From 2844f91985e10c2dcf85d73d12b84d92cb9f31a6 Mon Sep 17 00:00:00 2001 From: neochrome Date: Fri, 7 Feb 2014 11:15:45 +0100 Subject: [PATCH 1/2] Added parameter check when setting Host header --- RestSharp.Tests/RestRequestTests.cs | 64 +++++++++++++++++++++++++++++ RestSharp/RestRequest.cs | 5 +++ 2 files changed, 69 insertions(+) diff --git a/RestSharp.Tests/RestRequestTests.cs b/RestSharp.Tests/RestRequestTests.cs index 2e9342dfe..3f5a5a2a9 100644 --- a/RestSharp.Tests/RestRequestTests.cs +++ b/RestSharp.Tests/RestRequestTests.cs @@ -1,9 +1,11 @@ using System; using System.Collections.Generic; using System.Linq; +using System.Runtime.InteropServices; using System.Text; using Xunit; using System.Globalization; +using Xunit.Extensions; namespace RestSharp.Tests { public class RestRequestTests { @@ -17,5 +19,67 @@ public void Can_Add_Object_With_IntegerArray_property() { var request = new RestRequest(); request.AddObject(new { Items = new int[] { 2, 3, 4 } }); } + + [Fact] + public void Cannot_Set_Empty_Host_Header() + { + var request = new RestRequest(); + + var exception = Assert.Throws(() => request.AddHeader("Host", string.Empty)); + Assert.Equal("value", exception.ParamName); + } + + [Fact] + public void Cannot_Set_Too_Long_Host_Header() + { + var request = new RestRequest(); + + var exception = Assert.Throws(() => request.AddHeader("Host", new string('a', 256))); + Assert.Equal("value", exception.ParamName); + } + + [Theory] + [InlineData("http://localhost")] + [InlineData("hostname 1234")] + [InlineData("-leading.hyphen.not.allowed")] + [InlineData("not.allowéd")] + [InlineData("bad:port")] + [InlineData(" no.leading.white-space")] + [InlineData("no.trailing.white-space ")] + [InlineData(".leading.dot.not.allowed")] + [InlineData("trailing.dot.not.allowed.")] + [InlineData("double.dots..not.allowed")] + [InlineData(".")] + [InlineData(".:2345")] + [InlineData(":5678")] + [InlineData("1234567890123456789012345678901234567890123456789012345678901234.too.long.label")] + public void Cannot_Set_Invalid_Host_Header(string value) + { + var request = new RestRequest(); + + var exception = Assert.Throws(() => request.AddHeader("Host", value)); + Assert.Equal("value", exception.ParamName); + } + + [Theory] + [InlineData("localhost")] + [InlineData("localhost:1234")] + [InlineData("host.local")] + [InlineData("anotherhost.local:2345")] + [InlineData("www.w3.org")] + [InlineData("www.w3.org:3456")] + [InlineData("8.8.8.8")] + [InlineData("a.1.b.2")] + [InlineData("10.20.30.40:1234")] + [InlineData("0host")] + [InlineData("hypenated-hostname")] + [InlineData("multi--hyphens")] + [InlineData("123456789012345678901234567890123456789012345678901234567890123")] + public void Can_Set_Valid_Host_Header(string value) + { + var request = new RestRequest(); + + Assert.DoesNotThrow(() => request.AddHeader("Host", value)); + } } } diff --git a/RestSharp/RestRequest.cs b/RestSharp/RestRequest.cs index 2cbf2ee8b..44b4b3f38 100644 --- a/RestSharp/RestRequest.cs +++ b/RestSharp/RestRequest.cs @@ -19,6 +19,7 @@ using System.IO; using System.Linq; using System.Net; +using System.Text.RegularExpressions; using RestSharp.Extensions; using RestSharp.Serializers; @@ -356,6 +357,10 @@ public IRestRequest AddParameter (string name, object value, ParameterType type) /// public IRestRequest AddHeader (string name, string value) { + if (name == "Host" && (value.Length > 255 || !Regex.IsMatch(value, @"^\w[a-z0-9\-]{0,62}(\.\w[a-z0-9\-]{0,62})*(\:\d+)?$"))) + { + throw new ArgumentException("The specified value is not a valid Host header string.", "value"); + } return AddParameter(name, value, ParameterType.HttpHeader); } From 83f79a5aeb368451b1db3c4622be6c83959ca67b Mon Sep 17 00:00:00 2001 From: neochrome Date: Mon, 24 Feb 2014 09:09:49 +0100 Subject: [PATCH 2/2] using built-in System.Uri.CheckHostName --- RestSharp.Tests/RestRequestTests.cs | 13 ------------- RestSharp/RestRequest.cs | 4 +++- 2 files changed, 3 insertions(+), 14 deletions(-) diff --git a/RestSharp.Tests/RestRequestTests.cs b/RestSharp.Tests/RestRequestTests.cs index 3f5a5a2a9..b296b7276 100644 --- a/RestSharp.Tests/RestRequestTests.cs +++ b/RestSharp.Tests/RestRequestTests.cs @@ -29,30 +29,18 @@ public void Cannot_Set_Empty_Host_Header() Assert.Equal("value", exception.ParamName); } - [Fact] - public void Cannot_Set_Too_Long_Host_Header() - { - var request = new RestRequest(); - - var exception = Assert.Throws(() => request.AddHeader("Host", new string('a', 256))); - Assert.Equal("value", exception.ParamName); - } - [Theory] [InlineData("http://localhost")] [InlineData("hostname 1234")] [InlineData("-leading.hyphen.not.allowed")] - [InlineData("not.allowéd")] [InlineData("bad:port")] [InlineData(" no.leading.white-space")] [InlineData("no.trailing.white-space ")] [InlineData(".leading.dot.not.allowed")] - [InlineData("trailing.dot.not.allowed.")] [InlineData("double.dots..not.allowed")] [InlineData(".")] [InlineData(".:2345")] [InlineData(":5678")] - [InlineData("1234567890123456789012345678901234567890123456789012345678901234.too.long.label")] public void Cannot_Set_Invalid_Host_Header(string value) { var request = new RestRequest(); @@ -74,7 +62,6 @@ public void Cannot_Set_Invalid_Host_Header(string value) [InlineData("0host")] [InlineData("hypenated-hostname")] [InlineData("multi--hyphens")] - [InlineData("123456789012345678901234567890123456789012345678901234567890123")] public void Can_Set_Valid_Host_Header(string value) { var request = new RestRequest(); diff --git a/RestSharp/RestRequest.cs b/RestSharp/RestRequest.cs index 44b4b3f38..6c328c6b9 100644 --- a/RestSharp/RestRequest.cs +++ b/RestSharp/RestRequest.cs @@ -357,7 +357,9 @@ public IRestRequest AddParameter (string name, object value, ParameterType type) /// public IRestRequest AddHeader (string name, string value) { - if (name == "Host" && (value.Length > 255 || !Regex.IsMatch(value, @"^\w[a-z0-9\-]{0,62}(\.\w[a-z0-9\-]{0,62})*(\:\d+)?$"))) + const string portSplit = @":\d+"; + Func invalidHost = host => Uri.CheckHostName(Regex.Split(host, portSplit)[0]) == UriHostNameType.Unknown; + if (name == "Host" && invalidHost(value)) { throw new ArgumentException("The specified value is not a valid Host header string.", "value"); }