Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: new helper functions to replace regexes #807

Browse Source 
Implemented new StringUtil helper functions: splitCommaSeparated, sanitizeUrlPart, isValidFileName.
Added helper functions to HeaderUtil: matchesAuthorizationScheme, hasScheme.
Added unit tests for the new helper functions.
Refactored codebase to use helper functions instead of regexes if applicable.
This commit is contained in:
Wannes Kerckhove
2022-04-08 16:54:33 +02:00
committed by Joachim Van Herwegen
parent 1b7cc1ea3a
commit 283c301f08
18 changed files with 186 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/authentication/BearerWebIdExtractor.ts
View File

@@ -4,6 +4,7 @@ import { getLoggerFor } from '../logging/LogUtil';
import type { HttpRequest } from '../server/HttpRequest';
import { BadRequestHttpError } from '../util/errors/BadRequestHttpError';
import { NotImplementedHttpError } from '../util/errors/NotImplementedHttpError';
import { matchesAuthorizationScheme } from '../util/HeaderUtil';
import { CredentialGroup } from './Credentials';
import type { CredentialSet } from './Credentials';
import { CredentialsExtractor } from './CredentialsExtractor';
@@ -19,7 +20,7 @@ export class BearerWebIdExtractor extends CredentialsExtractor {
public async canHandle({ headers }: HttpRequest): Promise<void> {
const { authorization } = headers;
if (!authorization || !/^Bearer /ui.test(authorization)) {
if (!matchesAuthorizationScheme('Bearer', authorization)) {
throw new NotImplementedHttpError('No Bearer Authorization header specified.');
}
}

3
src/authentication/DPoPWebIdExtractor.ts
View File

@@ -5,6 +5,7 @@ import { getLoggerFor } from '../logging/LogUtil';
import type { HttpRequest } from '../server/HttpRequest';
import { BadRequestHttpError } from '../util/errors/BadRequestHttpError';
import { NotImplementedHttpError } from '../util/errors/NotImplementedHttpError';
import { matchesAuthorizationScheme } from '../util/HeaderUtil';
import { CredentialGroup } from './Credentials';
import type { CredentialSet } from './Credentials';
import { CredentialsExtractor } from './CredentialsExtractor';
@@ -27,7 +28,7 @@ export class DPoPWebIdExtractor extends CredentialsExtractor {
public async canHandle({ headers }: HttpRequest): Promise<void> {
const { authorization } = headers;
if (!authorization || !/^DPoP /ui.test(authorization)) {
if (!matchesAuthorizationScheme('DPoP', authorization)) {
throw new NotImplementedHttpError('No DPoP-bound Authorization header specified.');
}
}

3
src/authentication/UnsecureWebIdExtractor.ts
View File

@@ -1,6 +1,7 @@
import { getLoggerFor } from '../logging/LogUtil';
import type { HttpRequest } from '../server/HttpRequest';
import { NotImplementedHttpError } from '../util/errors/NotImplementedHttpError';
import { matchesAuthorizationScheme } from '../util/HeaderUtil';
import { CredentialGroup } from './Credentials';
import type { CredentialSet } from './Credentials';
import { CredentialsExtractor } from './CredentialsExtractor';
@@ -13,7 +14,7 @@ export class UnsecureWebIdExtractor extends CredentialsExtractor {
public async canHandle({ headers }: HttpRequest): Promise<void> {
const { authorization } = headers;
if (!authorization || !/^WebID /ui.test(authorization)) {
if (!matchesAuthorizationScheme('WebID', authorization)) {
throw new NotImplementedHttpError('No WebID Authorization header specified.');
}
}

