1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
|
//
// Copyright (c) 2023 Alan de Freitas (alandefreitas@gmail.com)
//
// Distributed under the Boost Software License, Version 1.0. (See accompanying
// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
//
// Official repository: https://github.com/boostorg/url
//
//[example_sanitize_url
/*
This example parses a non-strict / invalid URL
into path components according to its delimiters.
This pattern can be adapted to the requirements of other
applications.
Once the non-strict components are determined, a new URL is
created and its parts are set with the set_encoded_X
functions, which will encode any invalid chars accordingly.
This sort of transformation is useful in applications that are
extremely loose in what kinds of URLs they accept, such as
browsers. The sanitized URL can later be used for machine-to-machine
communication.
Using non-strict URLs directly is a security concern in
machine-to-machine communication, is ambiguous, and also
involve an extra cost for the transformations.
Different transformations are required by different applications to
construct a valid URL appropriate for machine-to-machine communication.
For instance, if an invalid relative reference includes something that
looks like a host in the first path segment, browsers usually interpret
that as the host with an implicit "https" scheme. Other applications
also have other implicit schemes.
The example also identifies whether the input url is already valid.
It includes diagnostics that can be used to help the user determine
if a URL is invalid and why it's invalid.
Once all transformations are applied, the result is a URL
appropriate for machine-to-machine communication.
*/
#include <boost/url/url.hpp>
#include <boost/url/parse.hpp>
#include <boost/url/parse_path.hpp>
#include <boost/url/string_view.hpp>
#include <boost/url/grammar/alpha_chars.hpp>
#include <boost/url/grammar/charset.hpp>
#include <boost/url/grammar/digit_chars.hpp>
#include <boost/url/grammar/lut_chars.hpp>
#include <algorithm>
#include <iostream>
#include <array>
namespace urls = boost::urls;
namespace core = boost::core;
struct url_components
{
core::string_view scheme;
core::string_view user;
core::string_view password;
core::string_view hostname;
core::string_view port;
core::string_view path;
core::string_view query;
core::string_view fragment;
};
core::string_view
port_of_scheme(core::string_view scheme_str) {
static std::array<std::pair<core::string_view, core::string_view>, 21> scheme_ports =
{{
{"http", "80"},
{"ftp", "21"},
{"https", "443"},
{"gopher", "70"},
{"ldap", "389"},
{"nntp", "119"},
{"snews", "563"},
{"imap", "143"},
{"pop", "110"},
{"sip", "5060"},
{"rtsp", "554"},
{"wais", "210"},
{"z39.50r", "210"},
{"z39.50s", "210"},
{"prospero", "191"},
{"nfs", "2049"},
{"tip", "3372"},
{"acap", "674"},
{"telnet", "23"},
{"ssh", "22"},
{"", "65535"}
}};
auto iequals = [](core::string_view a, core::string_view b)
{
if (b.size() != a.size()) {
return false;
}
for (unsigned int i = 0; i < a.size(); ++i) {
if (std::tolower(a[i]) != std::tolower(b[i])) {
return false;
}
}
return true;
};
auto const& it = std::find_if(
scheme_ports.begin(),
scheme_ports.end(),
[&](std::pair<core::string_view, core::string_view> const& s) {
return iequals(s.first, scheme_str);
});
if (it != scheme_ports.end()) {
return it->second;
} else {
return {};
}
}
void
extract_relative_ref(
core::string_view hostinfo_relative,
url_components &out)
{
// split path and query#fragment
constexpr urls::grammar::lut_chars path_end_chars("?#\0");
auto it = urls::grammar::find_if(
hostinfo_relative.begin(),
hostinfo_relative.end(), path_end_chars);
core::string_view query_and_frag = hostinfo_relative.substr(it - hostinfo_relative.begin());
if (query_and_frag != hostinfo_relative)
out.path = hostinfo_relative.substr(
0, query_and_frag.data() - hostinfo_relative.data());
if (query_and_frag.empty())
return;
// ?query#fragment
if (query_and_frag.front() == '?') {
query_and_frag = query_and_frag.substr(1);
core::string_view::size_type hash_pos = query_and_frag.find('#');
if (hash_pos != core::string_view::npos) {
core::string_view fragment_part = query_and_frag.substr(hash_pos);
out.fragment = fragment_part.substr(1);
out.query = query_and_frag.substr(
0, fragment_part.data() - query_and_frag.data());
} else {
out.query = query_and_frag;
}
return;
}
// fragment
out.fragment = query_and_frag.substr(1);
}
void
extract_userinfo_relative(
core::string_view relative_ref,
core::string_view userinfo_relative,
core::string_view host_info,
url_components& out) {
// We expect userinfo_relative to point to the first character of
// the hostname. If there's a port it is the first colon,
// except with IPv6.
