            char[] buffer = new char[BUFFER_SIZE];
+
             try (BufferedReader reader = this.getRequest().getReader()) {
                 StringBuilder builder = new StringBuilder();
                 int numChars;
@@ -68,4 +66,22 @@ public synchronized String getBody() throws IOException {
         }
         return body;
     }
+
+    private static class ServletInputStreamWrapper extends ServletInputStream {
+        private final ByteArrayInputStream inputStream;
+
+        public ServletInputStreamWrapper(ByteArrayInputStream inputStream) {
+            this.inputStream = inputStream;
+        }
+
+        @Override
+        public int read() {
+            return inputStream.read();
+        }
+
+        @Override
+        public void close() throws IOException {
+            inputStream.close();
+        }
+    }
 }

src/main/java/com/perimeterx/internals/PXS2SValidator.java

@@ -1,5 +1,6 @@
 package com.perimeterx.internals;
 
+import com.perimeterx.api.additionalContext.PXHDSource;
 import com.perimeterx.http.PXClient;
 import com.perimeterx.internals.cookie.DataEnrichmentCookie;
 import com.perimeterx.models.PXContext;
@@ -94,7 +95,6 @@ public boolean verify(PXContext pxContext) {
     }
 
     private void updateContextFromResponse(PXContext pxContext, RiskResponse response) {
-        pxContext.setResponsePxhd(response.getPxhd());
         pxContext.setRiskScore(response.getScore());
         pxContext.setUuid(response.getUuid());
         pxContext.setBlockAction(response.getAction());
@@ -104,6 +104,7 @@ private void updateContextFromResponse(PXContext pxContext, RiskResponse respons
 
         if(isNoneBlank(response.getPxhd())) {
             pxContext.setPxhd(response.getPxhd());
+            pxContext.setPxhdSource(PXHDSource.RISK);
         }
         if(isNoneBlank(response.getPxhdDomain())) {
             pxContext.setPxhdDomain(response.getPxhdDomain());

src/main/java/com/perimeterx/models/PXContext.java

@@ -3,6 +3,7 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.perimeterx.api.additionalContext.LoginData;
+import com.perimeterx.api.additionalContext.PXHDSource;
 import com.perimeterx.api.providers.CustomParametersProvider;
 import com.perimeterx.api.providers.HostnameProvider;
 import com.perimeterx.api.providers.IPProvider;
@@ -209,7 +210,7 @@ public class PXContext {
      */
 
     private String pxhd;
-    private String responsePxhd;
+    private PXHDSource pxhdSource;
     private boolean isMonitoredRequest;
     private LoginData loginData;
     private UUID requestId;
@@ -379,6 +380,7 @@ private void setVidAndPxhd(Cookie[] cookies) {
                 if (cookie.getName().equals("_pxhd")) {
                     try {
                         this.pxhd = URLDecoder.decode(cookie.getValue(), "UTF-8");
+                        this.setPxhdSource(PXHDSource.COOKIE);
                     } catch (UnsupportedEncodingException | IllegalArgumentException e) {
                         logger.error("setVidAndPxhd - failed while decoding the pxhd value", e);
                     }

web/pom.xml

@@ -25,7 +25,7 @@
         <dependency>
             <groupId>com.perimeterx</groupId>
             <artifactId>perimeterx-sdk</artifactId>
-            <version>6.9.1</version>
+            <version>6.9.2</version>
             <scope>compile</scope>
         </dependency>
         <dependency>