3
src/http/UnsecureWebSocketsProtocol.ts
View File

@@ -4,6 +4,7 @@ import { getLoggerFor } from '../logging/LogUtil';
import type { HttpRequest } from '../server/HttpRequest';
import { WebSocketHandler } from '../server/WebSocketHandler';
import { parseForwarded } from '../util/HeaderUtil';
import { splitCommaSeparated } from '../util/StringUtil';
import type { ResourceIdentifier } from './representation/ResourceIdentifier';
const VERSION = 'solid-0.1';
@@ -36,7 +37,7 @@ class WebSocketListener extends EventEmitter {
if (!protocolHeader) {
this.sendMessage('warning', `Missing Sec-WebSocket-Protocol header, expected value '${VERSION}'`);
} else {
const supportedProtocols = protocolHeader.split(/\s*,\s*/u);
const supportedProtocols = splitCommaSeparated(protocolHeader);
if (!supportedProtocols.includes(VERSION)) {
this.sendMessage('error', `Client does not support protocol ${VERSION}`);
this.stop();

6
src/http/input/conditions/BasicConditionsParser.ts
View File

@@ -3,6 +3,7 @@ import type { HttpRequest } from '../../../server/HttpRequest';
import type { BasicConditionsOptions } from '../../../storage/BasicConditions';
import { BasicConditions } from '../../../storage/BasicConditions';
import type { Conditions } from '../../../storage/Conditions';
import { splitCommaSeparated } from '../../../util/StringUtil';
import { ConditionsParser } from './ConditionsParser';
/**
@@ -58,6 +59,9 @@ export class BasicConditionsParser extends ConditionsParser {
* Undefined if there is no value for the given header name.
*/
private parseTagHeader(request: HttpRequest, header: 'if-match' | 'if-none-match'): string[] | undefined {
return request.headers[header]?.trim().split(/\s*,\s*/u);
const headerValue = request.headers[header];
if (headerValue) {
return splitCommaSeparated(headerValue.trim());
}
}
}

3
src/identity/interaction/email-password/util/RegistrationManager.ts
View File

@@ -4,6 +4,7 @@ import { getLoggerFor } from '../../../../logging/LogUtil';
import type { IdentifierGenerator } from '../../../../pods/generate/IdentifierGenerator';
import type { PodManager } from '../../../../pods/PodManager';
import type { PodSettings } from '../../../../pods/settings/PodSettings';
import { hasScheme } from '../../../../util/HeaderUtil';
import { joinUrl } from '../../../../util/PathUtil';
import type { OwnershipValidator } from '../../../ownership/OwnershipValidator';
import { assertPassword } from '../EmailPasswordUtil';
@@ -139,7 +140,7 @@ export class RegistrationManager {
// Parse WebID
if (!validated.createWebId) {
const trimmedWebId = this.trimString(webId);
assert(trimmedWebId && /^https?:\/\/[^/]+/u.test(trimmedWebId), 'Please enter a valid WebID.');
assert(trimmedWebId && hasScheme(trimmedWebId, 'http', 'https'), 'Please enter a valid WebID.');
validated.webId = trimmedWebId;
}

3
src/identity/storage/WebIdAdapterFactory.ts
View File

@@ -6,6 +6,7 @@ import { getLoggerFor } from '../../logging/LogUtil';
import type { RepresentationConverter } from '../../storage/conversion/RepresentationConverter';
import { createErrorMessage } from '../../util/errors/ErrorUtil';
import { responseToDataset } from '../../util/FetchUtil';
import { hasScheme } from '../../util/HeaderUtil';
import { OIDC } from '../../util/Vocabularies';
import type { AdapterFactory } from './AdapterFactory';
@@ -42,7 +43,7 @@ export class WebIdAdapter implements Adapter {
// Try to see if valid client metadata is found at the given Client ID.
// The oidc-provider library will check if the redirect_uri matches an entry in the list of redirect_uris,
// so no extra checks are needed from our side.
if (!payload && this.name === 'Client' && /^https?:\/\/.+/u.test(id)) {
if (!payload && this.name === 'Client' && hasScheme(id, 'http', 'https')) {
this.logger.debug(`Looking for payload data at ${id}`);
// All checks based on https://solid.github.io/authentication-panel/solid-oidc/#clientids-webid
if (!/^https:|^http:\/\/localhost(?::\d+)?(?:\/|$)/u.test(id)) {

1
src/index.ts
View File

@@ -433,6 +433,7 @@ export * from './util/QuadUtil';
export * from './util/RecordObject';
export * from './util/ResourceUtil';
export * from './util/StreamUtil';
export * from './util/StringUtil';
export * from './util/TermUtil';
export * from './util/TimerUtil';
export * from './util/Vocabularies';

