max
/
tauri-plugins-workspace
mirror of https://github.com/tauri-apps/plugins-workspace
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(http): inconsistencies on urlpattern usage on scope (#1059)

Browse Source 
* fix(http): inconsistencies on urlpattern usage on scope

* fix tests

* enhance tests
pull/1068/head
Lucas Fernandes Nogueira 1 year ago committed by GitHub
parent 4e37316af0
commit c873e4d6c7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 64 additions and 7 deletions
Show Stats Download Patch File Download Diff File

5
.changes/fix-http-scope-url-match.md
Unescape View File

@ -0,0 +1,5 @@
---
"http": patch
---
Fixes scope not allowing subpaths, query parameters and hash when those values are empty.

66
plugins/http/src/scope.rs
Unescape View File

@ -6,7 +6,7 @@ use std::sync::Arc;
use serde::{Deserialize, Deserializer};
use url::Url;
use urlpattern::{UrlPattern, UrlPatternInit, UrlPatternMatchInput};
use urlpattern::{UrlPattern, UrlPatternMatchInput};
#[allow(rustdoc::bare_urls)]
#[derive(Debug)]
@ -15,7 +15,21 @@ pub struct Entry {
}
fn parse_url_pattern(s: &str) -> Result<UrlPattern, urlpattern::quirks::Error> {
let init = UrlPatternInit::parse_constructor_string::<regex::Regex>(s, None)?;
let mut init = urlpattern::UrlPatternInit::parse_constructor_string::<regex::Regex>(s, None)?;
if init.search.as_ref().map(|p| p.is_empty()).unwrap_or(true) {
init.search.replace("*".to_string());
}
if init.hash.as_ref().map(|p| p.is_empty()).unwrap_or(true) {
init.hash.replace("*".to_string());
}
if init
.pathname
.as_ref()
.map(|p| p.is_empty() || p == "/")
.unwrap_or(true)
{
init.pathname.replace("*".to_string());
}
UrlPattern::parse(init)
}
@ -100,6 +114,7 @@ mod tests {
let deny = Arc::new("http://localhost:8080/*".parse().unwrap());
let scope = super::Scope::new(vec![&allow], vec![&deny]);
assert!(!scope.is_allowed(&"http://localhost:8080/file.png".parse().unwrap()));
assert!(!scope.is_allowed(&"http://localhost:8080?framework=tauri".parse().unwrap()));
}
#[test]
@ -109,9 +124,10 @@ mod tests {
let scope = super::Scope::new(vec![&entry], Vec::new());
assert!(scope.is_allowed(&"http://localhost:8080".parse().unwrap()));
assert!(scope.is_allowed(&"http://localhost:8080/".parse().unwrap()));
assert!(scope.is_allowed(&"http://localhost:8080/file".parse().unwrap()));
assert!(scope.is_allowed(&"http://localhost:8080/path/to/asset.png".parse().unwrap()));
assert!(scope.is_allowed(&"http://localhost:8080/path/list?limit=50".parse().unwrap()));
assert!(!scope.is_allowed(&"http://localhost:8080/file".parse().unwrap()));
assert!(!scope.is_allowed(&"http://localhost:8080/path/to/asset.png".parse().unwrap()));
assert!(!scope.is_allowed(&"https://localhost:8080".parse().unwrap()));
assert!(!scope.is_allowed(&"http://localhost:8081".parse().unwrap()));
assert!(!scope.is_allowed(&"http://local:8080".parse().unwrap()));
@ -124,6 +140,7 @@ mod tests {
let scope = super::Scope::new(vec![&entry], Vec::new());
assert!(scope.is_allowed(&"http://localhost:8080/file.png".parse().unwrap()));
assert!(scope.is_allowed(&"http://localhost:8080/file.png?q=1".parse().unwrap()));
assert!(!scope.is_allowed(&"http://localhost:8080".parse().unwrap()));
assert!(!scope.is_allowed(&"http://localhost:8080/file".parse().unwrap()));
@ -136,7 +153,13 @@ mod tests {
let scope = super::Scope::new(vec![&entry], Vec::new());
assert!(scope.is_allowed(&"http://localhost:8080/file.png".parse().unwrap()));
assert!(scope.is_allowed(&"http://localhost:8080/file.png#head".parse().unwrap()));
assert!(scope.is_allowed(&"http://localhost:8080/assets/file.png".parse().unwrap()));
assert!(scope.is_allowed(
&"http://localhost:8080/assets/file.png?width=100&height=200"
.parse()
.unwrap()
));
assert!(!scope.is_allowed(&"http://localhost:8080/file.jpeg".parse().unwrap()));
}
@ -147,7 +170,15 @@ mod tests {
let scope = super::Scope::new(vec![&entry], Vec::new());
assert!(scope.is_allowed(&"http://something.else".parse().unwrap()));
assert!(!scope.is_allowed(&"http://something.else/path/to/file".parse().unwrap()));
assert!(scope.is_allowed(&"http://something.else#tauri".parse().unwrap()));
assert!(scope.is_allowed(&"http://something.else/path/to/file".parse().unwrap()));
assert!(scope.is_allowed(&"http://something.else?rel=tauri".parse().unwrap()));
assert!(scope.is_allowed(
&"http://something.else/path/to/file.mp4?start=500"
.parse()
.unwrap()
));
assert!(!scope.is_allowed(&"https://something.else".parse().unwrap()));
let entry = Arc::new("http://*/*".parse().unwrap());
@ -163,10 +194,11 @@ mod tests {
let scope = super::Scope::new(vec![&entry], Vec::new());
assert!(scope.is_allowed(&"http://something.else".parse().unwrap()));
assert!(!scope.is_allowed(&"http://something.else/path/to/file".parse().unwrap()));
assert!(scope.is_allowed(&"http://something.else/path/to/file".parse().unwrap()));
assert!(scope.is_allowed(&"file://path".parse().unwrap()));
assert!(!scope.is_allowed(&"file://path/to/file".parse().unwrap()));
assert!(scope.is_allowed(&"file://path/to/file".parse().unwrap()));
assert!(scope.is_allowed(&"https://something.else".parse().unwrap()));
assert!(scope.is_allowed(&"https://something.else?x=1#frag".parse().unwrap()));
let entry = Arc::new("*://*/*".parse().unwrap());
let scope = super::Scope::new(vec![&entry], Vec::new());
@ -176,4 +208,24 @@ mod tests {
assert!(scope.is_allowed(&"file://path/to/file".parse().unwrap()));
assert!(scope.is_allowed(&"https://something.else".parse().unwrap()));
}
#[test]
fn validate_query() {
let entry = Arc::new("https://tauri.app/path?x=*".parse().unwrap());
let scope = super::Scope::new(vec![&entry], Vec::new());
assert!(scope.is_allowed(&"https://tauri.app/path?x=5".parse().unwrap()));
assert!(!scope.is_allowed(&"https://tauri.app/path?y=5".parse().unwrap()));
}
#[test]
fn validate_hash() {
let entry = Arc::new("https://tauri.app/path#frame*".parse().unwrap());
let scope = super::Scope::new(vec![&entry], Vec::new());
assert!(scope.is_allowed(&"https://tauri.app/path#frame".parse().unwrap()));
assert!(!scope.is_allowed(&"https://tauri.app/path#work".parse().unwrap()));
}
}

Write Preview
Loading…
Cancel
Save