Implement IHttpRequestFeature.RawTarget (aspnet/HttpAbstractions#596).

Author: Cesar Blum Silveira

src/Microsoft.AspNetCore.Server.Kestrel/Http/Frame.FeatureCollection.cs

@@ -152,6 +152,18 @@ string IHttpRequestFeature.QueryString
             }
         }
 
+        string IHttpRequestFeature.RawTarget
+        {
+            get
+            {
+                return RawTarget;
+            }
+            set
+            {
+                RawTarget = value;
+            }
+        }
+
         IHeaderDictionary IHttpRequestFeature.Headers
         {
             get

src/Microsoft.AspNetCore.Server.Kestrel/Http/Frame.cs

@@ -84,6 +84,7 @@ public Frame(ConnectionContext context)
         public string PathBase { get; set; }
         public string Path { get; set; }
         public string QueryString { get; set; }
+        public string RawTarget { get; set; }
         public string HttpVersion
         {
             get
@@ -849,6 +850,8 @@ protected RequestLineStatus TakeStartLine(SocketInput input)
                     queryString = begin.GetAsciiString(scan);
                 }
 
+                var queryEnd = scan;
+
                 if (pathBegin.Peek() == ' ')
                 {
                     RejectRequest("Missing request target.");
@@ -896,8 +899,12 @@ protected RequestLineStatus TakeStartLine(SocketInput input)
                 // Multibyte Internationalized Resource Identifiers (IRIs) are first converted to utf8;
                 // then encoded/escaped to ASCII  https://www.ietf.org/rfc/rfc3987.txt "Mapping of IRIs to URIs"
                 string requestUrlPath;
+                string rawTarget;
                 if (needDecode)
                 {
+                    // Read raw target before mutating memory.
+                    rawTarget = pathBegin.GetAsciiString(queryEnd);
+
                     // URI was encoded, unescape and then parse as utf8
                     pathEnd = UrlPathDecoder.Unescape(pathBegin, pathEnd);
                     requestUrlPath = pathBegin.GetUtf8String(pathEnd);
@@ -907,28 +914,43 @@ protected RequestLineStatus TakeStartLine(SocketInput input)
                 {
                     // URI wasn't encoded, parse as ASCII
                     requestUrlPath = pathBegin.GetAsciiString(pathEnd);
+
+                    if (queryString.Length == 0)
+                    {
+                        // No need to allocate an extra string if the path didn't need
+                        // decoding and there's no query string following it.
+                        rawTarget = requestUrlPath;
+                    }
+                    else
+                    {
+                        rawTarget = pathBegin.GetAsciiString(queryEnd);
+                    }
                 }
 
                 requestUrlPath = PathNormalizer.RemoveDotSegments(requestUrlPath);
 
                 consumed = scan;
                 Method = method;
                 QueryString = queryString;
+                RawTarget = rawTarget;
                 HttpVersion = httpVersion;
 
                 bool caseMatches;
-
-                if (!string.IsNullOrEmpty(_pathBase) &&
-                    (requestUrlPath.Length == _pathBase.Length || (requestUrlPath.Length > _pathBase.Length && requestUrlPath[_pathBase.Length] == '/')) &&
-                    RequestUrlStartsWithPathBase(requestUrlPath, out caseMatches))
+                if (RequestUrlStartsWithPathBase(requestUrlPath, out caseMatches))
                 {
                     PathBase = caseMatches ? _pathBase : requestUrlPath.Substring(0, _pathBase.Length);
                     Path = requestUrlPath.Substring(_pathBase.Length);
                 }
-                else
+                else if (rawTarget[0] == '/') // check rawTarget since requestUrlPath can be "" or "/" after dot segment removal
                 {
                     Path = requestUrlPath;
                 }
+                else
+                {
+                    Path = string.Empty;
+                    PathBase = string.Empty;
+                    QueryString = string.Empty;
+                }
 
                 return RequestLineStatus.Done;
             }
@@ -942,6 +964,16 @@ private bool RequestUrlStartsWithPathBase(string requestUrl, out bool caseMatche
         {
             caseMatches = true;
 
+            if (string.IsNullOrEmpty(_pathBase))
+            {
+                return false;
+            }
+
+            if (requestUrl.Length < _pathBase.Length || (requestUrl.Length > _pathBase.Length && requestUrl[_pathBase.Length] != '/'))
+            {
+                return false;
+            }
+
             for (var i = 0; i < _pathBase.Length; i++)
             {
                 if (requestUrl[i] != _pathBase[i])

test/Microsoft.AspNetCore.Server.Kestrel.FunctionalTests/RequestTests.cs

@@ -10,6 +10,7 @@
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
 using Microsoft.AspNetCore.Testing.xunit;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
@@ -202,6 +203,122 @@ public void RequestPathIsNormalized()
             }
         }
 