3
src/pods/generate/SubdomainIdentifierGenerator.ts
View File

@@ -1,5 +1,6 @@
import type { ResourceIdentifier } from '../../http/representation/ResourceIdentifier';
import { ensureTrailingSlash, extractScheme } from '../../util/PathUtil';
import { sanitizeUrlPart } from '../../util/StringUtil';
import type { IdentifierGenerator } from './IdentifierGenerator';
/**
@@ -15,7 +16,7 @@ export class SubdomainIdentifierGenerator implements IdentifierGenerator {
public generate(name: string): ResourceIdentifier {
// Using the punycode converter is a risk as it doesn't convert slashes for example
const cleanName = name.replace(/\W/gu, '-');
const cleanName = sanitizeUrlPart(name);
return { path: `${this.baseParts.scheme}${cleanName}.${this.baseParts.rest}` };
}
}

3
src/pods/generate/SuffixIdentifierGenerator.ts
View File

@@ -1,5 +1,6 @@
import type { ResourceIdentifier } from '../../http/representation/ResourceIdentifier';
import { ensureTrailingSlash } from '../../util/PathUtil';
import { sanitizeUrlPart } from '../../util/StringUtil';
import type { IdentifierGenerator } from './IdentifierGenerator';
/**
@@ -14,7 +15,7 @@ export class SuffixIdentifierGenerator implements IdentifierGenerator {
}
public generate(name: string): ResourceIdentifier {
const cleanName = name.replace(/\W/gu, '-');
const cleanName = sanitizeUrlPart(name);
return { path: ensureTrailingSlash(new URL(cleanName, this.base).href) };
}
}

4
src/server/middleware/WebSocketAdvertiser.ts
View File

@@ -1,4 +1,4 @@
import { addHeader } from '../../util/HeaderUtil';
import { addHeader, hasScheme } from '../../util/HeaderUtil';
import { HttpHandler } from '../HttpHandler';
import type { HttpResponse } from '../HttpResponse';
@@ -11,7 +11,7 @@ export class WebSocketAdvertiser extends HttpHandler {
public constructor(baseUrl: string) {
super();
const socketUrl = new URL(baseUrl);
socketUrl.protocol = /^(?:http|ws):/u.test(baseUrl) ? 'ws:' : 'wss:';
socketUrl.protocol = hasScheme(baseUrl, 'http', 'ws') ? 'ws:' : 'wss:';
this.socketUrl = socketUrl.href;
}

3
src/storage/IndexRepresentationStore.ts
View File

@@ -4,6 +4,7 @@ import type { RepresentationPreferences } from '../http/representation/Represent
import type { ResourceIdentifier } from '../http/representation/ResourceIdentifier';
import { NotFoundHttpError } from '../util/errors/NotFoundHttpError';
import { isContainerIdentifier } from '../util/PathUtil';
import { isValidFileName } from '../util/StringUtil';
import type { Conditions } from './Conditions';
import { cleanPreferences, matchesMediaType } from './conversion/ConversionUtil';
import { PassthroughStore } from './PassthroughStore';
@@ -31,7 +32,7 @@ export class IndexRepresentationStore extends PassthroughStore {
public constructor(source: ResourceStore, indexName = 'index.html', mediaRange = 'text/html') {
super(source);
assert(/^[\w.-]+$/u.test(indexName), 'Invalid index name');
assert(isValidFileName(indexName), 'Invalid index name');
this.indexName = indexName;
this.mediaRange = mediaRange;
}

