Http: Improve URL Parser to test more edge cases

Author: Pagghiu

Libraries/Http/HttpURLParser.cpp

@@ -50,11 +50,52 @@ SC::Result SC::HttpURLParser::parse(StringView url)
     const bool hasPath = it.advanceUntilMatches('/');
 
     host = StringView::fromIterators(start, it, encoding);
+
+    // Check for query parameters or fragments before parsing host
+    StringView      originalHost = host;
+    auto            hostIt       = originalHost.getIterator<StringIteratorASCII>();
+    StringCodePoint separator;
+    const bool      hasQueryOrFragment = hostIt.advanceUntilMatchesAny({'?', '#'}, separator);
+
+    // If there is no path but the host contains query/fragment (e.g. http://example.com?x=1)
+    // trim the `host` to exclude the query/fragment before parsing hostname/port.
+    if (not hasPath && hasQueryOrFragment)
+    {
+        // hostIt currently points at the separator ('?' or '#') within originalHost.
+        // Build a new host view that stops before the separator.
+        host = StringView::fromIteratorFromStart(hostIt, encoding);
+    }
+
     SC_TRY(parseHost());
     if (not hasPath)
     {
-        path     = "/";
-        pathname = "/";
+        if (hasQueryOrFragment)
+        {
+            // There are query params or fragments in the host string
+            if (separator == '?')
+            {
+                // Query parameters found
+                pathname = "/";
+                search   = StringView::fromIteratorUntilEnd(hostIt, encoding);
+                // Check for fragment after query
+                auto queryIt = hostIt;
+                if (queryIt.advanceUntilMatches('#'))
+                {
+                    hash = StringView::fromIteratorUntilEnd(queryIt, encoding);
+                }
+            }
+            else
+            {
+                // Fragment found
+                pathname = "/";
+                hash     = StringView::fromIteratorUntilEnd(hostIt, encoding);
+            }
+        }
+        else
+        {
+            path     = "/";
+            pathname = "/";
+        }
         return Result(true);
     }
     // path + hash
@@ -101,10 +142,11 @@ SC::Result SC::HttpURLParser::parseHost()
         it = start;
     }
     start = it;
-    host  = StringView::fromIteratorUntilEnd(it, encoding);
+    // Save the hostname part (before port) for parsing
+    StringView hostnamePart = StringView::fromIteratorUntilEnd(it, encoding);
 
-    // Parse hostname and port from host
-    StringIteratorASCII it2    = host.getIterator<StringIteratorASCII>();
+    // Parse hostname and port from hostnamePart
+    StringIteratorASCII it2    = hostnamePart.getIterator<StringIteratorASCII>();
     StringIteratorASCII start2 = it2;
 
     StringCodePoint firstChar;
@@ -115,7 +157,8 @@ SC::Result SC::HttpURLParser::parseHost()
             return Result(false);
         (void)it2.stepForward(); // include ]
         hostname = StringView::fromIterators(start2, it2, encoding);
-        if (it2.advanceRead(firstChar) && firstChar == ':')
+        // check if next char is ':' (port separator) without consuming it twice
+        if (it2.match(':'))
         {
             (void)it2.stepForward();
             StringView portString = StringView::fromIteratorUntilEnd(it2, encoding);
@@ -127,6 +170,13 @@ SC::Result SC::HttpURLParser::parseHost()
                     return Result(false);
                 port = static_cast<uint16_t>(value);
             }
+            // Update host to include hostname and port
+            host = StringView::fromIterators(start, it2, encoding);
+        }
+        else
+        {
+            // No port for IPv6
+            host = StringView::fromIterators(start, it2, encoding);
         }
     }
     else
@@ -136,6 +186,7 @@ SC::Result SC::HttpURLParser::parseHost()
         if (it2.advanceUntilMatches(':'))
         {
             hostname = StringView::fromIterators(start2, it2, encoding);
+            // stepForward moves past ':' so port iterator starts at first digit
             (void)it2.stepForward();
             StringView portString = StringView::fromIteratorUntilEnd(it2, encoding);
             if (not portString.isEmpty())
@@ -146,10 +197,17 @@ SC::Result SC::HttpURLParser::parseHost()
                     return Result(false);
                 port = static_cast<uint16_t>(value);
             }
+            // Advance it2 to end of port string for host calculation
+            while (not it2.isAtEnd())
+                (void)it2.stepForward();
+            // Update host to include hostname and port
+            host = StringView::fromIterators(start, it2, encoding);
         }
         else
         {
-            hostname = host;
+            // No port found
+            hostname = hostnamePart;
+            host     = hostnamePart;
         }
     }
 
