Uri.cc
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9/* DEBUG: section 23 URL Parsing */
10
11#include "squid.h"
12#include "anyp/Uri.h"
13#include "base/Raw.h"
14#include "globals.h"
15#include "HttpRequest.h"
16#include "parser/Tokenizer.h"
17#include "rfc1738.h"
18#include "SquidConfig.h"
19#include "SquidMath.h"
20#include "SquidString.h"
21
22static const char valid_hostname_chars_u[] =
23 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
24 "abcdefghijklmnopqrstuvwxyz"
25 "0123456789-._"
26 "[:]"
27 ;
28static const char valid_hostname_chars[] =
29 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
30 "abcdefghijklmnopqrstuvwxyz"
31 "0123456789-."
32 "[:]"
33 ;
34
36static const CharacterSet &
37UserInfoChars()
38{
39 /*
40 * RFC 3986 section 3.2.1
41 *
42 * userinfo = *( unreserved / pct-encoded / sub-delims / ":" )
43 * unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
44 * pct-encoded = "%" HEXDIG HEXDIG
45 * sub-delims = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "="
46 */
47 static const auto userInfoValid = CharacterSet("userinfo", ":-._~%!$&'()*+,;=") +
48 CharacterSet::ALPHA +
49 CharacterSet::DIGIT;
50 return userInfoValid;
51}
52
56SBuf
57AnyP::Uri::Encode(const SBuf &buf, const CharacterSet &ignore)
58{
59 if (buf.isEmpty())
60 return buf;
61
62 Parser::Tokenizer tk(buf);
63 SBuf goodSection;
64 // optimization for the arguably common "no encoding necessary" case
65 if (tk.prefix(goodSection, ignore) && tk.atEnd())
66 return buf;
67
68 SBuf output;
69 output.reserveSpace(buf.length() * 3); // worst case: encode all chars
70 output.append(goodSection); // may be empty
71
72 while (!tk.atEnd()) {
73 // TODO: Add Tokenizer::parseOne(void).
74 const auto ch = tk.remaining()[0];
75 output.appendf("%%%02X", static_cast<unsigned int>(static_cast<unsigned char>(ch))); // TODO: Optimize using a table
76 (void)tk.skip(ch);
77
78 if (tk.prefix(goodSection, ignore))
79 output.append(goodSection);
80 }
81
82 return output;
83}
84
85const SBuf &
86AnyP::Uri::Asterisk()
87{
88 static SBuf star("*");
89 return star;
90}
91
92const SBuf &
93AnyP::Uri::SlashPath()
94{
95 static SBuf slash("/");
96 return slash;
97}
98
99void
100AnyP::Uri::host(const char *src)
101{
102 hostAddr_.fromHost(src);
103 if (hostAddr_.isAnyAddr()) {
104 xstrncpy(host_, src, sizeof(host_));
105 hostIsNumeric_ = false;
106 } else {
107 hostAddr_.toHostStr(host_, sizeof(host_));
108 debugs(23, 3, "given IP: " << hostAddr_);
109 hostIsNumeric_ = 1;
110 }
111 touch();
112}
113
114SBuf
115AnyP::Uri::hostOrIp() const
116{
117 if (hostIsNumeric()) {
118 static char ip[MAX_IPSTRLEN];
119 const auto hostStrLen = hostIP().toHostStr(ip, sizeof(ip));
120 return SBuf(ip, hostStrLen);
121 } else
122 return SBuf(host());
123}
124
125const SBuf &
126AnyP::Uri::path() const
127{
128 // RFC 3986 section 3.3 says path can be empty (path-abempty).
129 // RFC 7230 sections 2.7.3, 5.3.1, 5.7.2 - says path cannot be empty, default to "/"
130 // at least when sending and using. We must still accept path-abempty as input.
131 if (path_.isEmpty() && (scheme_ == AnyP::PROTO_HTTP || scheme_ == AnyP::PROTO_HTTPS))
132 return SlashPath();
133
134 return path_;
135}
136
137void
138urlInitialize(void)
139{
140 debugs(23, 5, "urlInitialize: Initializing...");
141 /* this ensures that the number of protocol strings is the same as
142 * the enum slots allocated because the last enum is always 'MAX'.
143 */
144 assert(strcmp(AnyP::ProtocolType_str[AnyP::PROTO_MAX], "MAX") == 0);
145 /*
146 * These test that our matchDomainName() function works the
147 * way we expect it to.
148 */
149 assert(0 == matchDomainName("foo.com", "foo.com"));
150 assert(0 == matchDomainName(".foo.com", "foo.com"));
151 assert(0 == matchDomainName("foo.com", ".foo.com"));
152 assert(0 == matchDomainName(".foo.com", ".foo.com"));
153 assert(0 == matchDomainName("x.foo.com", ".foo.com"));
154 assert(0 == matchDomainName("y.x.foo.com", ".foo.com"));
155 assert(0 != matchDomainName("x.foo.com", "foo.com"));
156 assert(0 != matchDomainName("foo.com", "x.foo.com"));
157 assert(0 != matchDomainName("bar.com", "foo.com"));
158 assert(0 != matchDomainName(".bar.com", "foo.com"));
159 assert(0 != matchDomainName(".bar.com", ".foo.com"));
160 assert(0 != matchDomainName("bar.com", ".foo.com"));
161 assert(0 < matchDomainName("zzz.com", "foo.com"));
162 assert(0 > matchDomainName("aaa.com", "foo.com"));
163 assert(0 == matchDomainName("FOO.com", "foo.COM"));
164 assert(0 < matchDomainName("bfoo.com", "afoo.com"));
165 assert(0 > matchDomainName("afoo.com", "bfoo.com"));
166 assert(0 < matchDomainName("x-foo.com", ".foo.com"));
167
168 assert(0 == matchDomainName(".foo.com", ".foo.com", mdnRejectSubsubDomains));
169 assert(0 == matchDomainName("x.foo.com", ".foo.com", mdnRejectSubsubDomains));
170 assert(0 != matchDomainName("y.x.foo.com", ".foo.com", mdnRejectSubsubDomains));
171 assert(0 != matchDomainName(".x.foo.com", ".foo.com", mdnRejectSubsubDomains));
172
173 assert(0 == matchDomainName("*.foo.com", "x.foo.com", mdnHonorWildcards));
174 assert(0 == matchDomainName("*.foo.com", ".x.foo.com", mdnHonorWildcards));
175 assert(0 == matchDomainName("*.foo.com", ".foo.com", mdnHonorWildcards));
176 assert(0 != matchDomainName("*.foo.com", "foo.com", mdnHonorWildcards));
177
178 /* more cases? */
179}
180
188static AnyP::UriScheme
189uriParseScheme(Parser::Tokenizer &tok)
190{
191 /*
192 * RFC 3986 section 3.1 paragraph 2:
193 *
194 * Scheme names consist of a sequence of characters beginning with a
195 * letter and followed by any combination of letters, digits, plus
196 * ("+"), period ("."), or hyphen ("-").