3
src/storage/conversion/ErrorToTemplateConverter.ts
View File

@@ -5,6 +5,7 @@ import { INTERNAL_ERROR } from '../../util/ContentTypes';
import { HttpError } from '../../util/errors/HttpError';
import { resolveModulePath } from '../../util/PathUtil';
import { getSingleItem } from '../../util/StreamUtil';
import { isValidFileName } from '../../util/StringUtil';
import type { TemplateEngine } from '../../util/templates/TemplateEngine';
import { BaseTypedRepresentationConverter } from './BaseTypedRepresentationConverter';
import type { RepresentationConverterArgs } from './RepresentationConverter';
@@ -63,7 +64,7 @@ export class ErrorToTemplateConverter extends BaseTypedRepresentationConverter {
if (HttpError.isInstance(error)) {
try {
const templateFile = `${error.errorCode}${this.extension}`;
assert(/^[\w.-]+$/u.test(templateFile), 'Invalid error template name');
assert(isValidFileName(templateFile), 'Invalid error template name');
description = await this.templateEngine.render(error.details ?? {},
{ templateFile, templatePath: this.codeTemplatesPath });
} catch {

33
src/util/HeaderUtil.ts
View File

@@ -1,9 +1,12 @@
import type { IncomingHttpHeaders } from 'http';
import escapeStringRegexp from 'escape-string-regexp';
import { getLoggerFor } from '../logging/LogUtil';
import type { HttpResponse } from '../server/HttpResponse';
import { BadRequestHttpError } from './errors/BadRequestHttpError';
const logger = getLoggerFor('HeaderUtil');
// Map used as a simple cache in the helper function matchesAuthorizationScheme.
const authSchemeRegexCache: Map<string, RegExp> = new Map();
// BNF based on https://tools.ietf.org/html/rfc7231
//
@@ -508,6 +511,7 @@ export function parseForwarded(headers: IncomingHttpHeaders): Forwarded {
/**
* Parses the link header(s) and returns an array of LinkEntry objects.
*
* @param link - A single link header or an array of link headers
* @returns A LinkEntry array, LinkEntry contains a link and a params Record&lt;string,string&gt;
*/
@@ -547,3 +551,32 @@ export function parseLinkHeader(link: string | string[] = []): LinkEntry[] {
}
return links;
}
/**
* Checks if the value of an HTTP Authorization header matches a specific scheme (e.g. Basic, Bearer, etc).
*
* @param scheme - Name of the authorization scheme (case insensitive).
* @param authorization - The value of the Authorization header (may be undefined).
* @returns True if the Authorization header uses the specified scheme, false otherwise.
*/
export function matchesAuthorizationScheme(scheme: string, authorization?: string): boolean {
const lowerCaseScheme = scheme.toLowerCase();
if (!authSchemeRegexCache.has(lowerCaseScheme)) {
authSchemeRegexCache.set(lowerCaseScheme, new RegExp(`^${escapeStringRegexp(lowerCaseScheme)} `, 'ui'));
}
// Support authorization being undefined (for the sake of usability).
return typeof authorization !== 'undefined' && authSchemeRegexCache.get(lowerCaseScheme)!.test(authorization);
}
/**
* Checks if the scheme part of the specified url matches at least one of the provided options.
*
* @param url - A string representing the URL.
* @param schemes - Scheme value options (the function will check if at least one matches the URL scheme).
* @returns True if the URL scheme matches at least one of the provided options, false otherwise.
*/
export function hasScheme(url: string, ...schemes: string[]): boolean {
const schemeOptions = new Set(schemes.map((item): string => item.toLowerCase()));
const urlSchemeResult = /^(.+?):\/\//u.exec(url);
return urlSchemeResult ? schemeOptions.has(urlSchemeResult[1].toLowerCase()) : false;
}

30
src/util/StringUtil.ts Normal file
View File

@@ -0,0 +1,30 @@
/**
* Splits a string by comma.
*
* @param input - String instance to split.
*
* @returns A String array containining the split parts.
*/
export function splitCommaSeparated(input: string): string[] {
return input.split(/\s*,\s*/u);
}
/**
* Sanitizes part of a URL by replacing non-word content with a '-'.
*
* @param urlPart - The URL part to sanitize.
* @returns The sanitized output.
*/
export function sanitizeUrlPart(urlPart: string): string {
return urlPart.replace(/\W/gu, '-');
}
/**
* Checks the validity of a file name. A valid name consists of word characters, '-' or '.'.
*
* @param name - The name of the file to validate.
* @returns True if the filename is valid, false otherwise.
*/
export function isValidFileName(name: string): boolean {
return /^[\w.-]+$/u.test(name);
}