urlmatch: split host and port fields in `struct url_info`
[git/git.git] / urlmatch.c
CommitLineData
3402a8dc
KM
1#include "cache.h"
2#include "urlmatch.h"
3
4#define URL_ALPHA "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
5#define URL_DIGIT "0123456789"
6#define URL_ALPHADIGIT URL_ALPHA URL_DIGIT
7#define URL_SCHEME_CHARS URL_ALPHADIGIT "+.-"
8#define URL_HOST_CHARS URL_ALPHADIGIT ".-[:]" /* IPv6 literals need [:] */
9#define URL_UNSAFE_CHARS " <>\"%{}|\\^`" /* plus 0x00-0x1F,0x7F-0xFF */
10#define URL_GEN_RESERVED ":/?#[]@"
11#define URL_SUB_RESERVED "!$&'()*+,;="
12#define URL_RESERVED URL_GEN_RESERVED URL_SUB_RESERVED /* only allowed delims */
13
14static int append_normalized_escapes(struct strbuf *buf,
15 const char *from,
16 size_t from_len,
17 const char *esc_extra,
18 const char *esc_ok)
19{
20 /*
21 * Append to strbuf 'buf' characters from string 'from' with length
22 * 'from_len' while unescaping characters that do not need to be escaped
23 * and escaping characters that do. The set of characters to escape
24 * (the complement of which is unescaped) starts out as the RFC 3986
25 * unsafe characters (0x00-0x1F,0x7F-0xFF," <>\"#%{}|\\^`"). If
26 * 'esc_extra' is not NULL, those additional characters will also always
27 * be escaped. If 'esc_ok' is not NULL, those characters will be left
28 * escaped if found that way, but will not be unescaped otherwise (used
29 * for delimiters). If a %-escape sequence is encountered that is not
30 * followed by 2 hexadecimal digits, the sequence is invalid and
31 * false (0) will be returned. Otherwise true (1) will be returned for
32 * success.
33 *
34 * Note that all %-escape sequences will be normalized to UPPERCASE
35 * as indicated in RFC 3986. Unless included in esc_extra or esc_ok
36 * alphanumerics and "-._~" will always be unescaped as per RFC 3986.
37 */
38
39 while (from_len) {
40 int ch = *from++;
41 int was_esc = 0;
42
43 from_len--;
44 if (ch == '%') {
45 if (from_len < 2 ||
50a71776
JK
46 !isxdigit(from[0]) ||
47 !isxdigit(from[1]))
3402a8dc 48 return 0;
50a71776
JK
49 ch = hexval(*from++) << 4;
50 ch |= hexval(*from++);
3402a8dc
KM
51 from_len -= 2;
52 was_esc = 1;
53 }
54 if ((unsigned char)ch <= 0x1F || (unsigned char)ch >= 0x7F ||
55 strchr(URL_UNSAFE_CHARS, ch) ||
56 (esc_extra && strchr(esc_extra, ch)) ||
57 (was_esc && strchr(esc_ok, ch)))
58 strbuf_addf(buf, "%%%02X", (unsigned char)ch);
59 else
60 strbuf_addch(buf, ch);
61 }
62
63 return 1;
64}
65
3e6a0e64 66static char *url_normalize_1(const char *url, struct url_info *out_info, char allow_globs)
3402a8dc
KM
67{
68 /*
69 * Normalize NUL-terminated url using the following rules:
70 *
71 * 1. Case-insensitive parts of url will be converted to lower case
72 * 2. %-encoded characters that do not need to be will be unencoded
73 * 3. Characters that are not %-encoded and must be will be encoded
74 * 4. All %-encodings will be converted to upper case hexadecimal
75 * 5. Leading 0s are removed from port numbers
76 * 6. If the default port for the scheme is given it will be removed
77 * 7. A path part (including empty) not starting with '/' has one added
78 * 8. Any dot segments (. or ..) in the path are resolved and removed
79 * 9. IPv6 host literals are allowed (but not normalized or validated)
80 *
81 * The rules are based on information in RFC 3986.
82 *
83 * Please note this function requires a full URL including a scheme
84 * and host part (except for file: URLs which may have an empty host).
85 *
86 * The return value is a newly allocated string that must be freed
87 * or NULL if the url is not valid.