@@ -188,10 +246,21 @@ SC::Result SC::HttpURLParser::validateHost()
 
 SC::Result SC::HttpURLParser::parseUserPassword(StringView userPassword)
 {
-    StringViewTokenizer tokenizer(userPassword);
-    SC_TRY(tokenizer.tokenizeNext({':'}, StringViewTokenizer::Options::SkipEmpty));
-    username = tokenizer.component;
-    SC_TRY(tokenizer.tokenizeNext({}, StringViewTokenizer::Options::SkipEmpty));
-    password = tokenizer.component;
-    return Result(true);
+    auto func = [this, userPassword](auto it) -> Result
+    {
+        auto start = it;
+        if (it.advanceUntilMatches(':'))
+        {
+            username = StringView::fromIterators(start, it, encoding);
+            (void)it.stepForward();
+            password = StringView::fromIteratorUntilEnd(it, encoding);
+        }
+        else
+        {
+            username = userPassword;
+            password = StringView();
+        }
+        return Result(true);
+    };
+    return userPassword.withIterator(func);
 }

Tests/Libraries/Http/HttpURLParserTest.cpp

@@ -39,6 +39,26 @@ struct SC::HttpURLParserTest : public SC::TestCase
         {
             testUTF8();
         }
+        if (test_section("edgeCases"))
+        {
+            testEdgeCases();
+        }
+        if (test_section("protocols"))
+        {
+            testProtocols();
+        }
+        if (test_section("queryParams"))
+        {
+            testQueryParams();
+        }
+        if (test_section("specialChars"))
+        {
+            testSpecialChars();
+        }
+        if (test_section("ipAddresses"))
+        {
+            testIPAddresses();
+        }
     }
 
     void testFull();
@@ -48,6 +68,11 @@ struct SC::HttpURLParserTest : public SC::TestCase
     void testIPv6();
     void testInvalidPort();
     void testUTF8();
+    void testEdgeCases();
+    void testProtocols();
+    void testQueryParams();
+    void testSpecialChars();
+    void testIPAddresses();
 };
 
 void SC::HttpURLParserTest::testFull()
@@ -172,6 +197,139 @@ void SC::HttpURLParserTest::testUTF8()
     SC_TEST_EXPECT(urlParser.hash == "#frâg"_u8);
 }
 
