From a98f9e55787e64ffa19f27f676ba6c5db01f5f5e Mon Sep 17 00:00:00 2001 From: Arturo Mejia Date: Thu, 28 May 2020 11:43:07 -0400 Subject: [PATCH] Closes #7142: Sanitize url in GeckoViewFetch before download --- .../browser/engine/gecko/fetch/GeckoViewFetchClient.kt | 3 ++- .../engine/gecko/fetch/GeckoViewFetchUnitTestCases.kt | 9 +++++++++ .../browser/engine/gecko/fetch/GeckoViewFetchClient.kt | 3 ++- .../engine/gecko/fetch/GeckoViewFetchUnitTestCases.kt | 9 +++++++++ .../browser/engine/gecko/fetch/GeckoViewFetchClient.kt | 3 ++- .../engine/gecko/fetch/GeckoViewFetchUnitTestCases.kt | 9 +++++++++ docs/changelog.md | 3 +++ 7 files changed, 36 insertions(+), 3 deletions(-) diff --git a/components/browser/engine-gecko-beta/src/main/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchClient.kt b/components/browser/engine-gecko-beta/src/main/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchClient.kt index d92db64730f..ec5edd7bb0e 100644 --- a/components/browser/engine-gecko-beta/src/main/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchClient.kt +++ b/components/browser/engine-gecko-beta/src/main/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchClient.kt @@ -73,7 +73,8 @@ class GeckoViewFetchClient( } } -private fun Request.toWebRequest(defaultHeaders: Headers): WebRequest = WebRequest.Builder(url) +@VisibleForTesting +internal fun Request.toWebRequest(defaultHeaders: Headers): WebRequest = WebRequest.Builder(url.trim()) .method(method.name) .addHeadersFrom(this, defaultHeaders) .addBodyFrom(this) diff --git a/components/browser/engine-gecko-beta/src/test/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchUnitTestCases.kt b/components/browser/engine-gecko-beta/src/test/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchUnitTestCases.kt index 1010506e72c..53de0f43628 100644 --- a/components/browser/engine-gecko-beta/src/test/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchUnitTestCases.kt +++ b/components/browser/engine-gecko-beta/src/test/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchUnitTestCases.kt @@ -6,6 +6,7 @@ package mozilla.components.browser.engine.gecko.fetch import androidx.test.ext.junit.runners.AndroidJUnit4 import mozilla.components.concept.fetch.Client +import mozilla.components.concept.fetch.MutableHeaders import mozilla.components.concept.fetch.Request import mozilla.components.support.test.any import mozilla.components.support.test.eq @@ -18,6 +19,7 @@ import okhttp3.mockwebserver.MockWebServer import okhttp3.mockwebserver.RecordedRequest import org.junit.Assert.assertEquals import org.junit.Assert.assertTrue +import org.junit.Assert.assertFalse import org.junit.Before import org.junit.Test import org.junit.runner.RunWith @@ -287,6 +289,13 @@ class GeckoViewFetchUnitTestCases : FetchTestCases() { createNewClient().fetch(Request("")) } + @Test + fun toResponseMustTrimTheUrl() { + val webRequest = Request(url = "\nhttps://www.gruppoapi.com/ricerca-stazioni-servizio/images/logo-gruppoapi-shared.png\n").toWebRequest(MutableHeaders()) + + assertFalse(webRequest.uri.contains("\n")) + } + private fun mockRequest(headerMap: Map? = null, body: String? = null, method: String = "GET") { val server = mock() whenever(server.url(any())).thenReturn(mock()) diff --git a/components/browser/engine-gecko-nightly/src/main/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchClient.kt b/components/browser/engine-gecko-nightly/src/main/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchClient.kt index d8376fcfe21..9961b1e4d12 100644 --- a/components/browser/engine-gecko-nightly/src/main/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchClient.kt +++ b/components/browser/engine-gecko-nightly/src/main/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchClient.kt @@ -75,7 +75,8 @@ class GeckoViewFetchClient( } } -private fun Request.toWebRequest(defaultHeaders: Headers): WebRequest = WebRequest.Builder(url) +@VisibleForTesting +internal fun Request.toWebRequest(defaultHeaders: Headers): WebRequest = WebRequest.Builder(url.trim()) .method(method.name) .addHeadersFrom(this, defaultHeaders) .addBodyFrom(this) diff --git a/components/browser/engine-gecko-nightly/src/test/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchUnitTestCases.kt b/components/browser/engine-gecko-nightly/src/test/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchUnitTestCases.kt index 8776929bcb4..d7e14359453 100644 --- a/components/browser/engine-gecko-nightly/src/test/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchUnitTestCases.kt +++ b/components/browser/engine-gecko-nightly/src/test/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchUnitTestCases.kt @@ -6,6 +6,7 @@ package mozilla.components.browser.engine.gecko.fetch import androidx.test.ext.junit.runners.AndroidJUnit4 import mozilla.components.concept.fetch.Client +import mozilla.components.concept.fetch.MutableHeaders import mozilla.components.concept.fetch.Request import mozilla.components.concept.fetch.Response import mozilla.components.support.test.any @@ -19,6 +20,7 @@ import okhttp3.mockwebserver.MockWebServer import okhttp3.mockwebserver.RecordedRequest import org.junit.Assert.assertEquals import org.junit.Assert.assertTrue +import org.junit.Assert.assertFalse import org.junit.Before import org.junit.Test import org.junit.runner.RunWith @@ -295,6 +297,13 @@ class GeckoViewFetchUnitTestCases : FetchTestCases() { assertEquals(Response.SUCCESS, builder.toResponse(isBlobUri = true).status) } + @Test + fun toResponseMustTrimTheUrl() { + val webRequest = Request(url = "\nhttps://www.gruppoapi.com/ricerca-stazioni-servizio/images/logo-gruppoapi-shared.png\n").toWebRequest(MutableHeaders()) + + assertFalse(webRequest.uri.contains("\n")) + } + private fun mockRequest(headerMap: Map? = null, body: String? = null, method: String = "GET") { val server = mock() whenever(server.url(any())).thenReturn(mock()) diff --git a/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchClient.kt b/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchClient.kt index d92db64730f..ec5edd7bb0e 100644 --- a/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchClient.kt +++ b/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchClient.kt @@ -73,7 +73,8 @@ class GeckoViewFetchClient( } } -private fun Request.toWebRequest(defaultHeaders: Headers): WebRequest = WebRequest.Builder(url) +@VisibleForTesting +internal fun Request.toWebRequest(defaultHeaders: Headers): WebRequest = WebRequest.Builder(url.trim()) .method(method.name) .addHeadersFrom(this, defaultHeaders) .addBodyFrom(this) diff --git a/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchUnitTestCases.kt b/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchUnitTestCases.kt index 1010506e72c..53de0f43628 100644 --- a/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchUnitTestCases.kt +++ b/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/fetch/GeckoViewFetchUnitTestCases.kt @@ -6,6 +6,7 @@ package mozilla.components.browser.engine.gecko.fetch import androidx.test.ext.junit.runners.AndroidJUnit4 import mozilla.components.concept.fetch.Client +import mozilla.components.concept.fetch.MutableHeaders import mozilla.components.concept.fetch.Request import mozilla.components.support.test.any import mozilla.components.support.test.eq @@ -18,6 +19,7 @@ import okhttp3.mockwebserver.MockWebServer import okhttp3.mockwebserver.RecordedRequest import org.junit.Assert.assertEquals import org.junit.Assert.assertTrue +import org.junit.Assert.assertFalse import org.junit.Before import org.junit.Test import org.junit.runner.RunWith @@ -287,6 +289,13 @@ class GeckoViewFetchUnitTestCases : FetchTestCases() { createNewClient().fetch(Request("")) } + @Test + fun toResponseMustTrimTheUrl() { + val webRequest = Request(url = "\nhttps://www.gruppoapi.com/ricerca-stazioni-servizio/images/logo-gruppoapi-shared.png\n").toWebRequest(MutableHeaders()) + + assertFalse(webRequest.uri.contains("\n")) + } + private fun mockRequest(headerMap: Map? = null, body: String? = null, method: String = "GET") { val server = mock() whenever(server.url(any())).thenReturn(mock()) diff --git a/docs/changelog.md b/docs/changelog.md index 4fa187a6eb0..68cb2109017 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -12,6 +12,9 @@ permalink: /changelog/ * [Gecko](https://github.com/mozilla-mobile/android-components/blob/master/buildSrc/src/main/java/Gecko.kt) * [Configuration](https://github.com/mozilla-mobile/android-components/blob/master/buildSrc/src/main/java/Config.kt) +* **browser-engine-gecko**, **browser-engine-gecko-beta**, **browser-engine-gecko-nightly** + * Fixed issue [#7142](https://github.com/mozilla-mobile/android-components/issues/7142) + * **browser-engine-gecko-nightly** * Added support for [onbeforeunload prompt](https://developer.mozilla.org/en-US/docs/Web/API/WindowEventHandlers/onbeforeunload)