197 */
198 static const auto schemeChars = CharacterSet("scheme", "+.-") + CharacterSet::ALPHA + CharacterSet::DIGIT;
199
200 SBuf str;
201 if (tok.prefix(str, schemeChars, 16) && tok.skip(':') && CharacterSet::ALPHA[str.at(0)]) {
202 const auto protocol = AnyP::UriScheme::FindProtocolType(str);
203 if (protocol == AnyP::PROTO_UNKNOWN)
204 return AnyP::UriScheme(protocol, str.c_str());
205 return AnyP::UriScheme(protocol, nullptr);
206 }
207
208 throw TextException("invalid URI scheme", Here());
209}
210
218bool
219urlAppendDomain(char *host)
220{
221 /* For IPv4 addresses check for a dot */
222 /* For IPv6 addresses also check for a colon */
223 if (Config.appendDomain && !strchr(host, '.') && !strchr(host, ':')) {
224 const uint64_t dlen = strlen(host);
225 const uint64_t want = dlen + Config.appendDomainLen;
226 if (want > SQUIDHOSTNAMELEN - 1) {
227 debugs(23, 2, "URL domain too large (" << dlen << " bytes)");
228 return false;
229 }
230 strncat(host, Config.appendDomain, SQUIDHOSTNAMELEN - dlen - 1);
231 }
232 return true;
233}
234
235/*
236 * Parse a URI/URL.
237 *
238 * It is assumed that the URL is complete -
239 * ie, the end of the string is the end of the URL. Don't pass a partial
240 * URL here as this routine doesn't have any way of knowing whether
241 * it is partial or not (ie, it handles the case of no trailing slash as
242 * being "end of host with implied path of /".
243 *
244 * method is used to switch parsers. If method is Http::METHOD_CONNECT,
245 * then rather than a URL a hostname:port is looked for.
246 */
247bool
248AnyP::Uri::parse(const HttpRequestMethod& method, const SBuf &rawUrl)
249{
250 try {
251
252 LOCAL_ARRAY(char, login, MAX_URL);
253 LOCAL_ARRAY(char, foundHost, MAX_URL);
254 LOCAL_ARRAY(char, urlpath, MAX_URL);
255 char *t = nullptr;
256 char *q = nullptr;
257 int foundPort;
258 int l;
259 int i;
260 const char *src;
261 char *dst;
262 foundHost[0] = urlpath[0] = login[0] = '\0';
263
264 if ((l = rawUrl.length()) + Config.appendDomainLen > (MAX_URL - 1)) {
265 debugs(23, DBG_IMPORTANT, MYNAME << "URL too large (" << l << " bytes)");
266 return false;
267 }
268
269 if ((method == Http::METHOD_OPTIONS || method == Http::METHOD_TRACE) &&
270 Asterisk().cmp(rawUrl) == 0) {
271 // XXX: these methods might also occur in HTTPS traffic. Handle this better.
272 setScheme(AnyP::PROTO_HTTP, nullptr);
273 port(getScheme().defaultPort());
274 path(Asterisk());
275 return true;
276 }
277
278 Parser::Tokenizer tok(rawUrl);
279 AnyP::UriScheme scheme;
280
281 if (method == Http::METHOD_CONNECT) {
282 // For CONNECTs, RFC 9110 Section 9.3.6 requires "only the host and
283 // port number of the tunnel destination, separated by a colon".
284
285 const auto rawHost = parseHost(tok);
286 Assure(rawHost.length() < sizeof(foundHost));
287 SBufToCstring(foundHost, rawHost);
288
289 if (!tok.skip(':'))
290 throw TextException("missing required :port in CONNECT target", Here());
291 foundPort = parsePort(tok);
292
293 if (!tok.remaining().isEmpty())
294 throw TextException("garbage after host:port in CONNECT target", Here());
295 } else {
296
297 scheme = uriParseScheme(tok);
298
299 if (scheme == AnyP::PROTO_NONE)
300 return false; // invalid scheme
301
302 if (scheme == AnyP::PROTO_URN) {
303 parseUrn(tok); // throws on any error
304 return true;
305 }
306
307 // URLs then have "//"
308 static const SBuf doubleSlash("//");
309 if (!tok.skip(doubleSlash))
310 return false;
311
312 auto B = tok.remaining();
313 const char *url = B.c_str();
314
315 /* Parse the URL: */
316 src = url;
317 i = 0;
318
319 /* Then everything until first /; that's host (and port; which we'll look for here later) */
320 // bug 1881: If we don't get a "/" then we imply it was there
321 // bug 3074: We could just be given a "?" or "#". These also imply "/"
322 // bug 3233: whitespace is also a hostname delimiter.
323 for (dst = foundHost; i < l && *src != '/' && *src != '?' && *src != '#' && *src != '\0' && !xisspace(*src); ++i, ++src, ++dst) {
324 *dst = *src;
325 }
326
327 /*
328 * We can't check for "i >= l" here because we could be at the end of the line
329 * and have a perfectly valid URL w/ no trailing '/'. In this case we assume we've
330 * been -given- a valid URL and the path is just '/'.
331 */
332 if (i > l)
333 return false;
334 *dst = '\0';
335
336 // We are looking at path-abempty.