auto host_end_pos = host_info.find(':');
if (host_end_pos == core::string_view::npos)
{
// definitely no port
out.hostname = userinfo_relative.substr(
0, relative_ref.data() - userinfo_relative.data());
return extract_relative_ref(relative_ref, out);
}
// extract hostname and port
out.hostname = userinfo_relative.substr(0, host_end_pos);
core::string_view host_relative = userinfo_relative.substr(host_end_pos + 1);
out.port = host_relative.substr(0, relative_ref.data() - host_relative.data());
// validate port
bool const valid_port =
urls::grammar::find_if_not(
out.port.begin(),
out.port.end(),
urls::grammar::digit_chars)
== out.port.end();
if (!valid_port)
{
// move port to hostname where it can be encoded
out.hostname = {out.hostname.begin(), out.port.end()};
out.port = {};
}
extract_relative_ref(relative_ref, out);
if (out.port.empty() && !out.scheme.empty())
out.port = port_of_scheme(out.scheme);
}
void
extract_scheme_relative(
core::string_view scheme_relative,
url_components &out)
{
// hostinfo
constexpr urls::grammar::lut_chars hostinfo_end_chars("/?#\0");
auto it = urls::grammar::find_if(
scheme_relative.begin(),
scheme_relative.end(),
hostinfo_end_chars);
auto path_offset = (std::min)(
scheme_relative.size(),
static_cast<std::size_t>(it - scheme_relative.begin()));
core::string_view host_info = scheme_relative.substr(0, path_offset);
// userinfo
core::string_view relative_ref = scheme_relative.substr(path_offset);
auto host_offset = host_info.find_last_of('@');
if (host_offset == core::string_view::npos)
return extract_userinfo_relative(
relative_ref,
scheme_relative,
host_info,
out);
// password
core::string_view userinfo_at_relative = scheme_relative.substr(host_offset);
core::string_view userinfo(host_info.data(), userinfo_at_relative.data() - host_info.data());
auto password_offset = std::min(userinfo.size(), userinfo.find(':'));
if (password_offset != userinfo.size()) {
out.user = scheme_relative.substr(0, password_offset);
core::string_view password = scheme_relative.substr(password_offset + 1);
out.password = password.substr(0, userinfo_at_relative.data() - password.data());
} else {
out.user = scheme_relative.substr(0, userinfo_at_relative.data() - scheme_relative.data());
}
// userinfo-relative
core::string_view userinfo_relative = userinfo_at_relative.substr(1);
it = urls::grammar::find_if(
userinfo_relative.begin(),
userinfo_relative.end(),
hostinfo_end_chars);
path_offset = (std::min)(
userinfo_relative.size(),
static_cast<std::size_t>(it - userinfo_relative.begin()));
host_info = userinfo_relative.substr(0, path_offset);
extract_userinfo_relative(
relative_ref,
userinfo_relative,
host_info,
out);
}
void
extract_uri_components(
core::string_view s,
url_components &out)
{
if (s.starts_with("//") && !s.starts_with("///"))
return extract_scheme_relative(s.substr(2), out);
if (s.starts_with('/'))
return extract_relative_ref(s, out);
// extract scheme
// first char in a scheme must be letter (we accept uppercase here)
bool has_scheme = false;
if (!s.empty() && urls::grammar::alpha_chars(s.front())) {
constexpr
urls::grammar::lut_chars scheme_chars(
"0123456789+-.ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
char const* it = urls::grammar::find_if_not(
s.begin() + 1, s.end(), scheme_chars);
size_t scheme_size = (std::min)(
s.size(), static_cast<std::size_t>(it - s.begin()));
// scheme must be non-empty and followed by ':'
if (s.size() > scheme_size && s[scheme_size] == ':') {
out.scheme = s.substr(0, scheme_size);
has_scheme = true;
}
}
// The usual route, parse scheme first
core::string_view scheme_relative = s;
if (has_scheme)
scheme_relative = s.substr(out.scheme.size() + 1);
const bool has_authority = scheme_relative.starts_with("//");
const bool is_relative_ref = !has_scheme && !has_authority;
if (is_relative_ref)
{
// this is the trick browsers usually apply when 1) there's no
// authority because the "//" is missing, 2) the scheme is also missing,
// and 3) the first path segment looks like an authority
//
// This behavior is widespread, although it's ambiguous because valid
// host characters are also valid path characters.
