roc-lang/roc
1
1
Fork 0
mirror of https://github.com/roc-lang/roc.git synced 2024-09-20 23:37:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adjust packaging/https to check for misleading unicode characters

Browse Source 
Related to #5487
This commit is contained in:
Fábio Beirão 2023-05-31 16:48:33 +02:00
parent 8cbd40a743
commit 842f8b9941
No known key found for this signature in database
GPG Key ID: 13FD3A2130278AAE
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
crates/packaging/src/https.rs
View File

@ -29,6 +29,14 @@ pub struct PackageMetadata<'a> {
/// - .tar.br
const VALID_EXTENSION_SUFFIXES: [&str; 2] = [".gz", ".br"];
/// Characters that could be misleading if present in URLs:
///
/// - U+2044 Fraction Slash
/// - U+2215 Division Slash
/// - U+FF0F Fullwidth Solidus
/// - U+29F8 Big Solidus
const MISLEADING_CHARACTERS_IN_URL: [&str; 4] = ["\u{2044}", "\u{2215}", "\u{FF0F}", "\u{29F8}"];
#[derive(Debug)]
pub enum UrlProblem {
InvalidExtensionSuffix(String),
@ -36,6 +44,7 @@ pub enum UrlProblem {
InvalidFragment(String),
MissingHash,
MissingHttps,
MisleadingCharacter,
}
impl<'a> TryFrom<&'a str> for PackageMetadata<'a> {
@ -56,6 +65,13 @@ impl<'a> PackageMetadata<'a> {
}
};
// Next, check if there are misleading characters in the URL
for misleading_character in MISLEADING_CHARACTERS_IN_URL {
if url.contains(misleading_character) {
return Err(UrlProblem::MisleadingCharacter);
}
}
// Next, get the (optional) URL fragment, which must be a .roc filename
let (without_fragment, fragment) = match without_protocol.rsplit_once('#') {
Some((before_fragment, fragment)) => {