1 /*
2 * Copyright 2008-2019 Max Kellermann <max.kellermann@gmail.com>
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * - Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * - Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the
14 * distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
19 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
20 * FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
23 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
27 * OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 #include "UriUtil.hxx"
31 #include "ASCII.hxx"
32 #include "SplitString.hxx"
33
34 #include <array>
35 #include <cassert>
36 #include <cstring>
37
38 #include <string_view>
39
40 static const char *
verify_uri_segment(const char * p)41 verify_uri_segment(const char *p) noexcept
42 {
43 unsigned dots = 0;
44 while (*p == '.') {
45 ++p;
46 ++dots;
47 }
48
49 if (dots <= 2 && (*p == 0 || *p == '/'))
50 return nullptr;
51
52 const char *q = std::strchr(p + 1, '/');
53 return q != nullptr ? q : "";
54 }
55
56 bool
uri_safe_local(const char * uri)57 uri_safe_local(const char *uri) noexcept
58 {
59 while (true) {
60 uri = verify_uri_segment(uri);
61 if (uri == nullptr)
62 return false;
63
64 if (*uri == 0)
65 return true;
66
67 assert(*uri == '/');
68
69 ++uri;
70 }
71 }
72
73 gcc_pure
74 static const char *
SkipUriScheme(const char * uri)75 SkipUriScheme(const char *uri) noexcept
76 {
77 static constexpr auto schemes = std::array {
78 "http://", "https://",
79 "ftp://",
80 "smb://",
81 };
82
83 for (auto scheme : schemes) {
84 auto result = StringAfterPrefixCaseASCII(uri, scheme);
85 if (result != nullptr)
86 return result;
87 }
88
89 return nullptr;
90 }
91
92 std::string
uri_remove_auth(const char * uri)93 uri_remove_auth(const char *uri) noexcept
94 {
95 const char *auth = SkipUriScheme(uri);
96 if (auth == nullptr)
97 /* unrecognized URI */
98 return {};
99
100 const char *slash = std::strchr(auth, '/');
101 if (slash == nullptr)
102 slash = auth + strlen(auth);
103
104 auto at = (const char *)std::memchr(auth, '@', slash - auth);
105 if (at == nullptr)
106 /* no auth info present, do nothing */
107 return {};
108
109 /* duplicate the full URI and then delete the auth
110 information */
111 std::string result(uri);
112 result.erase(auth - uri, at + 1 - auth);
113 return result;
114 }
115
116 std::string
uri_squash_dot_segments(const char * uri)117 uri_squash_dot_segments(const char *uri) noexcept
118 {
119 std::forward_list<std::string_view> path = SplitString(std::string_view(uri), '/');
120 path.remove_if([](const std::string_view &seg) { return seg == "."; });
121 path.reverse();
122
123 std::string result;
124
125 int segskips = 0;
126 auto it = path.begin();
127 while (it != path.end()) {
128 if (*it == "..") {
129 segskips++;
130 it++;
131 continue;
132 } else if (segskips != 0) {
133 segskips--;
134 it++;
135 continue;
136 }
137
138 result.insert(0, *it);
139
140 if (it != path.begin()) {
141 result.insert(it->length(), "/");
142 }
143
144 it++;
145 }
146
147 return result;
148 }
149