88 *
89 * If out_info is non-NULL, the url and err fields therein will always
90 * be set. If a non-NULL value is returned, it will be stored in
91 * out_info->url as well, out_info->err will be set to NULL and the
92 * other fields of *out_info will also be filled in. If a NULL value
93 * is returned, NULL will be stored in out_info->url and out_info->err
94 * will be set to a brief, translated, error message, but no other
95 * fields will be filled in.
96 *
97 * This is NOT a URL validation function. Full URL validation is NOT
98 * performed. Some invalid host names are passed through this function
99 * undetected. However, most all other problems that make a URL invalid
100 * will be detected (including a missing host for non file: URLs).
101 */
102
103 size_t url_len = strlen(url);
104 struct strbuf norm;
105 size_t spanned;
106 size_t scheme_len, user_off=0, user_len=0, passwd_off=0, passwd_len=0;
3ec6e6e8 107 size_t host_off=0, host_len=0, port_off=0, port_len=0, path_off, path_len, result_len;
3402a8dc
KM
108 const char *slash_ptr, *at_ptr, *colon_ptr, *path_start;
109 char *result;
110
111 /*
112 * Copy lowercased scheme and :// suffix, %-escapes are not allowed
113 * First character of scheme must be URL_ALPHA
114 */
115 spanned = strspn(url, URL_SCHEME_CHARS);
116 if (!spanned || !isalpha(url[0]) || spanned + 3 > url_len ||
117 url[spanned] != ':' || url[spanned+1] != '/' || url[spanned+2] != '/') {
118 if (out_info) {
119 out_info->url = NULL;
120 out_info->err = _("invalid URL scheme name or missing '://' suffix");
121 }
122 return NULL; /* Bad scheme and/or missing "://" part */
123 }
124 strbuf_init(&norm, url_len);
125 scheme_len = spanned;
126 spanned += 3;
127 url_len -= spanned;
128 while (spanned--)
129 strbuf_addch(&norm, tolower(*url++));
130
131
132 /*
133 * Copy any username:password if present normalizing %-escapes
134 */
135 at_ptr = strchr(url, '@');
136 slash_ptr = url + strcspn(url, "/?#");
137 if (at_ptr && at_ptr < slash_ptr) {
138 user_off = norm.len;
139 if (at_ptr > url) {
140 if (!append_normalized_escapes(&norm, url, at_ptr - url,
141 "", URL_RESERVED)) {
142 if (out_info) {
143 out_info->url = NULL;
144 out_info->err = _("invalid %XX escape sequence");
145 }
146 strbuf_release(&norm);
147 return NULL;
148 }
149 colon_ptr = strchr(norm.buf + scheme_len + 3, ':');
150 if (colon_ptr) {
151 passwd_off = (colon_ptr + 1) - norm.buf;
152 passwd_len = norm.len - passwd_off;
153 user_len = (passwd_off - 1) - (scheme_len + 3);
154 } else {
155 user_len = norm.len - (scheme_len + 3);
156 }
157 }
158 strbuf_addch(&norm, '@');
159 url_len -= (++at_ptr - url);
160 url = at_ptr;
161 }
162
163
164 /*
165 * Copy the host part excluding any port part, no %-escapes allowed
166 */
167 if (!url_len || strchr(":/?#", *url)) {
168 /* Missing host invalid for all URL schemes except file */
169 if (strncmp(norm.buf, "file:", 5)) {
170 if (out_info) {
171 out_info->url = NULL;
172 out_info->err = _("missing host and scheme is not 'file:'");
173 }
174 strbuf_release(&norm);
175 return NULL;
176 }
177 } else {
178 host_off = norm.len;
179 }
180 colon_ptr = slash_ptr - 1;
181 while (colon_ptr > url && *colon_ptr != ':' && *colon_ptr != ']')
182 colon_ptr--;
183 if (*colon_ptr != ':') {
184 colon_ptr = slash_ptr;
185 } else if (!host_off && colon_ptr < slash_ptr && colon_ptr + 1 != slash_ptr) {
