Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/url: url.Parse() does not allow / in http basic auth password #72013

Closed
jhoblitt opened this issue Feb 27, 2025 · 3 comments
Closed

net/url: url.Parse() does not allow / in http basic auth password #72013

jhoblitt opened this issue Feb 27, 2025 · 3 comments
Labels
BugReport Issues describing a possible bug in the Go implementation.

Comments

@jhoblitt
Copy link

Go version

go version go1.23.4 linux/amd64

Output of go env in your module/workspace:

GO111MODULE=''
GOARCH='amd64'
GOBIN=''
GOCACHE='/home/jhoblitt/.cache/go-build'
GOENV='/home/jhoblitt/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/home/jhoblitt/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/home/jhoblitt/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org'
GOROOT='/home/jhoblitt/sdk/go1.23.4'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/home/jhoblitt/sdk/go1.23.4/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.23.4'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/home/jhoblitt/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/home/jhoblitt/github/rook/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build701679148=/tmp/go-build -gno-record-gcc-switches'

What did you do?

rfc2617 specifies that the password when using http basic auth is base64 encoded: https://datatracker.ietf.org/doc/html/rfc2617#page-5. base64 may use /: https://datatracker.ietf.org/doc/html/rfc2045#page-25

This example fails with parse "kafka://foo:b/ar@hostname.org:9094": invalid port ":b" after host:


import (
	"fmt"
	"net/url"
)

func main() {
	parsedURI, err := url.Parse("kafka://foo:b/ar@hostname.org:9094")
	if err != nil {
		fmt.Println(err)
	}
	fmt.Println(parsedURI)
}

https://go.dev/play/p/aodJzgziUVo

What did you see happen?

Part of the base64 password was treated as the port number.

What did you expect to see?

The example url "kafka://foo:b/ar@hostname.org:9094" is successfully parsed.
@seankhliao
Copy link
Member

It is base64 in a http header, not in the userinfo url.
URL parsing is RFC 2396.

Unlike many projects, the Go project does not use GitHub Issues for general discussion or asking questions. GitHub Issues are used for tracking bugs and proposals only.

For questions please refer to https://github.com/golang/go/wiki/Questions

@seankhliao seankhliao closed this as not planned Won't fix, can't repro, duplicate, stale Feb 27, 2025
@gabyhelp
Copy link

Related Issues

Related Code Changes

Related Discussions

(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)

@gabyhelp gabyhelp added the BugReport Issues describing a possible bug in the Go implementation. label Feb 27, 2025
@jhoblitt
Copy link
Author

It is base64 in a http header, not in the userinfo url. URL parsing is RFC 2396.

That's my bad. I see that / is not part of unreserved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
BugReport Issues describing a possible bug in the Go implementation.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jhoblitt @seankhliao @gabyhelp