337 if (*src != '/') {
338 // path-empty, including the end of the `src` c-string cases
339 urlpath[0] = '/';
340 dst = &urlpath[1];
341 } else {
342 dst = urlpath;
343 }
344 /* Then everything from / (inclusive) until \r\n or \0 - that's urlpath */
345 for (; i < l && *src != '\r' && *src != '\n' && *src != '\0'; ++i, ++src, ++dst) {
346 *dst = *src;
347 }
348
349 /* We -could- be at the end of the buffer here */
350 if (i > l)
351 return false;
352 *dst = '\0';
353
354 // If the parsed scheme has no (known) default port, and there is no
355 // explicit port, then we will reject the zero port during foundPort
356 // validation, often resulting in a misleading 400/ERR_INVALID_URL.
357 // TODO: Remove this hack when switching to Tokenizer-based parsing.
358 foundPort = scheme.defaultPort().value_or(0); // may be reset later
359
360 /* Is there any login information? (we should eventually parse it above) */
361 t = strrchr(foundHost, '@');
362 if (t != nullptr) {
363 strncpy((char *) login, (char *) foundHost, sizeof(login)-1);
364 login[sizeof(login)-1] = '\0';
365 t = strrchr(login, '@');
366 *t = 0;
367 strncpy((char *) foundHost, t + 1, sizeof(foundHost)-1);
368 foundHost[sizeof(foundHost)-1] = '\0';
369 // Bug 4498: URL-unescape the login info after extraction
370 rfc1738_unescape(login);
371 }
372
373 /* Is there any host information? (we should eventually parse it above) */
374 if (*foundHost == '[') {
375 /* strip any IPA brackets. valid under IPv6. */
376 dst = foundHost;
377 /* only for IPv6 sadly, pre-IPv6/URL code can't handle the clean result properly anyway. */
378 src = foundHost;
379 ++src;
380 l = strlen(foundHost);
381 i = 1;
382 for (; i < l && *src != ']' && *src != '\0'; ++i, ++src, ++dst) {
383 *dst = *src;
384 }
385
386 /* we moved in-place, so truncate the actual hostname found */
387 *dst = '\0';
388 ++dst;
389
390 /* skip ahead to either start of port, or original EOS */
391 while (*dst != '\0' && *dst != ':')
392 ++dst;
393 t = dst;
394 } else {
395 t = strrchr(foundHost, ':');
396
397 if (t != strchr(foundHost,':') ) {
398 /* RFC 2732 states IPv6 "SHOULD" be bracketed. allowing for times when its not. */
399 /* RFC 3986 'update' simply modifies this to an "is" with no emphasis at all! */
400 /* therefore we MUST accept the case where they are not bracketed at all. */
401 t = nullptr;
402 }
403 }
404
405 // Bug 3183 sanity check: If scheme is present, host must be too.
406 if (scheme != AnyP::PROTO_NONE && foundHost[0] == '\0') {
407 debugs(23, DBG_IMPORTANT, "SECURITY ALERT: Missing hostname in URL '" << url << "'. see access.log for details.");
408 return false;
409 }
410
411 if (t && *t == ':') {
412 *t = '\0';
413 ++t;
414 foundPort = atoi(t);
415 }
416 }
417
418 for (t = foundHost; *t; ++t)
419 *t = xtolower(*t);
420
421 if (stringHasWhitespace(foundHost)) {
422 if (URI_WHITESPACE_STRIP == Config.uri_whitespace) {
423 t = q = foundHost;
424 while (*t) {
425 if (!xisspace(*t)) {
426 *q = *t;
427 ++q;
428 }
429 ++t;
430 }
431 *q = '\0';
432 }
433 }
434
435 debugs(23, 3, "Split URL '" << rawUrl << "' into proto='" << scheme.image() << "', host='" << foundHost << "', port='" << foundPort << "', path='" << urlpath << "'");
436
437 if (Config.onoff.check_hostnames &&
438 strspn(foundHost, Config.onoff.allow_underscore ? valid_hostname_chars_u : valid_hostname_chars) != strlen(foundHost)) {
439 debugs(23, DBG_IMPORTANT, MYNAME << "Illegal character in hostname '" << foundHost << "'");
440 return false;
441 }
442
443 if (!urlAppendDomain(foundHost))
444 return false;
445
446 /* remove trailing dots from hostnames */
447 while ((l = strlen(foundHost)) > 0 && foundHost[--l] == '.')
448 foundHost[l] = '\0';
449
450 /* reject duplicate or leading dots */
451 if (strstr(foundHost, "..") || *foundHost == '.') {
452 debugs(23, DBG_IMPORTANT, MYNAME << "Illegal hostname '" << foundHost << "'");
453 return false;
454 }
455
456 if (foundPort < 1 || foundPort > 65535) {
457 debugs(23, 3, "Invalid port '" << foundPort << "'");
458 return false;
459 }
460
461 if (stringHasWhitespace(urlpath)) {
462 debugs(23, 2, "URI has whitespace: {" << rawUrl << "}");
463
464 switch (Config.uri_whitespace) {
465
466 case URI_WHITESPACE_DENY:
467 return false;
468
469 case URI_WHITESPACE_ALLOW:
470 break;
471
472 case URI_WHITESPACE_ENCODE:
473 t = rfc1738_escape_unescaped(urlpath);
474 xstrncpy(urlpath, t, MAX_URL);
475 break;
476
477 case URI_WHITESPACE_CHOP:
478 *(urlpath + strcspn(urlpath, w_space)) = '\0';
479 break;
480
481 case URI_WHITESPACE_STRIP:
482 default:
483 t = q = urlpath;
484 while (*t) {
485 if (!xisspace(*t)) {
486 *q = *t;
487 ++q;
488 }
489 ++t;
490 }
491 *q = '\0';
492 }
493 }
494
495 setScheme(scheme);
496 path(urlpath);
497 host(foundHost);
498 userInfo(SBuf(login));
499 port(foundPort);
500 return true;
501
502 } catch (...) {
503 debugs(23, 2, "error: " << CurrentException << " " << Raw("rawUrl", rawUrl.rawContent(), rawUrl.length()));
504 return false;
505 }
506}
507
522void
523AnyP::Uri::parseUrn(Parser::Tokenizer &tok)
524{
525 static const auto nidChars = CharacterSet("NID","-") + CharacterSet::ALPHA + CharacterSet::DIGIT;
526 static const auto alphanum = (CharacterSet::ALPHA + CharacterSet::DIGIT).rename("alphanum");
527 SBuf nid;
528 if (!tok.prefix(nid, nidChars, 32))
529 throw TextException("NID not found", Here());
530
531 if (!tok.skip(':'))
532 throw TextException("NID too long or missing ':' delimiter", Here());
533
534 if (nid.length() < 2)
535 throw TextException("NID too short", Here());
536
537 if (!alphanum[*nid.begin()])
538 throw TextException("NID prefix is not alphanumeric", Here());
539
540 if (!alphanum[*nid.rbegin()])
541 throw TextException("NID suffix is not alphanumeric", Here());
542
543 setScheme(AnyP::PROTO_URN, nullptr);
544 host(nid.c_str());
545 // TODO validate path characters
546 path(tok.remaining());
547 debugs(23, 3, "Split URI into proto=urn, nid=" << nid << ", " << Raw("path",path().rawContent(),path().length()));
548}
549
553SBuf
554AnyP::Uri::parseHost(Parser::Tokenizer &tok) const
555{
556 // host = IP-literal / IPv4address / reg-name
557
558 // XXX: CharacterSets below reject uri-host values containing whitespace
559 // (e.g., "10.0.0. 1"). That is not a bug, but the uri_whitespace directive
560 // can be interpreted as if it applies to uri-host and this code. TODO: Fix
561 // uri_whitespace and the code using it to exclude uri-host (and URI scheme,
562 // port, etc.) from that directive scope.