186 /* file: URLs may not have a port number */
187 if (out_info) {
188 out_info->url = NULL;
189 out_info->err = _("a 'file:' URL may not have a port number");
190 }
191 strbuf_release(&norm);
192 return NULL;
193 }
3e6a0e64
PS
194
195 if (allow_globs)
196 spanned = strspn(url, URL_HOST_CHARS "*");
197 else
198 spanned = strspn(url, URL_HOST_CHARS);
199
3402a8dc
KM
200 if (spanned < colon_ptr - url) {
201 /* Host name has invalid characters */
202 if (out_info) {
203 out_info->url = NULL;
204 out_info->err = _("invalid characters in host name");
205 }
206 strbuf_release(&norm);
207 return NULL;
208 }
209 while (url < colon_ptr) {
210 strbuf_addch(&norm, tolower(*url++));
211 url_len--;
212 }
213
214
215 /*
216 * Check the port part and copy if not the default (after removing any
217 * leading 0s); no %-escapes allowed
218 */
219 if (colon_ptr < slash_ptr) {
220 /* skip the ':' and leading 0s but not the last one if all 0s */
221 url++;
222 url += strspn(url, "0");
223 if (url == slash_ptr && url[-1] == '0')
224 url--;
225 if (url == slash_ptr) {
226 /* Skip ":" port with no number, it's same as default */
227 } else if (slash_ptr - url == 2 &&
228 !strncmp(norm.buf, "http:", 5) &&
229 !strncmp(url, "80", 2)) {
230 /* Skip http :80 as it's the default */
231 } else if (slash_ptr - url == 3 &&
232 !strncmp(norm.buf, "https:", 6) &&
233 !strncmp(url, "443", 3)) {
234 /* Skip https :443 as it's the default */
235 } else {
236 /*
237 * Port number must be all digits with leading 0s removed
238 * and since all the protocols we deal with have a 16-bit
239 * port number it must also be in the range 1..65535
240 * 0 is not allowed because that means "next available"
241 * on just about every system and therefore cannot be used
242 */
243 unsigned long pnum = 0;
244 spanned = strspn(url, URL_DIGIT);
245 if (spanned < slash_ptr - url) {
246 /* port number has invalid characters */
247 if (out_info) {
248 out_info->url = NULL;
249 out_info->err = _("invalid port number");
250 }
251 strbuf_release(&norm);
252 return NULL;
253 }
254 if (slash_ptr - url <= 5)
255 pnum = strtoul(url, NULL, 10);
256 if (pnum == 0 || pnum > 65535) {
257 /* port number not in range 1..65535 */
258 if (out_info) {
259 out_info->url = NULL;
260 out_info->err = _("invalid port number");
261 }
262 strbuf_release(&norm);
263 return NULL;
264 }
265 strbuf_addch(&norm, ':');
3ec6e6e8 266 port_off = norm.len;
3402a8dc
KM
267 strbuf_add(&norm, url, slash_ptr - url);
268 port_len = slash_ptr - url;
269 }
270 url_len -= slash_ptr - colon_ptr;
271 url = slash_ptr;
272 }
273 if (host_off)
3ec6e6e8 274 host_len = norm.len - host_off - (port_len ? port_len + 1 : 0);
3402a8dc
KM
275
276
277 /*
278 * Now copy the path resolving any . and .. segments being careful not
279 * to corrupt the URL by unescaping any delimiters, but do add an
280 * initial '/' if it's missing and do normalize any %-escape sequences.
281 */
282 path_off = norm.len;
283 path_start = norm.buf + path_off;
284 strbuf_addch(&norm, '/');
285 if (*url == '/') {
286 url++;
287 url_len--;
288 }
289 for (;;) {
a7f0a0ef
TR
290 const char *seg_start;
291 size_t seg_start_off = norm.len;
3402a8dc
KM
292 const char *next_slash = url + strcspn(url, "/?#");
293 int skip_add_slash = 0;
a7f0a0ef 294
3402a8dc
KM
295 /*
296 * RFC 3689 indicates that any . or .. segments should be
297 * unescaped before being checked for.