//
// It's this rule that allows for things like "www.boost.org" in the
// browser. This is an invalid URL because it has no "//" to indicate
// this is the authority and "www.boost.org" is a perfectly valid
// path segment.
auto first_seg_offset = (std::min)(s.size(), s.find_first_of('/'));
core::string_view first_seg = s.substr(0, first_seg_offset);
auto host_delimiter_pos = first_seg.find_first_of(".:");
bool const looks_like_authority =
urls::parse_authority(first_seg) &&
host_delimiter_pos != core::string_view::npos &&
host_delimiter_pos != first_seg.size() - 1;
if (looks_like_authority)
return extract_scheme_relative(s, out);
// if the first_seg is really a seg, parse as relative ref
return extract_relative_ref(s, out);
}
if (has_authority)
scheme_relative = scheme_relative.substr(2);
// all that's left is a relative path
return extract_relative_ref(scheme_relative, out);
}
void
sanitize_uri(core::string_view s, urls::url_base& dest) {
url_components o;
dest.clear();
extract_uri_components(s, o);
if (o.scheme.data())
dest.set_scheme(o.scheme);
if (o.user.data())
dest.set_encoded_user(o.user);
if (o.password.data())
dest.set_encoded_password(o.password);
if (o.hostname.data())
dest.set_encoded_host(o.hostname);
if (o.port.data())
dest.set_port(o.port);
if (o.path.data())
dest.set_encoded_path(o.path);
if (o.query.data())
dest.set_encoded_query(o.query);
if (o.fragment.data())
dest.set_encoded_fragment(o.fragment);
}
urls::url
sanitize_uri(core::string_view s) {
urls::url u;
sanitize_uri(s, u);
return u;
}
void
print_url_components(urls::url_view u)
{
std::cout << "url: " << u.buffer() << '\n';
if (u.has_scheme())
std::cout << "scheme: " << u.scheme() << '\n';
if (u.has_userinfo())
std::cout << "user: " << u.encoded_user() << '\n';
if (u.has_password())
std::cout << "password: " << u.encoded_password() << '\n';
if (u.has_authority())
std::cout << "hostname: " << u.encoded_host() << '\n';
if (u.has_port())
std::cout << "port: " << u.port() << '\n';
std::cout << "path: " << u.encoded_path() << '\n';
std::cout << "segments:\n";
for (auto seg: u.encoded_segments())
std::cout << "- " << seg << '\n';
if (u.has_query())
std::cout << "query: " << u.encoded_query() << '\n';
std::cout << "params:\n";
for (auto param: u.encoded_params())
{
if (param.has_value)
std::cout << "- " << param.key << ": " << param.value << '\n';
else
std::cout << "- " << param.key << '\n';
}
if (u.has_fragment())
std::cout << "fragment: " << u.encoded_fragment() << '\n';
}
int
main(int argc, char **argv)
{
if (argc != 2)
{
core::string_view exec = argv[0];
auto p = exec.find_last_of("/\\");
if (p != core::string_view::npos)
exec = exec.substr(p);
std::cerr
<< "Usage: " << exec
<< " <url>\n"
"target: a non-strict url\n";
return EXIT_FAILURE;
}
core::string_view uri_str = argv[1];
boost::system::result<urls::url_view> ru = urls::parse_uri_reference(uri_str);
if (ru)
{
urls::url_view u = *ru;
if (u.has_scheme() && u.has_fragment())
std::cout << "Input is a valid URL\n";
else if (u.has_scheme())
std::cout << "Input is a valid absolute URL\n";
else
std::cout << "Input is a valid relative URL\n";
print_url_components(u);
return EXIT_SUCCESS;
}
std::cout << "Sanitizing URL:\n";
std::cout << "input: " << uri_str << '\n';
urls::url u = sanitize_uri(uri_str);
print_url_components(u);
return EXIT_SUCCESS;
}
//]
|