563
564 // IP-literal = "[" ( IPv6address / IPvFuture ) "]"
565 if (tok.skip('[')) {
566 // Add "." because IPv6address in RFC 3986 includes ls32, which includes
567 // IPv4address: ls32 = ( h16 ":" h16 ) / IPv4address
568 // This set rejects IPvFuture that needs a "v" character.
569 static const CharacterSet IPv6chars = (
570 CharacterSet::HEXDIG + CharacterSet("colon", ":") + CharacterSet("period", ".")).rename("IPv6");
571 SBuf ipv6ish;
572 if (!tok.prefix(ipv6ish, IPv6chars))
573 throw TextException("malformed or unsupported bracketed IP address in uri-host", Here());
574
575 if (!tok.skip(']'))
576 throw TextException("IPv6 address is missing a closing bracket in uri-host", Here());
577
578 // This rejects bracketed IPv4address and domain names because they lack ":".
579 if (ipv6ish.find(':') == SBuf::npos)
580 throw TextException("bracketed IPv6 address is missing a colon in uri-host", Here());
581
582 // This rejects bracketed non-IP addresses that our caller would have
583 // otherwise mistaken for a domain name (e.g., '[127.0.0:1]').
584 Ip::Address ipv6check;
585 if (!ipv6check.fromHost(ipv6ish.c_str()))
586 throw TextException("malformed bracketed IPv6 address in uri-host", Here());
587
588 return ipv6ish;
589 }
590
591 // no brackets implies we are looking at IPv4address or reg-name
592
593 // XXX: This code does not detect/reject some bad host values (e.g. "!#$%&"
594 // and "1.2.3.4.5"). TODO: Add more checks here, after migrating the
595 // non-CONNECT uri-host parsing code to use us.
596
597 SBuf otherHost; // IPv4address-ish or reg-name-ish;
598 // ":" is not in TCHAR so we will stop before any port specification
599 if (tok.prefix(otherHost, CharacterSet::TCHAR))
600 return otherHost;
601
602 throw TextException("malformed IPv4 address or host name in uri-host", Here());
603}
604
611int
612AnyP::Uri::parsePort(Parser::Tokenizer &tok) const
613{
614 if (tok.skip('0'))
615 throw TextException("zero or zero-prefixed port", Here());
616
617 int64_t rawPort = 0;
618 if (!tok.int64(rawPort, 10, false)) // port = *DIGIT
619 throw TextException("malformed or missing port", Here());
620
621 Assure(rawPort > 0);
622 constexpr KnownPort portMax = 65535; // TODO: Make this a class-scope constant and REuse it.
623 constexpr auto portStorageMax = std::numeric_limits<Port::value_type>::max();
624 static_assert(!Less(portStorageMax, portMax), "Port type can represent the maximum valid port number");
625 if (Less(portMax, rawPort))
626 throw TextException("huge port", Here());
627
628 // TODO: Return KnownPort after migrating the non-CONNECT uri-host parsing
629 // code to use us (so that foundPort "int" disappears or starts using Port).
630 return NaturalCast<int>(rawPort);
631}
632
633void
634AnyP::Uri::touch()
635{
636 absolute_.clear();
637 authorityHttp_.clear();
638 authorityWithPort_.clear();
639}
640
641SBuf &
642AnyP::Uri::authority(bool requirePort) const
643{
644 if (authorityHttp_.isEmpty()) {
645
646 // both formats contain Host/IP
647 authorityWithPort_.append(host());
648 authorityHttp_ = authorityWithPort_;
649
650 if (port().has_value()) {
651 authorityWithPort_.appendf(":%hu", *port());
652 // authorityHttp_ only has :port for known non-default ports
653 if (port() != getScheme().defaultPort())
654 authorityHttp_ = authorityWithPort_;
655 }
656 // else XXX: We made authorityWithPort_ that does not have a port.
657 // TODO: Audit callers and refuse to give out broken authorityWithPort_.
658 }
659
660 return requirePort ? authorityWithPort_ : authorityHttp_;
661}
662
663SBuf &
664AnyP::Uri::absolute() const
665{
666 if (absolute_.isEmpty()) {
667 // TODO: most URL will be much shorter, avoid allocating this much
668 absolute_.reserveCapacity(MAX_URL);
669
670 absolute_.append(getScheme().image());
671 absolute_.append(":",1);
672 if (getScheme() != AnyP::PROTO_URN) {
673 absolute_.append("//", 2);
674 const bool allowUserInfo = getScheme() == AnyP::PROTO_FTP ||
675 getScheme() == AnyP::PROTO_UNKNOWN;
676
677 if (allowUserInfo && !userInfo().isEmpty()) {
678 static const CharacterSet uiChars = CharacterSet(UserInfoChars())
679 .remove('%')
680 .rename("userinfo-reserved");
681 absolute_.append(Encode(userInfo(), uiChars));
682 absolute_.append("@", 1);
683 }
684 absolute_.append(authority());
685 } else {
686 absolute_.append(host());
687 absolute_.append(":", 1);
688 }
689 absolute_.append(path()); // TODO: Encode each URI subcomponent in path_ as needed.