298 */
299 if (!append_normalized_escapes(&norm, url, next_slash - url, "",
300 URL_RESERVED)) {
301 if (out_info) {
302 out_info->url = NULL;
303 out_info->err = _("invalid %XX escape sequence");
304 }
305 strbuf_release(&norm);
306 return NULL;
307 }
a7f0a0ef
TR
308
309 seg_start = norm.buf + seg_start_off;
3402a8dc
KM
310 if (!strcmp(seg_start, ".")) {
311 /* ignore a . segment; be careful not to remove initial '/' */
312 if (seg_start == path_start + 1) {
313 strbuf_setlen(&norm, norm.len - 1);
314 skip_add_slash = 1;
315 } else {
316 strbuf_setlen(&norm, norm.len - 2);
317 }
318 } else if (!strcmp(seg_start, "..")) {
319 /*
320 * ignore a .. segment and remove the previous segment;
321 * be careful not to remove initial '/' from path
322 */
323 const char *prev_slash = norm.buf + norm.len - 3;
324 if (prev_slash == path_start) {
325 /* invalid .. because no previous segment to remove */
326 if (out_info) {
327 out_info->url = NULL;
328 out_info->err = _("invalid '..' path segment");
329 }
330 strbuf_release(&norm);
331 return NULL;
332 }
333 while (*--prev_slash != '/') {}
334 if (prev_slash == path_start) {
335 strbuf_setlen(&norm, prev_slash - norm.buf + 1);
336 skip_add_slash = 1;
337 } else {
338 strbuf_setlen(&norm, prev_slash - norm.buf);
339 }
340 }
341 url_len -= next_slash - url;
342 url = next_slash;
343 /* if the next char is not '/' done with the path */
344 if (*url != '/')
345 break;
346 url++;
347 url_len--;
348 if (!skip_add_slash)
349 strbuf_addch(&norm, '/');
350 }
351 path_len = norm.len - path_off;
352
353
354 /*
355 * Now simply copy the rest, if any, only normalizing %-escapes and
356 * being careful not to corrupt the URL by unescaping any delimiters.
357 */
358 if (*url) {
359 if (!append_normalized_escapes(&norm, url, url_len, "", URL_RESERVED)) {
360 if (out_info) {
361 out_info->url = NULL;
362 out_info->err = _("invalid %XX escape sequence");
363 }
364 strbuf_release(&norm);
365 return NULL;
366 }
367 }
368
369
370 result = strbuf_detach(&norm, &result_len);
371 if (out_info) {
372 out_info->url = result;
373 out_info->err = NULL;
374 out_info->url_len = result_len;
375 out_info->scheme_len = scheme_len;
376 out_info->user_off = user_off;
377 out_info->user_len = user_len;
378 out_info->passwd_off = passwd_off;
379 out_info->passwd_len = passwd_len;
380 out_info->host_off = host_off;
381 out_info->host_len = host_len;
3ec6e6e8 382 out_info->port_off = port_off;
3402a8dc
KM
383 out_info->port_len = port_len;
384 out_info->path_off = path_off;
385 out_info->path_len = path_len;
386 }
387 return result;
388}
389
3e6a0e64
PS
390char *url_normalize(const char *url, struct url_info *out_info)
391{
392 return url_normalize_1(url, out_info, 0);
393}
394
3402a8dc
KM
395static size_t url_match_prefix(const char *url,
396 const char *url_prefix,
397 size_t url_prefix_len)
398{
399 /*
400 * url_prefix matches url if url_prefix is an exact match for url or it
401 * is a prefix of url and the match ends on a path component boundary.
402 * Both url and url_prefix are considered to have an implicit '/' on the
403 * end for matching purposes if they do not already.
404 *
405 * url must be NUL terminated. url_prefix_len is the length of
406 * url_prefix which need not be NUL terminated.
407 *
408 * The return value is the length of the match in characters (including
409 * the final '/' even if it's implicit) or 0 for no match.
410 *
411 * Passing NULL as url and/or url_prefix will always cause 0 to be
412 * returned without causing any faults.
413 */
414 if (!url || !url_prefix)
415 return 0;
416 if (!url_prefix_len || (url_prefix_len == 1 && *url_prefix == '/'))
417 return (!*url || *url == '/') ? 1 : 0;
418 if (url_prefix[url_prefix_len - 1] == '/')
419 url_prefix_len--;
420 if (strncmp(url, url_prefix, url_prefix_len))
421 return 0;
422 if ((strlen(url) == url_prefix_len) || (url[url_prefix_len] == '/'))
423 return url_prefix_len + 1;
424 return 0;
425}
426
667f7eb2
JH
427static int match_urls(const struct url_info *url,
428 const struct url_info *url_prefix,
429 int *exactusermatch)
3402a8dc
KM
430{
431 /*
432 * url_prefix matches url if the scheme, host and port of url_prefix
433 * are the same as those of url and the path portion of url_prefix
434 * is the same as the path portion of url or it is a prefix that
435 * matches at a '/' boundary. If url_prefix contains a user name,
436 * that must also exactly match the user name in url.
