Bug 39813

Summary: JMX proxy servlet newline escaping is incorrect
Product: Tomcat 5 Reporter: Robin Bramley <asf>
Component: Webapps:ManagerAssignee: Tomcat Developers Mailing List <dev>
Severity: trivial    
Priority: P4    
Version: 5.5.17   
Target Milestone: ---   
Hardware: All   
OS: other   
Attachments: Patch for newline escaping

Description Robin Bramley 2006-06-14 16:26:33 UTC
JMXProxyServlet.java at revision 411724.

Using MBean qry operation, if an attribute returns a String containing a
newline, the character before the newline is removed by the escape method (uses
idx-1 instead of idx on line 204).
e.g. PermGenStatus: Perm Gen : 19.93% (26739168/134217728\n

Furthermore, the end int is not checked to be > 0 in the appendHead method - so
anything starting with a newline would end up being a substring(0,-1) call (line
223) - resulting in an StringIndexOutOfBoundsException("String index out of
range: -1") which would then drop into "} catch (Exception e) {} // Ignore" in
listBeans causing any further attributes to not be printed out. 

Finally, the get operation does not use the escape method in getAttribute (line
114) so will print newlines. Guess this contravenes the JMX spec 1.2 - whose
changes log says "...the newline character ('\n') is forbidden everywhere. This
rule is new with 1.2."
Comment 1 Yoav Shapira 2006-06-15 19:29:47 UTC
Patches would be great ;)
Comment 2 Robin Bramley 2006-06-16 09:14:28 UTC
Created attachment 18476 [details]
Patch for newline escaping

Here you go! 
Tested with a Spring MBean exported POJO returning strings containing newlines
and starting with a newline.
Comment 3 Mark Thomas 2006-06-17 16:57:01 UTC
Patch applied.

Many thanks.