From e1e1498c97c929821c3b84ff7dd1753fe3180ce4 Mon Sep 17 00:00:00 2001
From: Evgeny Kuznetsov <evgeny@kuznetsov.md>
Date: Thu, 23 Mar 2023 18:21:59 +0300
Subject: fix: add check for empty source host

---
 main.go      | 3 ++-
 main_test.go | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/main.go b/main.go
index 41f8334..366ebde 100644
--- a/main.go
+++ b/main.go
@@ -21,11 +21,12 @@ type endpoint struct {
 // ServeHTTP is http.Handler implementation.
 func (ep endpoint) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	source, err := url.Parse(r.PostFormValue("source"))
-	if err != nil {
+	if err != nil || source.Host == "" {
 		w.WriteHeader(http.StatusBadRequest)
 		w.Write([]byte(errSrcInvalid))
 		return
 	}
+
 	if source.Scheme != "http" && source.Scheme != "https" {
 		w.WriteHeader(http.StatusBadRequest)
 		w.Write([]byte(errInvalidScheme))
diff --git a/main_test.go b/main_test.go
index e88c5b7..48ba1e9 100644
--- a/main_test.go
+++ b/main_test.go
@@ -19,6 +19,7 @@ func TestSyncRejection(t *testing.T) {
 		expect string
 	}{
 		{"invalid source", "https||:example.org/somewhere", "my.site/part/target", errSrcInvalid},
+		{"empty source", "http://", "https://my.site/part/target", errSrcInvalid},
 		{"target no accepted", "https://example.org/somewhere", "wrong.site/tgt", errTgtNotAccepted},
 		{"wrong source scheme", "ftp://example.org/somewhere", "http://my.site/part/tgt", errInvalidScheme},
 		{"wrong target scheme", "http://example.org/somewhere", "ssh://my.site/part/tgt", errInvalidScheme},
-- 
cgit v1.2.3