690 }
691
692 return absolute_;
693}
694
695/* XXX: Performance: This is an *almost* duplicate of HttpRequest::effectiveRequestUri(). But elides the query-string.
696 * After copying it on in the first place! Would be less code to merge the two with a flag parameter.
697 * and never copy the query-string part in the first place
698 */
699char *
700urlCanonicalCleanWithoutRequest(const SBuf &url, const HttpRequestMethod &method, const AnyP::UriScheme &scheme)
701{
702 LOCAL_ARRAY(char, buf, MAX_URL);
703
704 snprintf(buf, sizeof(buf), SQUIDSBUFPH, SQUIDSBUFPRINT(url));
705 buf[sizeof(buf)-1] = '\0';
706
707 // URN, CONNECT method, and non-stripped URIs can go straight out
708 if (Config.onoff.strip_query_terms && !(method == Http::METHOD_CONNECT || scheme == AnyP::PROTO_URN)) {
709 // strip anything AFTER a question-mark
710 // leaving the '?' in place
711 if (auto t = strchr(buf, '?')) {
712 *(++t) = '\0';
713 }
714 }
715
716 if (stringHasCntl(buf))
717 xstrncpy(buf, rfc1738_escape_unescaped(buf), MAX_URL);
718
719 return buf;
720}
721
728const char *
729urlCanonicalFakeHttps(const HttpRequest * request)
730{
731 LOCAL_ARRAY(char, buf, MAX_URL);
732
733 // method CONNECT and port HTTPS
734 if (request->method == Http::METHOD_CONNECT && request->url.port() == 443) {
735 snprintf(buf, MAX_URL, "https://%s/*", request->url.host());
736 return buf;
737 }
738
739 // else do the normal complete canonical thing.
740 return request->canonicalCleanUrl();
741}
742
755bool
756urlIsRelative(const char *url)
757{
758 if (!url)
759 return false; // no URL
760
761 /*
762 * RFC 3986 section 5.2.3
763 *
764 * path = path-abempty ; begins with "/" or is empty
765 * / path-absolute ; begins with "/" but not "//"
766 * / path-noscheme ; begins with a non-colon segment
767 * / path-rootless ; begins with a segment
768 * / path-empty ; zero characters
769 */
770
771 if (*url == '\0')
772 return true; // path-empty
773
774 if (*url == '/') {
775 // RFC 3986 section 5.2.3
776 // path-absolute ; begins with "/" but not "//"
777 if (url[1] == '/')
778 return true; // network-path reference, aka. 'scheme-relative URI'
779 else
780 return true; // path-absolute, aka 'absolute-path reference'
781 }
782
783 for (const auto *p = url; *p != '\0' && *p != '/' && *p != '?' && *p != '#'; ++p) {
784 if (*p == ':')
785 return false; // colon is forbidden in first segment
786 }
787
788 return true; // path-noscheme, path-abempty, path-rootless
789}
790
791void
792AnyP::Uri::addRelativePath(const char *relUrl)
793{
794 // URN cannot be merged
795 if (getScheme() == AnyP::PROTO_URN)
796 return;
797
798 // TODO: Handle . and .. segment normalization
799
800 const auto lastSlashPos = path_.rfind('/');
801 // TODO: To optimize and simplify, add and use SBuf::replace().
802 const auto relUrlLength = strlen(relUrl);
803 if (lastSlashPos == SBuf::npos) {
804 // start replacing the whole path
805 path_.reserveCapacity(1 + relUrlLength);
806 path_.assign("/", 1);
807 } else {
808 // start replacing just the last segment
809 path_.reserveCapacity(lastSlashPos + 1 + relUrlLength);
810 path_.chop(0, lastSlashPos+1);
811 }
812 path_.append(relUrl, relUrlLength);
813}
814
815int
816matchDomainName(const char *h, const char *d, MatchDomainNameFlags flags)
817{
818 int dl;
819 int hl;
820
821 const bool hostIncludesSubdomains = (*h == '.');
822 while ('.' == *h)
823 ++h;
824
825 hl = strlen(h);
826
827 if (hl == 0)
828 return -1;
829
830 dl = strlen(d);
831
832 /*
833 * Start at the ends of the two strings and work towards the
834 * beginning.
835 */
836 while (xtolower(h[--hl]) == xtolower(d[--dl])) {
837 if (hl == 0 && dl == 0) {
838 /*
839 * We made it all the way to the beginning of both
840 * strings without finding any difference.
841 */
842 return 0;
843 }
844
845 if (0 == hl) {
846 /*
847 * The host string is shorter than the domain string.
848 * There is only one case when this can be a match.
849 * If the domain is just one character longer, and if
850 * that character is a leading '.' then we call it a
851 * match.
852 */
853
854 if (1 == dl && '.' == d[0])
855 return 0;
856 else
857 return -1;
858 }
859
860 if (0 == dl) {
861 /*
862 * The domain string is shorter than the host string.
863 * This is a match only if the first domain character
864 * is a leading '.'.
865 */
866
867 if ('.' == d[0]) {
868 if (flags & mdnRejectSubsubDomains) {
869 // Check for sub-sub domain and reject
870 while(--hl >= 0 && h[hl] != '.');
871 if (hl < 0) {
872 // No sub-sub domain found, but reject if there is a
873 // leading dot in given host string (which is removed
874 // before the check is started).
875 return hostIncludesSubdomains ? 1 : 0;
876 } else
877 return 1; // sub-sub domain, reject
878 } else
879 return 0;
880 } else
881 return 1;
882 }
883 }
884
885 /*
886 * We found different characters in the same position (from the end).
887 */
888
889 // If the h has a form of "*.foo.com" and d has a form of "x.foo.com"
890 // then the h[hl] points to '*', h[hl+1] to '.' and d[dl] to 'x'
891 // The following checks are safe, the "h[hl + 1]" in the worst case is '\0'.
892 if ((flags & mdnHonorWildcards) && h[hl] == '*' && h[hl + 1] == '.')
