From e1e1498c97c929821c3b84ff7dd1753fe3180ce4 Mon Sep 17 00:00:00 2001 From: Evgeny Kuznetsov Date: Thu, 23 Mar 2023 18:21:59 +0300 Subject: fix: add check for empty source host --- main.go | 3 ++- main_test.go | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/main.go b/main.go index 41f8334..366ebde 100644 --- a/main.go +++ b/main.go @@ -21,11 +21,12 @@ type endpoint struct { // ServeHTTP is http.Handler implementation. func (ep endpoint) ServeHTTP(w http.ResponseWriter, r *http.Request) { source, err := url.Parse(r.PostFormValue("source")) - if err != nil { + if err != nil || source.Host == "" { w.WriteHeader(http.StatusBadRequest) w.Write([]byte(errSrcInvalid)) return } + if source.Scheme != "http" && source.Scheme != "https" { w.WriteHeader(http.StatusBadRequest) w.Write([]byte(errInvalidScheme)) diff --git a/main_test.go b/main_test.go index e88c5b7..48ba1e9 100644 --- a/main_test.go +++ b/main_test.go @@ -19,6 +19,7 @@ func TestSyncRejection(t *testing.T) { expect string }{ {"invalid source", "https||:example.org/somewhere", "my.site/part/target", errSrcInvalid}, + {"empty source", "http://", "https://my.site/part/target", errSrcInvalid}, {"target no accepted", "https://example.org/somewhere", "wrong.site/tgt", errTgtNotAccepted}, {"wrong source scheme", "ftp://example.org/somewhere", "http://my.site/part/tgt", errInvalidScheme}, {"wrong target scheme", "http://example.org/somewhere", "ssh://my.site/part/tgt", errInvalidScheme}, -- cgit v1.2.3