diff options
author | Richard Walters <rwalters@digitalstirling.com> | 2018-07-01 15:08:41 -0700 |
---|---|---|
committer | Richard Walters <rwalters@digitalstirling.com> | 2018-07-01 15:08:41 -0700 |
commit | 4eb4f0c150642cf2fa92f75000ab5108d1908e48 (patch) | |
tree | acb4a6e2e39a0316a64c22b5ef3023716d995334 /src/Uri.cpp | |
parent | b4cc26f831573d8dc122b4d2ba8a5f5d8d7e3773 (diff) |
Check for illegal characters in path segments
Diffstat (limited to 'src/Uri.cpp')
-rw-r--r-- | src/Uri.cpp | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/src/Uri.cpp b/src/Uri.cpp index 38dbe50..2b9b93a 100644 --- a/src/Uri.cpp +++ b/src/Uri.cpp @@ -185,6 +185,82 @@ namespace Uri { // Methods /** + * This method checks and decodes the given path segment. + * + * @param[in,out] segment + * On input, this is the path segment to check and decode. + * On output, this is the decoded path segment. + * + * @return + * An indication of whether or not the path segment + * passed all checks and was decoded successfully is returned. + */ + bool DecodePathSegment(std::string& segment) { + const auto originalSegment = std::move(segment); + segment.clear(); + size_t decoderState = 0; + int decodedCharacter = 0; + for (const auto c: originalSegment) { + switch(decoderState) { + case 0: { // default + if (c == '%') { + decoderState = 1; + } else { + if ( + IsCharacterInSet( + c, + { + // unreserved + 'a','z', 'A','Z', // ALPHA + '0','9', // DIGIT + '-','-', '.','.', '_','_', '~','~', + + // sub-delims + '!','!', '$','$', '&','&', '\'','\'', '(','(', ')',')', + '*','*', '+','+', ',',',', ';',';', '=','=', + + // (also allowed in segment or pchar) + ':',':', '@','@' + } + ) + ) { + segment.push_back(c); + } else { + return false; + } + } + } break; + + case 1: { // % ... + decoderState = 2; + decodedCharacter <<= 4; + if (IsCharacterInSet(c, {'0','9'})) { + decodedCharacter += (int)(c - '0'); + } else if (IsCharacterInSet(c, {'A','F'})) { + decodedCharacter += (int)(c - 'A') + 10; + } else { + return false; + } + } break; + + case 2: { // %[0-9A-F] ... + decoderState = 0; + decodedCharacter <<= 4; + if (IsCharacterInSet(c, {'0','9'})) { + decodedCharacter += (int)(c - '0'); + } else if (IsCharacterInSet(c, {'A','F'})) { + decodedCharacter += (int)(c - 'A') + 10; + } else { + return false; + } + segment.push_back((char)decodedCharacter); + } break; + } + } + return true; + } + + /** * This method builds the internal path element sequence * by parsing it from the given path string. * @@ -218,6 +294,11 @@ namespace Uri { } } } + for (auto& segment: path) { + if (!DecodePathSegment(segment)) { + return false; + } + } return true; } |