+void SC::HttpURLParserTest::testEdgeCases()
+{
+    HttpURLParser urlParser;
+
+    // Username only (no password)
+    SC_TEST_EXPECT(urlParser.parse("http://user@example.com/path"));
+    SC_TEST_EXPECT(urlParser.username == "user");
+    SC_TEST_EXPECT(urlParser.password.isEmpty());
+    SC_TEST_EXPECT(urlParser.hostname == "example.com");
+
+    // Root path only
+    SC_TEST_EXPECT(urlParser.parse("http://example.com/"));
+    SC_TEST_EXPECT(urlParser.pathname == "/");
+    SC_TEST_EXPECT(urlParser.path == "/");
+
+    // No path at all
+    SC_TEST_EXPECT(urlParser.parse("http://example.com"));
+    SC_TEST_EXPECT(urlParser.pathname == "/");
+    SC_TEST_EXPECT(urlParser.path == "/");
+
+    // Port 0
+    SC_TEST_EXPECT(urlParser.parse("http://example.com:0/path"));
+    SC_TEST_EXPECT(urlParser.port == 0);
+
+    // Very long path
+    SC_TEST_EXPECT(urlParser.parse("http://example.com/very/long/path/with/many/segments"));
+    SC_TEST_EXPECT(urlParser.pathname == "/very/long/path/with/many/segments");
+
+    // Path with dots
+    SC_TEST_EXPECT(urlParser.parse("http://example.com/path/./subpath/../other"));
+    SC_TEST_EXPECT(urlParser.pathname == "/path/./subpath/../other");
+}
+
+void SC::HttpURLParserTest::testProtocols()
+{
+    HttpURLParser urlParser;
+
+    // HTTPS protocol
+    SC_TEST_EXPECT(urlParser.parse("https://example.com"));
+    SC_TEST_EXPECT(urlParser.protocol == "https");
+    SC_TEST_EXPECT(urlParser.port == 443);
+
+    // Mixed case protocol
+    SC_TEST_EXPECT(urlParser.parse("Https://example.com"));
+    SC_TEST_EXPECT(urlParser.protocol == "Https");
+
+    // Invalid protocol
+    SC_TEST_EXPECT(not urlParser.parse("ftp://example.com"));
+    SC_TEST_EXPECT(not urlParser.parse("custom://example.com"));
+}
+
+void SC::HttpURLParserTest::testQueryParams()
+{
+    HttpURLParser urlParser;
+
+    // Multiple query parameters
+    SC_TEST_EXPECT(urlParser.parse("http://example.com/path?key1=value1&key2=value2&key3=value3"));
+    SC_TEST_EXPECT(urlParser.search == "?key1=value1&key2=value2&key3=value3");
+
+    // Query parameter with empty value
+    SC_TEST_EXPECT(urlParser.parse("http://example.com/path?empty=&key=value"));
+    SC_TEST_EXPECT(urlParser.search == "?empty=&key=value");
+
+    // Query parameter with no value
+    SC_TEST_EXPECT(urlParser.parse("http://example.com/path?flag&key=value"));
+    SC_TEST_EXPECT(urlParser.search == "?flag&key=value");
+
+    // Only query parameters, no path
+    SC_TEST_EXPECT(urlParser.parse("http://example.com?query=value"));
+    SC_TEST_EXPECT(urlParser.pathname == "/");
+    SC_TEST_EXPECT(urlParser.search == "?query=value");
+
+    // Query parameters with special characters
+    SC_TEST_EXPECT(urlParser.parse("http://example.com/path?q=hello%20world&special=%2B%2D"));
+    SC_TEST_EXPECT(urlParser.search == "?q=hello%20world&special=%2B%2D");
+}
+
+void SC::HttpURLParserTest::testSpecialChars()
+{
+    HttpURLParser urlParser;
+
+    // Path with allowed special characters
+    SC_TEST_EXPECT(urlParser.parse("http://example.com/path_with_underscores-and-dashes"));
+    SC_TEST_EXPECT(urlParser.pathname == "/path_with_underscores-and-dashes");
+
+    // Path with numbers
+    SC_TEST_EXPECT(urlParser.parse("http://example.com/path123/456"));
+    SC_TEST_EXPECT(urlParser.pathname == "/path123/456");
+
+    // Hostname with numbers
+    SC_TEST_EXPECT(urlParser.parse("http://site123.com/path"));
+    SC_TEST_EXPECT(urlParser.hostname == "site123.com");
+
+    // Username with special characters
+    SC_TEST_EXPECT(urlParser.parse("http://user_name@example.com/path"));
+    SC_TEST_EXPECT(urlParser.username == "user_name");
+
+    // Invalid: space in path (should fail)
+    SC_TEST_EXPECT(not urlParser.parse("http://example.com/path with space"));
+}
+
+void SC::HttpURLParserTest::testIPAddresses()
+{
+    HttpURLParser urlParser;
+
+    // IPv4 address
+    SC_TEST_EXPECT(urlParser.parse("http://192.168.1.1/path"));
+    SC_TEST_EXPECT(urlParser.hostname == "192.168.1.1");
+    SC_TEST_EXPECT(urlParser.port == 80);
+
+    // IPv4 with port
+    SC_TEST_EXPECT(urlParser.parse("http://192.168.1.1:8080/path"));
+    SC_TEST_EXPECT(urlParser.hostname == "192.168.1.1");
+    SC_TEST_EXPECT(urlParser.port == 8080);
+
+    // IPv6 localhost
+    SC_TEST_EXPECT(urlParser.parse("http://[::1]/path"));
+    SC_TEST_EXPECT(urlParser.hostname == "[::1]");
+
+    // IPv6 with port
+    SC_TEST_EXPECT(urlParser.parse("http://[::1]:8080/path"));
+    SC_TEST_EXPECT(urlParser.hostname == "[::1]");
+    SC_TEST_EXPECT(urlParser.port == 8080);
+
+    // IPv6 full address
+    SC_TEST_EXPECT(urlParser.parse("http://[2001:db8::1]/path"));
+    SC_TEST_EXPECT(urlParser.hostname == "[2001:db8::1]");
+
+    // IPv6 compressed
+    SC_TEST_EXPECT(urlParser.parse("http://[2001:db8::]/path"));
+    SC_TEST_EXPECT(urlParser.hostname == "[2001:db8::]");
+}
+
 namespace SC
 {
 void runHttpURLParserTest(SC::TestReport& report) { HttpURLParserTest test(report); }