Skip to content

Commit 59a4fc2

Browse files
cgopalancgopalan
committed
Added fix and tests
1 parent f19fd79 commit 59a4fc2

File tree

2 files changed

+36
-9
lines changed

2 files changed

+36
-9
lines changed

src/net/url/url.go

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -433,11 +433,20 @@ func (u *Userinfo) String() string {
433433
// (Scheme must be [a-zA-Z][a-zA-Z0-9+-.]*)
434434
// If so, return scheme, path; else return "", rawurl.
435435
func getscheme(rawurl string) (scheme, path string, err error) {
436+
// Validate the scheme
437+
if ci := strings.IndexByte(rawurl, ':'); ci >= 0 {
438+
var r byte
439+
if ei := strings.IndexByte(rawurl, '='); ei >= 0 && ei < ci {
440+
r = rawurl[ei+1]
441+
} else {
442+
r = rawurl[0]
443+
}
444+
if r < 'A' || (r > 'Z' && r < 'a') || r > 'z' {
445+
return "", "", errors.New("url scheme has invalid character")
446+
}
447+
}
436448
for i := 0; i < len(rawurl); i++ {
437449
c := rawurl[i]
438-
if i == 0 && c != '/' && c != '.' && c != '?' && c != ';' && (c < 'A' || (c > 'Z' && c < 'a') || c > 'z') {
439-
return "", "", errors.New("URL scheme has invalid character")
440-
}
441450
switch {
442451
case 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z':
443452
// do nothing

src/net/url/url_test.go

Lines changed: 24 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -681,12 +681,6 @@ var parseRequestURLTests = []struct {
681681
// RFC 6874.
682682
{"http://[fe80::1%en0]/", false},
683683
{"http://[fe80::1%en0]:8080/", false},
684-
685-
// Testing valid and invalid URL schemes
686-
{"ahttp://example.com", true},
687-
{" http://example.com", false},
688-
{"+http://example.com", false},
689-
{"1http://example.com", false},
690684
}
691685

692686
func TestParseRequestURI(t *testing.T) {
@@ -1873,3 +1867,27 @@ func BenchmarkPathUnescape(b *testing.B) {
18731867
})
18741868
}
18751869
}
1870+
1871+
var urlSchemeValidTests = []struct {
1872+
url string
1873+
expectedValid bool
1874+
}{
1875+
{"ahttp://example.com", true},
1876+
{" http://example.com", false},
1877+
{"+http://example.com", false},
1878+
{"example.com", false},
1879+
}
1880+
1881+
func TestValidUrlSchemes(t *testing.T) {
1882+
for _, test := range urlSchemeValidTests {
1883+
_, err := ParseRequestURI(test.url)
1884+
if test.expectedValid && err != nil {
1885+
t.Errorf("ParseRequestURI(%q) gave err %v; want no error", test.url, err)
1886+
} else if !test.expectedValid && err == nil {
1887+
t.Errorf("ParseRequestURI(%q) gave nil error; want some error", test.url)
1888+
} else if !test.expectedValid && err != nil && !strings.ContainsAny(err.Error(), "Url scheme has invalid character!!") {
1889+
//t.Errorf("Error was %v", err.Error())
1890+
t.Errorf("ParseRequestURI(%q) gave error %v; want Invalid scheme error", test.url, err)
1891+
}
1892+
}
1893+
}

0 commit comments

Comments
 (0)