Skip to content

Commit ff8ccc4

Browse files
janwejanwe
committed
Fix handling of multiple double dots above root in parsing of relative URI
1 parent f95a4e3 commit ff8ccc4

File tree

2 files changed

+133
-1
lines changed

2 files changed

+133
-1
lines changed

api/src/main/java/org/asynchttpclient/uri/UriParser.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -212,6 +212,8 @@ private void removeEmbedded2Dots() {
212212
if (end >= 0 && path.indexOf("/../", end) != 0) {
213213
path = path.substring(0, end) + path.substring(i + 3);
214214
i = 0;
215+
} else if (end == 0) {
216+
break;
215217
}
216218
} else
217219
i = i + 3;

api/src/test/java/org/asynchttpclient/uri/UriTest.java

Lines changed: 131 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
import org.testng.annotations.Test;
1616

1717
import static org.testng.Assert.assertEquals;
18+
import static org.testng.Assert.assertNull;
1819

1920
public class UriTest {
2021

@@ -83,5 +84,134 @@ public void testAbsoluteURIWithContext() {
8384
assertEquals(url.getPath(), "/750198471659552/accounts/test-users");
8485
assertEquals(url.getQuery(), "method=get&access_token=750198471659552lleveCvbUu_zqBa9tkT3tcgaPh4");
8586
}
86-
}
8787

88+
@Test
89+
public void testRelativeUriWithDots() {
90+
Uri context = Uri.create("https://hello.com/level1/level2/");
91+
92+
Uri url = Uri.create(context, "../other/content/img.png");
93+
94+
assertEquals(url.getScheme(), "https");
95+
assertEquals(url.getHost(), "hello.com");
96+
assertEquals(url.getPort(), -1);
97+
assertEquals(url.getPath(), "/level1/other/content/img.png");
98+
assertNull(url.getQuery());
99+
}
100+
101+
@Test
102+
public void testRelativeUriWithDotsAboveRoot() {
103+
Uri context = Uri.create("https://hello.com/level1");
104+
105+
Uri url = Uri.create(context, "../other/content/img.png");
106+
107+
assertEquals(url.getScheme(), "https");
108+
assertEquals(url.getHost(), "hello.com");
109+
assertEquals(url.getPort(), -1);
110+
assertEquals(url.getPath(), "/../other/content/img.png");
111+
assertNull(url.getQuery());
112+
}
113+
114+
@Test
115+
public void testRelativeUriWithAbsoluteDots() {
116+
Uri context = Uri.create("https://hello.com/level1/");
117+
118+
Uri url = Uri.create(context, "/../other/content/img.png");
119+
120+
assertEquals(url.getScheme(), "https");
121+
assertEquals(url.getHost(), "hello.com");
122+
assertEquals(url.getPort(), -1);
123+
assertEquals(url.getPath(), "/../other/content/img.png");
124+
assertNull(url.getQuery());
125+
}
126+
127+
@Test
128+
public void testRelativeUriWithConsecutiveDots() {
129+
Uri context = Uri.create("https://hello.com/level1/level2/");
130+
131+
Uri url = Uri.create(context, "../../other/content/img.png");
132+
133+
assertEquals(url.getScheme(), "https");
134+
assertEquals(url.getHost(), "hello.com");
135+
assertEquals(url.getPort(), -1);
136+
assertEquals(url.getPath(), "/other/content/img.png");
137+
assertNull(url.getQuery());
138+
}
139+
140+
@Test
141+
public void testRelativeUriWithConsecutiveDotsAboveRoot() {
142+
Uri context = Uri.create("https://hello.com/level1/level2");
143+
144+
Uri url = Uri.create(context, "../../other/content/img.png");
145+
146+
assertEquals(url.getScheme(), "https");
147+
assertEquals(url.getHost(), "hello.com");
148+
assertEquals(url.getPort(), -1);
149+
assertEquals(url.getPath(), "/../other/content/img.png");
150+
assertNull(url.getQuery());
151+
}
152+
153+
@Test
154+
public void testRelativeUriWithAbsoluteConsecutiveDots() {
155+
Uri context = Uri.create("https://hello.com/level1/level2/");
156+
157+
Uri url = Uri.create(context, "/../../other/content/img.png");
158+
159+
assertEquals(url.getScheme(), "https");
160+
assertEquals(url.getHost(), "hello.com");
161+
assertEquals(url.getPort(), -1);
162+
assertEquals(url.getPath(), "/../../other/content/img.png");
163+
assertNull(url.getQuery());
164+
}
165+
166+
@Test
167+
public void testRelativeUriWithConsecutiveDotsFromRoot() {
168+
Uri context = Uri.create("https://hello.com/");
169+
170+
Uri url = Uri.create(context, "../../../other/content/img.png");
171+
172+
assertEquals(url.getScheme(), "https");
173+
assertEquals(url.getHost(), "hello.com");
174+
assertEquals(url.getPort(), -1);
175+
assertEquals(url.getPath(), "/../../../other/content/img.png");
176+
assertNull(url.getQuery());
177+
}
178+
179+
@Test
180+
public void testRelativeUriWithConsecutiveDotsFromRootResource() {
181+
Uri context = Uri.create("https://hello.com/level1");
182+
183+
Uri url = Uri.create(context, "../../../other/content/img.png");
184+
185+
assertEquals(url.getScheme(), "https");
186+
assertEquals(url.getHost(), "hello.com");
187+
assertEquals(url.getPort(), -1);
188+
assertEquals(url.getPath(), "/../../../other/content/img.png");
189+
assertNull(url.getQuery());
190+
}
191+
192+
@Test
193+
public void testRelativeUriWithConsecutiveDotsFromSubrootResource() {
194+
Uri context = Uri.create("https://hello.com/level1/level2");
195+
196+
Uri url = Uri.create(context, "../../../other/content/img.png");
197+
198+
assertEquals(url.getScheme(), "https");
199+
assertEquals(url.getHost(), "hello.com");
200+
assertEquals(url.getPort(), -1);
201+
assertEquals(url.getPath(), "/../../other/content/img.png");
202+
assertNull(url.getQuery());
203+
}
204+
205+
@Test
206+
public void testRelativeUriWithConsecutiveDotsFromLevel3Resource() {
207+
Uri context = Uri.create("https://hello.com/level1/level2/level3");
208+
209+
Uri url = Uri.create(context, "../../../other/content/img.png");
210+
211+
assertEquals(url.getScheme(), "https");
212+
assertEquals(url.getHost(), "hello.com");
213+
assertEquals(url.getPort(), -1);
214+
assertEquals(url.getPath(), "/../other/content/img.png");
215+
assertNull(url.getQuery());
216+
}
217+
}

0 commit comments

Comments
 (0)