437 *
438 * If the user, host, port and path match in this fashion, the returned
439 * value is the length of the path match including any implicit
440 * final '/'. For example, "http://me@example.com/path" is matched by
441 * "http://example.com" with a path length of 1.
442 *
443 * If there is a match and exactusermatch is not NULL, then
444 * *exactusermatch will be set to true if both url and url_prefix
445 * contained a user name or false if url_prefix did not have a
446 * user name. If there is no match *exactusermatch is left untouched.
447 */
448 int usermatched = 0;
449 int pathmatchlen;
450
451 if (!url || !url_prefix || !url->url || !url_prefix->url)
452 return 0;
453
454 /* check the scheme */
455 if (url_prefix->scheme_len != url->scheme_len ||
456 strncmp(url->url, url_prefix->url, url->scheme_len))
457 return 0; /* schemes do not match */
458
459 /* check the user name if url_prefix has one */
460 if (url_prefix->user_off) {
461 if (!url->user_off || url->user_len != url_prefix->user_len ||
462 strncmp(url->url + url->user_off,
463 url_prefix->url + url_prefix->user_off,
464 url->user_len))
465 return 0; /* url_prefix has a user but it's not a match */
466 usermatched = 1;
467 }
468
3ec6e6e8 469 /* check the host */
3402a8dc
KM
470 if (url_prefix->host_len != url->host_len ||
471 strncmp(url->url + url->host_off,
472 url_prefix->url + url_prefix->host_off, url->host_len))
3ec6e6e8
PS
473 return 0; /* host names do not match */
474
475 /* check the port */
476 if (url_prefix->port_len != url->port_len ||
477 strncmp(url->url + url->port_off,
478 url_prefix->url + url_prefix->port_off, url->port_len))
479 return 0; /* ports do not match */
3402a8dc
KM
480
481 /* check the path */
482 pathmatchlen = url_match_prefix(
483 url->url + url->path_off,
484 url_prefix->url + url_prefix->path_off,
485 url_prefix->url_len - url_prefix->path_off);
486
487 if (pathmatchlen && exactusermatch)
488 *exactusermatch = usermatched;
489 return pathmatchlen;
490}
836b6fb5
JH
491
492int urlmatch_config_entry(const char *var, const char *value, void *cb)
493{
494 struct string_list_item *item;
495 struct urlmatch_config *collect = cb;
496 struct urlmatch_item *matched;
497 struct url_info *url = &collect->url;
498 const char *key, *dot;
499 struct strbuf synthkey = STRBUF_INIT;
500 size_t matched_len = 0;
501 int user_matched = 0;
502 int retval;
503
cf4fff57 504 if (!skip_prefix(var, collect->section, &key) || *(key++) != '.') {
836b6fb5
JH
505 if (collect->cascade_fn)
506 return collect->cascade_fn(var, value, cb);
507 return 0; /* not interested */
508 }
509 dot = strrchr(key, '.');
510 if (dot) {
511 char *config_url, *norm_url;
512 struct url_info norm_info;
513
514 config_url = xmemdupz(key, dot - key);
515 norm_url = url_normalize(config_url, &norm_info);
516 free(config_url);
517 if (!norm_url)
518 return 0;
519 matched_len = match_urls(url, &norm_info, &user_matched);
520 free(norm_url);
521 if (!matched_len)
522 return 0;
523 key = dot + 1;
524 }
525
526 if (collect->key && strcmp(key, collect->key))
527 return 0;
528
529 item = string_list_insert(&collect->vars, key);
530 if (!item->util) {
531 matched = xcalloc(1, sizeof(*matched));
532 item->util = matched;
533 } else {
534 matched = item->util;
535 /*
536 * Is our match shorter? Is our match the same
537 * length, and without user while the current
538 * candidate is with user? Then we cannot use it.
539 */
540 if (matched_len < matched->matched_len ||
541 ((matched_len == matched->matched_len) &&
542 (!user_matched && matched->user_matched)))
543 return 0;
544 /* Otherwise, replace it with this one. */
545 }
546
547 matched->matched_len = matched_len;
548 matched->user_matched = user_matched;
549 strbuf_addstr(&synthkey, collect->section);
550 strbuf_addch(&synthkey, '.');
551 strbuf_addstr(&synthkey, key);
552 retval = collect->collect_fn(synthkey.buf, value, collect->cb);
553
554 strbuf_release(&synthkey);
555 return retval;
556}