File _service:obs_scm:CVE-2020-10688-1.patch of Package resteasy

From 7dcc7b2e7938433b8edea3ce9ada867532beb236 Mon Sep 17 00:00:00 2001
From: wang_yue111 <648774160@qq.com>
Date: Wed, 9 Jun 2021 17:25:36 +0800
Subject: [PATCH] 2

---
 .../core/StringParameterInjector.java         | 23 ++++++++++++++-----
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/StringParameterInjector.java b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/StringParameterInjector.java
index b7178f6..537ae0d 100755
--- a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/StringParameterInjector.java
+++ b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/StringParameterInjector.java
@@ -15,6 +15,7 @@ import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.ext.ParamConverter;
 import javax.ws.rs.ext.RuntimeDelegate;
 
+import java.io.UnsupportedEncodingException;
 import java.lang.annotation.Annotation;
 import java.lang.reflect.AccessibleObject;
 import java.lang.reflect.Array;
@@ -24,6 +25,8 @@ import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
 import java.lang.reflect.ParameterizedType;
 import java.lang.reflect.Type;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -298,7 +301,7 @@ public class StringParameterInjector
       catch (Exception e)
       {
          LogMessages.LOGGER.unableToExtractParameter(e, getParamSignature(), strVal, target);
-         throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal), e);
+         throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), _encode(strVal)), e);
       }
       if (paramConverter != null)
       {
@@ -325,12 +328,12 @@ public class StringParameterInjector
          catch (InstantiationException e)
          {
             LogMessages.LOGGER.unableToExtractParameter(e, getParamSignature(), strVal, target);
-            throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal), e);
+            throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), _encode(strVal)), e);
          }
          catch (IllegalAccessException e)
          {
             LogMessages.LOGGER.unableToExtractParameter(e, getParamSignature(), strVal, target);
-            throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal), e);  
+            throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), _encode(strVal)), e);  
          }
          catch (InvocationTargetException e)
          {
@@ -340,7 +343,7 @@ public class StringParameterInjector
                throw ((WebApplicationException)targetException);
             }
             LogMessages.LOGGER.unableToExtractParameter(targetException, getParamSignature(), strVal, target);
-            throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal), targetException);
+            throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), _encode(strVal)), targetException);
          }
       }
       else if (valueOf != null)
@@ -352,7 +355,7 @@ public class StringParameterInjector
          catch (IllegalAccessException e)
          {
             LogMessages.LOGGER.unableToExtractParameter(e, getParamSignature(), strVal, target);
-            throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal), e);
+            throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), _encode(strVal)), e);
          }
          catch (InvocationTargetException e)
          {
@@ -362,12 +365,20 @@ public class StringParameterInjector
                throw ((WebApplicationException)targetException);
             }
             LogMessages.LOGGER.unableToExtractParameter(targetException, getParamSignature(), strVal, target);
-            throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal), targetException);
+            throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), _encode(strVal)), targetException);
          }
       }
       return null;
    }
 
+   private String _encode(String strVal) {
+      try {
+         return URLEncoder.encode(strVal, StandardCharsets.UTF_8.toString());
+      } catch (UnsupportedEncodingException e) {
+	 return e.getMessage();
+      }
+   }
+
    protected void throwProcessingException(String message, Throwable cause)
    {
       throw new BadRequestException(message, cause);
-- 
2.23.0