refactored StaticFileHandler to improve error handling, enhance sanitization logic, and optimize shared cache usage; streamlined test cases for clarity

Boppler12 · Boppler12 · commit c1586778c437 · 2026-02-25T11:56:02.000+01:00
diff --git a/src/main/java/org/example/StaticFileHandler.java b/src/main/java/org/example/StaticFileHandler.java
@@ -13,7 +13,7 @@
 public class StaticFileHandler {
     private static final String DEFAULT_WEB_ROOT = "www";
     
-    // ✅ EN shared cache för alla threads
+    // EN shared cache för alla threads
     private static final CacheFilter SHARED_CACHE = new CacheFilter();
     
     private final String webRoot;
@@ -28,46 +28,44 @@ public StaticFileHandler(String webRoot) {
     }
 
     public void sendGetRequest(OutputStream outputStream, String uri) throws IOException {
+        String sanitizedUri = sanitizeUri(uri);
+
+        if (isPathTraversal(sanitizedUri)) {
+            sendErrorResponse(outputStream, 403, "Forbidden");
+            return;
+        }
+
         try {
-            String sanitizedUri = sanitizeUri(uri);
-            
-            if (isPathTraversal(sanitizedUri)) {
-                sendErrorResponse(outputStream, 403, "Forbidden");
-                return;
-            }
-            
-            // Använd shared cache istället för ny instans
             byte[] fileBytes = SHARED_CACHE.getOrFetch(sanitizedUri,
-                path -> Files.readAllBytes(new File(webRoot, path).toPath())
+                    path -> Files.readAllBytes(new File(webRoot, path).toPath())
             );
-            
+
             HttpResponseBuilder response = new HttpResponseBuilder();
-            response.setHeaders(Map.of("Content-Type", "text/html; charset=UTF-8"));
+            response.setContentTypeFromFilename(sanitizedUri);
             response.setBody(fileBytes);
             outputStream.write(response.build());
             outputStream.flush();
-            
+
         } catch (IOException e) {
-            try {
-                sendErrorResponse(outputStream, 404, "Not Found");
-            } catch (IOException ex) {
-                ex.printStackTrace();
-            }
+            sendErrorResponse(outputStream, 404, "Not Found");
         }
     }
 
     private String sanitizeUri(String uri) {
-        uri = uri.split("\\?")[0];
-        uri = uri.split("#")[0];
-        uri = uri.replace("\0", "");
-        
-        while (uri.startsWith("/")) {
-            uri = uri.substring(1);
-        }
-        
+        // Entydlig: ta bort query string och fragment
+        int queryIndex = uri.indexOf('?');
+        int fragmentIndex = uri.indexOf('#');
+        int endIndex = Math.min(
+                queryIndex > 0 ? queryIndex : uri.length(),
+                fragmentIndex > 0 ? fragmentIndex : uri.length()
+        );
+
+        uri = uri.substring(0, endIndex)
+                .replace("\0", "")
+                .replaceAll("^/+", "");  // Bort med leading slashes
+
         return uri;
     }
-
     private boolean isPathTraversal(String uri) {
         try {
             Path webRootPath = Paths.get(webRoot).toRealPath();
diff --git a/src/test/java/org/example/StaticFileHandlerTest.java b/src/test/java/org/example/StaticFileHandlerTest.java
@@ -28,7 +28,17 @@
  */
 class StaticFileHandlerTest {
 
-    private StaticFileHandler handler;
+    private StaticFileHandler createHandler(){
+        return new StaticFileHandler(tempDir.toString());
+    }
+
+    private String sendRequest(String uri) throws IOException {
+        StaticFileHandler handler = createHandler();
+        ByteArrayOutputStream output = new ByteArrayOutputStream();
+        handler.sendGetRequest(output, uri);
+        return output.toString();
+    }
+
 
     //Junit creates a temporary folder which can be filled with temporary files that gets removed after tests
     @TempDir
@@ -45,60 +55,35 @@ void setUp() {
     void testCaching_HitOnSecondRequest() throws IOException {
         // Arrange
         Files.writeString(tempDir.resolve("cached.html"), "Content");
-        StaticFileHandler handler = new StaticFileHandler(tempDir.toString());
 
-        // Act - Första anropet (cache miss)
-        handler.sendGetRequest(new ByteArrayOutputStream(), "cached.html");
+        // Act
+        sendRequest("cached.html");
         int sizeAfterFirst = StaticFileHandler.getCacheStats().entries;
-
-        // Act - Andra anropet (cache hit)
-        handler.sendGetRequest(new ByteArrayOutputStream(), "cached.html");
+        sendRequest("cached.html");
         int sizeAfterSecond = StaticFileHandler.getCacheStats().entries;
 
-        // Assert - Cache ska innehålla samma entry
-        assertThat(sizeAfterFirst).isEqualTo(1);
-        assertThat(sizeAfterSecond).isEqualTo(1);
+        // Assert
+        assertThat(sizeAfterFirst).isEqualTo(sizeAfterSecond).isEqualTo(1);
     }
 
+
     @Test
     void testSanitization_QueryString() throws IOException {
-        // Arrange
         Files.writeString(tempDir.resolve("index.html"), "Home");
-        StaticFileHandler handler = new StaticFileHandler(tempDir.toString());
-        ByteArrayOutputStream output = new ByteArrayOutputStream();
-
-        // Act - URI med query string
-        handler.sendGetRequest(output, "index.html?foo=bar");
-
-        // Assert
-        assertThat(output.toString()).contains("HTTP/1.1 200");
+        assertThat(sendRequest("index.html?foo=bar")).contains("HTTP/1.1 200");
     }
 
+
     @Test
     void testSanitization_LeadingSlash() throws IOException {
-        // Arrange
         Files.writeString(tempDir.resolve("page.html"), "Page");
-        StaticFileHandler handler = new StaticFileHandler(tempDir.toString());
-        ByteArrayOutputStream output = new ByteArrayOutputStream();
-
-        // Act
-        handler.sendGetRequest(output, "/page.html");
-
-        // Assert
-        assertThat(output.toString()).contains("HTTP/1.1 200");
+        assertThat(sendRequest("/page.html")).contains("HTTP/1.1 200");
     }
 
+
     @Test
     void testSanitization_NullBytes() throws IOException {
-        // Arrange
-        StaticFileHandler handler = new StaticFileHandler(tempDir.toString());
-        ByteArrayOutputStream output = new ByteArrayOutputStream();
-
-        // Act
-        handler.sendGetRequest(output, "file.html\0../../secret");
-
-        // Assert
-        assertThat(output.toString()).contains("HTTP/1.1 404");
+        assertThat(sendRequest("file.html\0../../secret")).contains("HTTP/1.1 404");
     }
 
     @Test
