Bug #19157: URI bad component validation can be tricked - Ruby master - Ruby Issue Tracking System

Actions

Copy link

Bug #19157

open

URI bad component validation can be tricked

Added by straight-shoota (Johannes Müller) almost 2 years ago.

Status:

Open

Assignee:

Target version:

ruby -v:

3.1.3

Backport:

2.7: UNKNOWN, 3.0: UNKNOWN, 3.1: UNKNOWN

[ruby-core:111040]

Description

URI::HTTP checks the validity of the URI components. For example, the path of a URI with authority component must be either empty or start with a slash.

This validation applies on the .build constructor as well as on the path setter.
But it can be tricked when setting an empty authority component and scheme before setting a relative path, and then setting the authority and scheme again.
This produces an invalid and incorrect URI.

require "uri"

uri = URI::HTTP.build({})
uri.scheme = nil
uri.path = "resource"
uri.host = "example.com" # this should raise URI::InvalidComponentError
uri.scheme = "http"
uri.to_s # => "http://example.comresource"

No data to display

Actions

Copy link

Also available in: Atom PDF

Like0

Project

General

Profile

Ruby » Ruby master

Custom queries

Bug #19157

URI bad component validation can be tricked