Skip to content

Fix URL percent-decoding of %00 #752

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 20, 2024
Merged

Fix URL percent-decoding of %00 #752

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 9 additions & 13 deletions Sources/FoundationEssentials/URL/URLParser.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1035,47 +1035,43 @@ fileprivate extension StringProtocol {
}

func removingURLPercentEncoding(utf8Buffer: some Collection<UInt8>, excluding: Set<UInt8>) -> String? {
let result: String? = withUnsafeTemporaryAllocation(of: CChar.self, capacity: utf8.count + 1) { _buffer in
var buffer = OutputBuffer(initializing: _buffer.baseAddress!, capacity: _buffer.count)
let result: String? = withUnsafeTemporaryAllocation(of: UInt8.self, capacity: utf8Buffer.count) { buffer in
var i = 0
var byte: UInt8 = 0
var hexDigitsRequired = 0
for v in utf8Buffer {
if v == UInt8(ascii: "%") {
guard hexDigitsRequired == 0 else {
_ = buffer.relinquishBorrowedMemory()
return nil
}
hexDigitsRequired = 2
} else if hexDigitsRequired > 0 {
guard let hex = asciiToHex(v) else {
_ = buffer.relinquishBorrowedMemory()
return nil
}
if hexDigitsRequired == 2 {
byte = hex << 4
} else if hexDigitsRequired == 1 {
byte += hex
if excluding.contains(byte) {
buffer.appendElement(CChar(bitPattern: UInt8(ascii: "%")))
buffer.appendElement(CChar(bitPattern: hexToAscii(byte >> 4)))
buffer.appendElement(CChar(bitPattern: v))
// Keep the original percent-encoding for this byte
i = buffer[i...i+2].initialize(fromContentsOf: [UInt8(ascii: "%"), hexToAscii(byte >> 4), v])
} else {
buffer.appendElement(CChar(bitPattern: byte))
buffer[i] = byte
i += 1
byte = 0
}
}
hexDigitsRequired -= 1
} else {
buffer.appendElement(CChar(bitPattern: v))
buffer[i] = v
i += 1
}
}
guard hexDigitsRequired == 0 else {
_ = buffer.relinquishBorrowedMemory()
return nil
}
buffer.appendElement(0) // NULL-terminated
let initialized = buffer.relinquishBorrowedMemory()
return String(validatingUTF8: initialized.baseAddress!)
return String(_validating: buffer[..<i], as: UTF8.self)
}
return result
}
Expand Down
8 changes: 7 additions & 1 deletion Tests/FoundationEssentialsTests/URLTests.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -956,7 +956,7 @@ final class URLTests : XCTestCase {
XCTAssertEqual(comp.queryItems, expected)
}

func testURLComponentsLookalikeIPLiteral () {
func testURLComponentsLookalikeIPLiteral() {
// We should consider a lookalike IP literal invalid (note accent on the first bracket)
let fakeIPLiteral = "[́::1]"
let fakeURLString = "http://\(fakeIPLiteral):80/"
Expand All @@ -968,4 +968,10 @@ final class URLTests : XCTestCase {
comp2.host = fakeIPLiteral
XCTAssertNil(comp2.string)
}

func testURLComponentsDecodingNULL() {
let comp = URLComponents(string: "http://example.com/my\u{0}path")!
XCTAssertEqual(comp.percentEncodedPath, "/my%00path")
XCTAssertEqual(comp.path, "/my\u{0}path")
}
}