diff options
| -rw-r--r-- | lib/uri/rfc3986_parser.rb | 3 | ||||
| -rw-r--r-- | test/uri/test_generic.rb | 9 | ||||
| -rw-r--r-- | test/uri/test_ldap.rb | 6 |
3 files changed, 12 insertions, 6 deletions
diff --git a/lib/uri/rfc3986_parser.rb b/lib/uri/rfc3986_parser.rb index 3e07de4805..68661d1185 100644 --- a/lib/uri/rfc3986_parser.rb +++ b/lib/uri/rfc3986_parser.rb @@ -2,8 +2,7 @@ module URI class RFC3986_Parser # :nodoc: # URI defined in RFC3986 - # this regexp is modified not to host is not empty string - RFC3986_URI = /\A(?<URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])+))?(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-rootless>\g<segment-nz>(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>[^#]*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/ + RFC3986_URI = /\A(?<URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])*))(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-rootless>\g<segment-nz>(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>[^#]*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/ RFC3986_relative_ref = /\A(?<relative-ref>(?<relative-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:){,1}\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+)\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])+))?(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-noscheme>(?<segment-nz-nc>(?:%\h\h|[!$&-.0-9;=@-Z_a-z~])+)(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>[^#]*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/ attr_reader :regexp diff --git a/test/uri/test_generic.rb b/test/uri/test_generic.rb index fdb405e396..3897c3d6ee 100644 --- a/test/uri/test_generic.rb +++ b/test/uri/test_generic.rb @@ -24,7 +24,8 @@ class URI::TestGeneric < Test::Unit::TestCase assert_equal "file:///foo", URI("file:///foo").to_s assert_equal "postgres:///foo", URI("postgres:///foo").to_s - assert_equal "http:/foo", URI("http:///foo").to_s + assert_equal "http:///foo", URI("http:///foo").to_s + assert_equal "http:/foo", URI("http:/foo").to_s end def test_parse @@ -157,6 +158,12 @@ class URI::TestGeneric < Test::Unit::TestCase assert_equal(nil, url.user) assert_equal(nil, url.password) assert_equal(nil, url.userinfo) + + # sec-156615 + url = URI.parse('http:////example.com') + # must be empty string to identify as path-abempty, not path-absolute + assert_equal('', url.host) + assert_equal('http:////example.com', url.to_s) end def test_parse_scheme_with_symbols diff --git a/test/uri/test_ldap.rb b/test/uri/test_ldap.rb index 64845e487a..2625b24103 100644 --- a/test/uri/test_ldap.rb +++ b/test/uri/test_ldap.rb @@ -39,7 +39,7 @@ class TestLDAP < Test::Unit::TestCase # from RFC2255, section 6. { 'ldap:///o=University%20of%20Michigan,c=US' => - ['ldap', nil, URI::LDAP::DEFAULT_PORT, + ['ldap', '', URI::LDAP::DEFAULT_PORT, 'o=University%20of%20Michigan,c=US', nil, nil, nil, nil], @@ -74,12 +74,12 @@ class TestLDAP < Test::Unit::TestCase nil, '(int=%5c00%5c00%5c00%5c04)', nil, nil], 'ldap:///??sub??bindname=cn=Manager%2co=Foo' => - ['ldap', nil, URI::LDAP::DEFAULT_PORT, + ['ldap', '', URI::LDAP::DEFAULT_PORT, '', nil, 'sub', nil, 'bindname=cn=Manager%2co=Foo'], 'ldap:///??sub??!bindname=cn=Manager%2co=Foo' => - ['ldap', nil, URI::LDAP::DEFAULT_PORT, + ['ldap', '', URI::LDAP::DEFAULT_PORT, '', nil, 'sub', nil, '!bindname=cn=Manager%2co=Foo'], }.each do |url2, ary| |