893 return 0;
894
895 /*
896 * If one of those character is '.' then its special. In order
897 * for splay tree sorting to work properly, "x-foo.com" must
898 * be greater than ".foo.com" even though '-' is less than '.'.
899 */
900 if ('.' == d[dl])
901 return 1;
902
903 if ('.' == h[hl])
904 return -1;
905
906 return (xtolower(h[hl]) - xtolower(d[dl]));
907}
908
909/*
910 * return true if we can serve requests for this method.
911 */
912bool
913urlCheckRequest(const HttpRequest * r)
914{
915 /* protocol "independent" methods
916 *
917 * actually these methods are specific to HTTP:
918 * they are methods we receive on our HTTP port,
919 * and if we had a FTP listener would not be relevant
920 * there.
921 *
922 * So, we should delegate them to HTTP. The problem is that we
923 * do not have a default protocol from the client side of HTTP.
924 */
925
926 if (r->method == Http::METHOD_CONNECT)
927 return true;
928
929 // we support OPTIONS and TRACE directed at us (with a 501 reply, for now)
930 // we also support forwarding OPTIONS and TRACE, except for the *-URI ones
931 if (r->method == Http::METHOD_OPTIONS || r->method == Http::METHOD_TRACE)
932 return (r->header.getInt64(Http::HdrType::MAX_FORWARDS) == 0 || r->url.path() != AnyP::Uri::Asterisk());
933
934 if (r->method == Http::METHOD_PURGE)
935 return true;
936
937 /* does method match the protocol? */
938 switch (r->url.getScheme()) {
939
940 case AnyP::PROTO_URN:
941 case AnyP::PROTO_HTTP:
942 return true;
943
944 case AnyP::PROTO_FTP:
945 if (r->method == Http::METHOD_PUT ||
946 r->method == Http::METHOD_GET ||
947 r->method == Http::METHOD_HEAD )
948 return true;
949 return false;
950
951 case AnyP::PROTO_WAIS:
952 case AnyP::PROTO_WHOIS:
953 if (r->method == Http::METHOD_GET ||
954 r->method == Http::METHOD_HEAD)
955 return true;
956 return false;
957
958 case AnyP::PROTO_HTTPS:
959#if USE_OPENSSL || USE_GNUTLS
960 return true;
961#else
962 /*
963 * Squid can't originate an SSL connection, so it should
964 * never receive an "https:" URL. It should always be
965 * CONNECT instead.
966 */
967 return false;
968#endif
969
970 default:
971 return false;
972 }
973
974 /* notreached */
975 return false;
976}
977
978AnyP::Uri::Uri(AnyP::UriScheme const &aScheme) :
979 scheme_(aScheme),
980 hostIsNumeric_(false)
981{
982 *host_=0;
983}
984
985// TODO: fix code duplication with AnyP::Uri::parse()
986char *
987AnyP::Uri::cleanup(const char *uri)
988{
989 char *cleanedUri = nullptr;
990 switch (Config.uri_whitespace) {
991 case URI_WHITESPACE_ALLOW: {
992 const auto flags = RFC1738_ESCAPE_NOSPACE | RFC1738_ESCAPE_UNESCAPED;
993 cleanedUri = xstrndup(rfc1738_do_escape(uri, flags), MAX_URL);
994 break;
995 }
996
997 case URI_WHITESPACE_ENCODE:
998 cleanedUri = xstrndup(rfc1738_do_escape(uri, RFC1738_ESCAPE_UNESCAPED), MAX_URL);
999 break;
1000
1001 case URI_WHITESPACE_CHOP: {
1002 const auto pos = strcspn(uri, w_space);
1003 char *choppedUri = nullptr;
1004 if (pos < strlen(uri))
1005 choppedUri = xstrndup(uri, pos + 1);
1006 cleanedUri = xstrndup(rfc1738_do_escape(choppedUri ? choppedUri : uri,
1007 RFC1738_ESCAPE_UNESCAPED), MAX_URL);
1008 cleanedUri[pos] = '\0';
1009 xfree(choppedUri);
1010 break;
1011 }
1012
1013 case URI_WHITESPACE_DENY:
1014 case URI_WHITESPACE_STRIP:
1015 default: {
1016 // TODO: avoid duplication with urlParse()
1017 const char *t;
1018 char *tmp_uri = static_cast<char*>(xmalloc(strlen(uri) + 1));
1019 char *q = tmp_uri;
1020 t = uri;
1021 while (*t) {
1022 if (!xisspace(*t)) {
1023 *q = *t;
1024 ++q;
1025 }
1026 ++t;
1027 }
1028 *q = '\0';
1029 cleanedUri = xstrndup(rfc1738_escape_unescaped(tmp_uri), MAX_URL);
1030 xfree(tmp_uri);
1031 break;
1032 }
1033 }
1034
1035 assert(cleanedUri);
1036 return cleanedUri;
1037}
1038
Assure
#define Assure(condition)
Definition: Assure.h:35
Here
#define Here()
source code location of the caller
Definition: Here.h:15
SQUIDSBUFPH
#define SQUIDSBUFPH
Definition: SBuf.h:31
SBufToCstring
void SBufToCstring(char *d, const SBuf &s)
Definition: SBuf.h:752
SQUIDSBUFPRINT
#define SQUIDSBUFPRINT(s)
Definition: SBuf.h:32
Config
class SquidConfig Config
Definition: SquidConfig.cc:12
Less
constexpr bool Less(const A a, const B b)
whether integer a is less than integer b, with correct overflow handling
Definition: SquidMath.h:48
stringHasWhitespace
int stringHasWhitespace(const char *)
Definition: String.cc:287
stringHasCntl
int stringHasCntl(const char *)
Definition: String.cc:294
CurrentException
std::ostream & CurrentException(std::ostream &os)
prints active (i.e., thrown but not yet handled) exception
Definition: TextException.cc:88
urlCheckRequest
bool urlCheckRequest(const HttpRequest *r)
Definition: Uri.cc:913
valid_hostname_chars
static const char valid_hostname_chars[]
Definition: Uri.cc:28
valid_hostname_chars_u
static const char valid_hostname_chars_u[]
Definition: Uri.cc:22
urlIsRelative
bool urlIsRelative(const char *url)
Definition: Uri.cc:756
urlInitialize
void urlInitialize(void)
Definition: Uri.cc:138
matchDomainName
int matchDomainName(const char *h, const char *d, MatchDomainNameFlags flags)
Definition: Uri.cc:816
urlCanonicalCleanWithoutRequest
char * urlCanonicalCleanWithoutRequest(const SBuf &url, const HttpRequestMethod &method, const AnyP::UriScheme &scheme)
Definition: Uri.cc:700
uriParseScheme
static AnyP::UriScheme uriParseScheme(Parser::Tokenizer &tok)
Definition: Uri.cc:189
UserInfoChars
static const CharacterSet & UserInfoChars()
Characters which are valid within a URI userinfo section.