+        [Theory]
+        [InlineData("/")]
+        [InlineData("/.")]
+        [InlineData("/..")]
+        [InlineData("/./.")]
+        [InlineData("/./..")]
+        [InlineData("/../.")]
+        [InlineData("/../..")]
+        [InlineData("/path")]
+        [InlineData("/path?foo=1&bar=2")]
+        [InlineData("/hello%20world")]
+        [InlineData("/hello%20world?foo=1&bar=2")]
+        [InlineData("/base/path")]
+        [InlineData("/base/path?foo=1&bar=2")]
+        [InlineData("/base/hello%20world")]
+        [InlineData("/base/hello%20world?foo=1&bar=2")]
+        public void RequestFeatureContainsRawTarget(string requestTarget)
+        {
+            var builder = new WebHostBuilder()
+                .UseKestrel()
+                .UseUrls($"http://127.0.0.1:0/base")
+                .Configure(app =>
+                {
+                    app.Run(async context =>
+                    {
+                        var connection = context.Connection;
+                        Assert.Equal(requestTarget, context.Features.Get<IHttpRequestFeature>().RawTarget);
+                        await context.Response.WriteAsync("hello, world");
+                    });
+                });
+
+            using (var host = builder.Build())
+            {
+                host.Start();
+
+                using (var socket = TestConnection.CreateConnectedLoopbackSocket(host.GetPort()))
+                {
+                    socket.Send(Encoding.ASCII.GetBytes($"GET {requestTarget} HTTP/1.1\r\n\r\n"));
+                    socket.Shutdown(SocketShutdown.Send);
+
+                    var response = new StringBuilder();
+                    var buffer = new byte[4096];
+                    while (true)
+                    {
+                        var length = socket.Receive(buffer);
+                        if (length == 0)
+                        {
+                            break;
+                        }
+
+                        response.Append(Encoding.ASCII.GetString(buffer, 0, length));
+                    }
+
+                    Assert.StartsWith("HTTP/1.1 200 OK", response.ToString());
+                }
+            }
+        }
+
+        [Theory]
+        [InlineData("*")]
+        [InlineData("*/?arg=value")]
+        [InlineData("*?arg=value")]
+        [InlineData("DoesNotStartWith/")]
+        [InlineData("DoesNotStartWith/?arg=value")]
+        [InlineData("DoesNotStartWithSlash?arg=value")]
+        [InlineData("./")]
+        [InlineData("../")]
+        [InlineData("../.")]
+        [InlineData(".././")]
+        [InlineData("../..")]
+        [InlineData("../../")]
+        public void NonPathRequestTargetSetInRawTarget(string requestTarget)
+        {
+            var builder = new WebHostBuilder()
+                .UseKestrel()
+                .UseUrls($"http://127.0.0.1:0/")
+                .Configure(app =>
+                {
+                    app.Run(async context =>
+                    {
+                        var connection = context.Connection;
+                        Assert.Equal(requestTarget, context.Features.Get<IHttpRequestFeature>().RawTarget);
+                        Assert.Empty(context.Request.Path.Value);
+                        Assert.Empty(context.Request.PathBase.Value);
+                        Assert.Empty(context.Request.QueryString.Value);
+                        await context.Response.WriteAsync("hello, world");
+                    });
+                });
+
+            using (var host = builder.Build())
+            {
+                host.Start();
+
+                using (var socket = TestConnection.CreateConnectedLoopbackSocket(host.GetPort()))
+                {
+                    socket.Send(Encoding.ASCII.GetBytes($"GET {requestTarget} HTTP/1.1\r\n\r\n"));
+                    socket.Shutdown(SocketShutdown.Send);
+
+                    var response = new StringBuilder();
+                    var buffer = new byte[4096];
+                    while (true)
+                    {
+                        var length = socket.Receive(buffer);
+                        if (length == 0)
+                        {
+                            break;
+                        }
+
+                        response.Append(Encoding.ASCII.GetString(buffer, 0, length));
+                    }
+
+                    Assert.StartsWith("HTTP/1.1 200 OK", response.ToString());
+                }
+            }
+        }
+
         private async Task TestRemoteIPAddress(string registerAddress, string requestAddress, string expectAddress)
         {
             var builder = new WebHostBuilder()