url/url_canon_unittest.cc - Issue 1358433004: Correctly handle problematic nested escapes in URL paths.

Side by Side Diff: url/url_canon_unittest.cc

Issue 1358433004: Correctly handle problematic nested escapes in URL paths. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: New behavior Created 5 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <errno.h>	5 #include <errno.h>

6	6

7 #include "base/macros.h"	7 #include "base/macros.h"

8 #include "testing/gtest/include/gtest/gtest.h"	8 #include "testing/gtest/include/gtest/gtest.h"

9 #include "url/third_party/mozilla/url_parse.h"	9 #include "url/third_party/mozilla/url_parse.h"

10 #include "url/url_canon.h"	10 #include "url/url_canon.h"

(...skipping 982 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
993	993

994 EXPECT_EQ(port_cases[i].expected_success, success);	994 EXPECT_EQ(port_cases[i].expected_success, success);

995 EXPECT_EQ(std::string(port_cases[i].expected), out_str);	995 EXPECT_EQ(std::string(port_cases[i].expected), out_str);

996 EXPECT_EQ(port_cases[i].expected_component.begin, out_comp.begin);	996 EXPECT_EQ(port_cases[i].expected_component.begin, out_comp.begin);

997 EXPECT_EQ(port_cases[i].expected_component.len, out_comp.len);	997 EXPECT_EQ(port_cases[i].expected_component.len, out_comp.len);

998 }	998 }

999 }	999 }

1000	1000

1001 TEST(URLCanonTest, Path) {	1001 TEST(URLCanonTest, Path) {

1002 DualComponentCase path_cases[] = {	1002 DualComponentCase path_cases[] = {

	1003 #if 0
	brettw 2015/09/21 22:28:34 Left by mistake? Left by mistake? Peter Kasting 2015/09/21 23:15:31 Yeah, oops :( Show quoted text On 2015/09/21 22:28:34, brettw wrote: > Left by mistake? Yeah, oops :(
1003 // ----- path collapsing tests -----	1004 // ----- path collapsing tests -----

1004 {"/././foo", L"/././foo", "/foo", Component(0, 4), true},	1005 {"/././foo", L"/././foo", "/foo", Component(0, 4), true},

1005 {"/./.foo", L"/./.foo", "/.foo", Component(0, 5), true},	1006 {"/./.foo", L"/./.foo", "/.foo", Component(0, 5), true},

1006 {"/foo/.", L"/foo/.", "/foo/", Component(0, 5), true},	1007 {"/foo/.", L"/foo/.", "/foo/", Component(0, 5), true},

1007 {"/foo/./", L"/foo/./", "/foo/", Component(0, 5), true},	1008 {"/foo/./", L"/foo/./", "/foo/", Component(0, 5), true},

1008 // double dots followed by a slash or the end of the string count	1009 // double dots followed by a slash or the end of the string count

1009 {"/foo/bar/..", L"/foo/bar/..", "/foo/", Component(0, 5), true},	1010 {"/foo/bar/..", L"/foo/bar/..", "/foo/", Component(0, 5), true},

1010 {"/foo/bar/../", L"/foo/bar/../", "/foo/", Component(0, 5), true},	1011 {"/foo/bar/../", L"/foo/bar/../", "/foo/", Component(0, 5), true},

1011 // don't count double dots when they aren't followed by a slash	1012 // don't count double dots when they aren't followed by a slash

1012 {"/foo/..bar", L"/foo/..bar", "/foo/..bar", Component(0, 10), true},	1013 {"/foo/..bar", L"/foo/..bar", "/foo/..bar", Component(0, 10), true},

(...skipping 40 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1053 // Backslashes should get converted to forward slashes	1054 // Backslashes should get converted to forward slashes

1054 {"\\foo\\bar", L"\\foo\\bar", "/foo/bar", Component(0, 8), true},	1055 {"\\foo\\bar", L"\\foo\\bar", "/foo/bar", Component(0, 8), true},

1055 // Hashes found in paths (possibly only when the caller explicitly sets	1056 // Hashes found in paths (possibly only when the caller explicitly sets

1056 // the path on an already-parsed URL) should be escaped.	1057 // the path on an already-parsed URL) should be escaped.

1057 {"/foo#bar", L"/foo#bar", "/foo%23bar", Component(0, 10), true},	1058 {"/foo#bar", L"/foo#bar", "/foo%23bar", Component(0, 10), true},

1058 // %7f should be allowed and %3D should not be unescaped (these were wrong	1059 // %7f should be allowed and %3D should not be unescaped (these were wrong

1059 // in a previous version).	1060 // in a previous version).

1060 {"/%7Ffp3%3Eju%3Dduvgw%3Dd", L"/%7Ffp3%3Eju%3Dduvgw%3Dd", "/%7Ffp3%3Eju%3Ddu vgw%3Dd", Component(0, 24), true},	1061 {"/%7Ffp3%3Eju%3Dduvgw%3Dd", L"/%7Ffp3%3Eju%3Dduvgw%3Dd", "/%7Ffp3%3Eju%3Ddu vgw%3Dd", Component(0, 24), true},

1061 // @ should be passed through unchanged (escaped or unescaped).	1062 // @ should be passed through unchanged (escaped or unescaped).