Definition: Uri.cc:37
urlCanonicalFakeHttps
const char * urlCanonicalFakeHttps(const HttpRequest *request)
Definition: Uri.cc:729
urlAppendDomain
bool urlAppendDomain(char *host)
apply append_domain config to the given hostname
Definition: Uri.cc:219
MatchDomainNameFlags
MatchDomainNameFlags
Definition: Uri.h:228
mdnRejectSubsubDomains
@ mdnRejectSubsubDomains
Definition: Uri.h:231
mdnHonorWildcards
@ mdnHonorWildcards
Definition: Uri.h:230
assert
#define assert(EX)
Definition: assert.h:17
AnyP::UriScheme::FindProtocolType
static AnyP::ProtocolType FindProtocolType(const SBuf &)
Definition: UriScheme.cc:52
AnyP::UriScheme::defaultPort
Port defaultPort() const
Definition: UriScheme.cc:71
AnyP::UriScheme::image
SBuf image() const
Definition: UriScheme.h:57
AnyP::Uri::SlashPath
static const SBuf & SlashPath()
the static '/' default URL-path
Definition: Uri.cc:93
AnyP::Uri::parseHost
SBuf parseHost(Parser::Tokenizer &) const
Definition: Uri.cc:554
AnyP::Uri::parseUrn
void parseUrn(Parser::Tokenizer &)
Definition: Uri.cc:523
AnyP::Uri::getScheme
AnyP::UriScheme const & getScheme() const
Definition: Uri.h:67
AnyP::Uri::touch
void touch()
clear the cached URI display forms
Definition: Uri.cc:634
AnyP::Uri::authority
SBuf & authority(bool requirePort=false) const
Definition: Uri.cc:642
AnyP::Uri::path
void path(const char *p)
Definition: Uri.h:101
AnyP::Uri::host_
char host_[SQUIDHOSTNAMELEN]
string representation of the URI authority name or IP
Definition: Uri.h:179
AnyP::Uri::host
const char * host(void) const
Definition: Uri.h:85
AnyP::Uri::Uri
Uri()
Definition: Uri.h:35
AnyP::Uri::cleanup
static char * cleanup(const char *uri)
Definition: Uri.cc:987
AnyP::Uri::addRelativePath
void addRelativePath(const char *relUrl)
Definition: Uri.cc:792
AnyP::Uri::parsePort
int parsePort(Parser::Tokenizer &) const
Definition: Uri.cc:612
AnyP::Uri::absolute
SBuf & absolute() const
Definition: Uri.cc:664
AnyP::Uri::Asterisk
static const SBuf & Asterisk()
the static '*' pseudo-URI
Definition: Uri.cc:86
AnyP::Uri::port
void port(const Port p)
reset authority port subcomponent
Definition: Uri.h:95
AnyP::Uri::path
const SBuf & path() const
Definition: Uri.cc:126
AnyP::Uri::host
void host(const char *src)
Definition: Uri.cc:100
AnyP::Uri::parse
bool parse(const HttpRequestMethod &, const SBuf &url)
Definition: Uri.cc:248
AnyP::Uri::hostOrIp
SBuf hostOrIp() const
Definition: Uri.cc:115
AnyP::Uri::Encode
static SBuf Encode(const SBuf &, const CharacterSet &expected)
Definition: Uri.cc:57
CharacterSet
optimized set of C chars, with quick membership test and merge support
Definition: CharacterSet.h:18
CharacterSet::TCHAR
static const CharacterSet TCHAR
Definition: CharacterSet.h:105
CharacterSet::rename
CharacterSet & rename(const char *label)
change name; handy in const declarations that use operators
Definition: CharacterSet.h:61
CharacterSet::DIGIT
static const CharacterSet DIGIT
Definition: CharacterSet.h:84
CharacterSet::ALPHA
static const CharacterSet ALPHA
Definition: CharacterSet.h:76
CharacterSet::HEXDIG
static const CharacterSet HEXDIG
Definition: CharacterSet.h:88
CharacterSet::remove
CharacterSet & remove(const unsigned char c)
remove a given character from the character set
Definition: CharacterSet.cc:54
HttpHeader::getInt64
int64_t getInt64(Http::HdrType id) const
Definition: HttpHeader.cc:1134
HttpRequest::method
HttpRequestMethod method
Definition: HttpRequest.h:114
HttpRequest::canonicalCleanUrl
char * canonicalCleanUrl() const
Definition: HttpRequest.cc:814
HttpRequest::url
AnyP::Uri url
the request URI
Definition: HttpRequest.h:115
Http::Message::header
HttpHeader header
Definition: Message.h:74
Ip::Address::fromHost
bool fromHost(const char *hostWithoutPort)
Definition: Address.cc:898
Parser::Tokenizer::prefix
bool prefix(SBuf &returnedToken, const CharacterSet &tokenChars, SBuf::size_type limit=SBuf::npos)
Definition: Tokenizer.cc:79
Parser::Tokenizer::remaining
const SBuf & remaining() const
the remaining unprocessed section of buffer
Definition: Tokenizer.h:44
Parser::Tokenizer::atEnd
bool atEnd() const
whether the end of the buffer has been reached
Definition: Tokenizer.h:41
Parser::Tokenizer::skip
bool skip(const SBuf &tokenToSkip)
Definition: Tokenizer.cc:177
Raw
Definition: Raw.h:21
SBuf
Definition: SBuf.h:94
SBuf::rawContent
const char * rawContent() const
Definition: SBuf.cc:509
SBuf::npos
static const size_type npos
Definition: SBuf.h:99
SBuf::at
char at(size_type pos) const
Definition: SBuf.h:249
SBuf::c_str
const char * c_str()
Definition: SBuf.cc:516
SBuf::reserveCapacity
void reserveCapacity(size_type minCapacity)
Definition: SBuf.cc:105
SBuf::length
size_type length() const
Returns the number of bytes stored in SBuf.
