Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stricter RegEx filtering to prevent incorrect routing. #175

Merged
merged 2 commits into from Jul 6, 2018
Merged

Stricter RegEx filtering to prevent incorrect routing. #175

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
200d457
Stricter RegEx filtering to prevent incorrect routing.
jtol84 Jul 6, 2018
805c6c7
Merge branch 'master' into master
jtol84 Jul 6, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion .gitignore
View file
Open in desktop
Expand Up @@ -167,7 +167,7 @@ TestResult.xml
/_site
/_api
/tools
/.vs/Unosquare.Labs.EmbedIO/v15/sqlite3/*
/.vs/*

# JetBrains Rider IDE folder
.idea/
7 changes: 4 additions & 3 deletions src/Unosquare.Labs.EmbedIO/Extensions.cs
View file
Open in desktop
Expand Up @@ -27,7 +27,8 @@ public static partial class Extensions
{
#region Constants

private const string RegexRouteReplace = "(.*)";
private const string RegexRouteReplace = "([^//]*)";
private const string WildcardRouteReplace = "(.*)";

private static readonly byte[] LastByte = {0x00};

Expand Down Expand Up @@ -259,7 +260,7 @@ public static string[] RequestWildcardUrlParams(this HttpListenerContext context
/// <returns>The params from the request.</returns>
public static string[] RequestWildcardUrlParams(string requestPath, string basePath)
{
var match = new Regex(basePath.Replace("*", RegexRouteReplace)).Match(requestPath);
var match = new Regex(basePath.Replace("*", WildcardRouteReplace)).Match(requestPath);

return match.Success
? match.Groups[1].Value.Split(new[] {'/'}, StringSplitOptions.RemoveEmptyEntries)
Expand Down Expand Up @@ -302,7 +303,7 @@ public static string[] RequestWildcardUrlParams(string requestPath, string baseP
if (validateFunc == null) validateFunc = () => false;
if (requestPath == basePath && !validateFunc()) return new Dictionary<string, object>();

var regex = new Regex(RouteParamRegex.Replace(basePath, RegexRouteReplace), RegexOptions.IgnoreCase);
var regex = new Regex(String.Concat("^",RouteParamRegex.Replace(basePath, RegexRouteReplace),"$"), RegexOptions.IgnoreCase);
var match = regex.Match(requestPath);

var pathParts = basePath.Split('/');
Expand Down
4 changes: 3 additions & 1 deletion test/Unosquare.Labs.EmbedIO.Tests/FixtureBase.cs
View file
Open in desktop
Expand Up @@ -43,7 +43,9 @@ public async Task<string> GetString(string partialUrl)
{
using (var client = new HttpClient())
{
return await client.GetStringAsync($"{WebServerUrl}{partialUrl}");
//Determine the absolute Uri by combining with WebServerUrl
Uri uri = new Uri(new Uri(WebServerUrl), partialUrl);
return await client.GetStringAsync(uri);
}
}
}
Expand Down
4 changes: 2 additions & 2 deletions test/Unosquare.Labs.EmbedIO.Tests/RegexRoutingTest.cs
View file
Open in desktop
Expand Up @@ -8,7 +8,7 @@
public class RegexRoutingTest : FixtureBase
{
public RegexRoutingTest()
: base(ws => ws.RegisterModule(new TestRoutingModule()), Constants.RoutingStrategy.Regex)
: base(ws => ws.RegisterModule(new TestRegexModule()), Constants.RoutingStrategy.Regex)
{
}

Expand All @@ -33,7 +33,7 @@ public async Task GetDataWithRegex()
[Test]
public async Task GetDataWithMultipleRegex()
{
var call = await GetString($"{WebServerUrl}data/1/asdasda/dasdasasda");
var call = await GetString($"{WebServerUrl}data/1/dasdasasda");

Assert.AreEqual("dasdasasda", call);
}
Expand Down
13 changes: 13 additions & 0 deletions test/Unosquare.Labs.EmbedIO.Tests/TestObjects/TestRegexController.cs
View file
Open in desktop
Expand Up @@ -22,6 +22,19 @@ public bool GetEmpty(WebServer server, HttpListenerContext context)
return context.JsonResponse(new {Ok = true});
}

[WebApiHandler(HttpVerbs.Get, "/" + RelativePath + "regex")]
public bool GetPeople(WebServer server, HttpListenerContext context)
{
try
{
return context.JsonResponse(PeopleRepository.Database);
}
catch (Exception ex)
{
return context.JsonExceptionResponse(ex);
}
}

[WebApiHandler(HttpVerbs.Get, "/" + RelativePath + "regex/{id}")]
public bool GetPerson(WebServer server, HttpListenerContext context, int id)
{
Expand Down
4 changes: 2 additions & 2 deletions test/Unosquare.Labs.EmbedIO.Tests/TestObjects/TestRegexModule.cs
View file
Open in desktop
Expand Up @@ -7,9 +7,9 @@ public class TestRegexModule : WebModuleBase
{
public TestRegexModule()
{
AddHandler("/data/{id}/", Constants.HttpVerbs.Any, (ctx, ct) =>
AddHandler("/data/{id}", Constants.HttpVerbs.Any, (ctx, ct) =>
{
var buffer = Encoding.UTF8.GetBytes(ctx.RequestRegexUrlParams("/data/{id}/")["id"].ToString());
var buffer = Encoding.UTF8.GetBytes(ctx.RequestRegexUrlParams("/data/{id}")["id"].ToString());
ctx.Response.OutputStream.Write(buffer, 0, buffer.Length);

return Task.FromResult(true);
Expand Down