1062 {"/@asdf%40", L"/@asdf%40", "/@asdf%40", Component(0, 9), true},	1063 {"/@asdf%40", L"/@asdf%40", "/@asdf%40", Component(0, 9), true},

	1064 // Nested escape sequences should result in escaping the leading '%' if

	1065 // unescaping would result in a new escape sequence.

	1066 {"/%0%30", L"/%0%30", "/%2500", Component(0, 6), true},
	brettw 2015/09/21 22:28:34 Can you make these cases use different characters Can you make these cases use different characters for each possible character rather than "%30" and "0", to prove we're not doing something silly duplicating one of them to get the output? Peter Kasting 2015/09/21 23:15:30 Done. Show quoted text On 2015/09/21 22:28:34, brettw wrote: > Can you make these cases use different characters for each possible character > rather than "%30" and "0", to prove we're not doing something silly duplicating > one of them to get the output? Done.
	1067 {"/%%300", L"/%%300", "/%2500", Component(0, 6), true},

	1068 {"/%%30%30", L"/%%30%30", "/%2500", Component(0, 6), true},

	1069 // Make sure truncated "nested" escapes don't result in reading off the

	1070 // string end.

	1071 {"/%%30", L"/%%30", "/%0", Component(0, 3), true},

	1072 // Don't unescape the leading '%' if unescaping doesn't result in a valid

	1073 // new escape sequence.

	1074 {"/%%470", L"/%%470", "/%G0", Component(0, 4), true},

	1075 {"/%%2D%41", L"/%%2D%41", "/%-A", Component(0, 4), true},

	1076 #endif

	1077 // Don't erroneously downcast a UTF-16 charater in a way that makes it

	1078 // look like part of an escape sequence.

	1079 {NULL, L"/%%30\x0130", "/%0%C4%B0", Component(0, 9), true},

	1080 #if 0

	1081

1063	1082

1064 // ----- encoding tests -----	1083 // ----- encoding tests -----

1065 // Basic conversions	1084 // Basic conversions

1066 {"/\xe4\xbd\xa0\xe5\xa5\xbd\xe4\xbd\xa0\xe5\xa5\xbd", L"/\x4f60\x597d\x4f60\ x597d", "/%E4%BD%A0%E5%A5%BD%E4%BD%A0%E5%A5%BD", Component(0, 37), true},	1085 {"/\xe4\xbd\xa0\xe5\xa5\xbd\xe4\xbd\xa0\xe5\xa5\xbd", L"/\x4f60\x597d\x4f60\ x597d", "/%E4%BD%A0%E5%A5%BD%E4%BD%A0%E5%A5%BD", Component(0, 37), true},

1067 // Invalid unicode characters should fail. We only do validation on	1086 // Invalid unicode characters should fail. We only do validation on

1068 // UTF-16 input, so this doesn't happen on 8-bit.	1087 // UTF-16 input, so this doesn't happen on 8-bit.

1069 {"/\xef\xb7\x90zyx", NULL, "/%EF%B7%90zyx", Component(0, 13), true},	1088 {"/\xef\xb7\x90zyx", NULL, "/%EF%B7%90zyx", Component(0, 13), true},

1070 {NULL, L"/\xfdd0zyx", "/%EF%BF%BDzyx", Component(0, 13), false},	1089 {NULL, L"/\xfdd0zyx", "/%EF%BF%BDzyx", Component(0, 13), false},

	1090 #endif

1071 };	1091 };

1072	1092

1073 for (size_t i = 0; i < arraysize(path_cases); i++) {	1093 for (size_t i = 0; i < arraysize(path_cases); i++) {

1074 if (path_cases[i].input8) {	1094 if (path_cases[i].input8) {

1075 int len = static_cast<int>(strlen(path_cases[i].input8));	1095 int len = static_cast<int>(strlen(path_cases[i].input8));

1076 Component in_comp(0, len);	1096 Component in_comp(0, len);

1077 Component out_comp;	1097 Component out_comp;

1078 std::string out_str;	1098 std::string out_str;

1079 StdStringCanonOutput output(&out_str);	1099 StdStringCanonOutput output(&out_str);

1080 bool success =	1100 bool success =

(...skipping 1042 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2123 repl_output.Complete();	2143 repl_output.Complete();

2124	2144

2125 // Generate the expected string and check.	2145 // Generate the expected string and check.

2126 std::string expected("file:///foo?");	2146 std::string expected("file:///foo?");

2127 for (size_t i = 0; i < new_query.length(); i++)	2147 for (size_t i = 0; i < new_query.length(); i++)

2128 expected.push_back('a');	2148 expected.push_back('a');

2129 EXPECT_TRUE(expected == repl_str);	2149 EXPECT_TRUE(expected == repl_str);

2130 }	2150 }

2131	2151

2132 } // namespace url	2152 } // namespace url

OLD	NEW

« url/url_canon_path.cc ('K') | « url/url_canon_path.cc ('k') | no next file » | no next file with comments »