Definition: SBuf.h:415
SBuf::appendf
SBuf & appendf(const char *fmt,...) PRINTF_FORMAT_ARG2
Definition: SBuf.cc:229
SBuf::find
size_type find(char c, size_type startPos=0) const
Definition: SBuf.cc:584
SBuf::isEmpty
bool isEmpty() const
Definition: SBuf.h:431
SBuf::begin
const_iterator begin() const
Definition: SBuf.h:583
SBuf::append
SBuf & append(const SBuf &S)
Definition: SBuf.cc:185
SBuf::rbegin
const_reverse_iterator rbegin() const
Definition: SBuf.h:591
SBuf::reserveSpace
void reserveSpace(size_type minSpace)
Definition: SBuf.h:440
SquidConfig::appendDomainLen
size_t appendDomainLen
Definition: SquidConfig.h:222
SquidConfig::strip_query_terms
int strip_query_terms
Definition: SquidConfig.h:299
SquidConfig::onoff
struct SquidConfig::@106 onoff
SquidConfig::appendDomain
char * appendDomain
Definition: SquidConfig.h:221
SquidConfig::uri_whitespace
int uri_whitespace
Definition: SquidConfig.h:456
SquidConfig::check_hostnames
int check_hostnames
Definition: SquidConfig.h:315
SquidConfig::allow_underscore
int allow_underscore
Definition: SquidConfig.h:316
TextException
an std::runtime_error with thrower location info
Definition: TextException.h:21
max
A const & max(A const &lhs, A const &rhs)
Definition: compat_shared.h:124
w_space
#define w_space
Definition: compat_shared.h:139
MYNAME
#define MYNAME
Definition: Stream.h:236
DBG_IMPORTANT
#define DBG_IMPORTANT
Definition: Stream.h:38
debugs
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Stream.h:194
URI_WHITESPACE_CHOP
#define URI_WHITESPACE_CHOP
Definition: defines.h:129
URI_WHITESPACE_STRIP
#define URI_WHITESPACE_STRIP
Definition: defines.h:126
URI_WHITESPACE_DENY
#define URI_WHITESPACE_DENY
Definition: defines.h:130
URI_WHITESPACE_ALLOW
#define URI_WHITESPACE_ALLOW
Definition: defines.h:127
URI_WHITESPACE_ENCODE
#define URI_WHITESPACE_ENCODE
Definition: defines.h:128
MAX_URL
#define MAX_URL
Definition: defines.h:78
port
static int port
Definition: ldap_backend.cc:70
MAX_IPSTRLEN
#define MAX_IPSTRLEN
Length of buffer that needs to be allocated to old a null-terminated IP-string.
Definition: forward.h:25
B
static uint32 B
Definition: md4.c:43
AnyP::ProtocolType_str
const char * ProtocolType_str[]
AnyP::KnownPort
uint16_t KnownPort
validated/supported port number; these values are never zero
Definition: UriScheme.h:23
AnyP::PROTO_NONE
@ PROTO_NONE
Definition: ProtocolType.h:24
AnyP::PROTO_HTTPS
@ PROTO_HTTPS
Definition: ProtocolType.h:27
AnyP::PROTO_UNKNOWN
@ PROTO_UNKNOWN
Definition: ProtocolType.h:41
AnyP::PROTO_HTTP
@ PROTO_HTTP
Definition: ProtocolType.h:25
AnyP::PROTO_FTP
@ PROTO_FTP
Definition: ProtocolType.h:26
AnyP::PROTO_WHOIS
@ PROTO_WHOIS
Definition: ProtocolType.h:36
AnyP::PROTO_MAX
@ PROTO_MAX
Definition: ProtocolType.h:42
AnyP::PROTO_URN
@ PROTO_URN
Definition: ProtocolType.h:35
AnyP::PROTO_WAIS
@ PROTO_WAIS
Definition: ProtocolType.h:30
Http::METHOD_TRACE
@ METHOD_TRACE
Definition: MethodType.h:30
Http::METHOD_PUT
@ METHOD_PUT
Definition: MethodType.h:27
Http::METHOD_OPTIONS
@ METHOD_OPTIONS
Definition: MethodType.h:31
Http::METHOD_CONNECT
@ METHOD_CONNECT
Definition: MethodType.h:29
Http::METHOD_GET
@ METHOD_GET
Definition: MethodType.h:25
Http::METHOD_PURGE
@ METHOD_PURGE
Definition: MethodType.h:92
Http::METHOD_HEAD
@ METHOD_HEAD
Definition: MethodType.h:28
xfree
#define xfree
Definition: negotiate_wrapper.cc:54
xmalloc
#define xmalloc
Definition: negotiate_wrapper.cc:48
RFC1738_ESCAPE_NOSPACE
#define RFC1738_ESCAPE_NOSPACE
Definition: rfc1738.h:22
rfc1738_do_escape
char * rfc1738_do_escape(const char *url, int flags)
Definition: rfc1738.c:56
RFC1738_ESCAPE_UNESCAPED
#define RFC1738_ESCAPE_UNESCAPED
Definition: rfc1738.h:25
rfc1738_escape_unescaped
#define rfc1738_escape_unescaped(x)
Definition: rfc1738.h:59
rfc1738_unescape
void rfc1738_unescape(char *url)
Definition: rfc1738.c:146
SQUIDHOSTNAMELEN
#define SQUIDHOSTNAMELEN
Definition: rfc2181.h:30
LOCAL_ARRAY
#define LOCAL_ARRAY(type, name, size)
Definition: squid.h:68
tok
Definition: parse.c:160
xisspace
#define xisspace(x)
Definition: xis.h:15
xtolower
#define xtolower(x)
Definition: xis.h:17
xstrncpy
char * xstrncpy(char *dst, const char *src, size_t n)
Definition: xstring.cc:37
xstrndup
char * xstrndup(const char *s, size_t n)
Definition: xstring.cc:56

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors