According to section 19.1.2 of RFC 3261:

  For each component, the set of valid BNF expansions defines exactly
  which characters may appear unescaped.  All other characters MUST be
  escaped.

This patch modifies ast_uri_encode() to encode strings in line with this recommendation.  This patch also adds an ast_escape_quoted() function which escapes '"' and '\' characters in quoted strings in accordance with section 25.1 of RFC 3261.  The ast_uri_encode() function has also been modified to take an ast_flags struct describing the set of rules it should use when escaping characters to allow for it to escape SIP URIs in addition to HTTP URIs and other types of URIs or variations of those two URI types in the future.

The ast_uri_decode() function has also been modified to accept an ast_flags struct describing the set of rules to use when decoding to enable decoding '+' as ' ' in legacy http URLs.

The unit tests for these functions have also been updated.

ABE-2705

Review: https://reviewboard.asterisk.org/r/1081/


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@303509 65c4cc65-6c06-0410-ace0-fbb531ad65f3

1 files changed, 103 insertions, 33 deletions

diff --git a/tests/test_utils.c b/tests/test_utils.c
index b7a368a7d..fd9d3bc4a 100644
--- a/tests/test_utils.c
+++ b/tests/test_utils.c
@@ -45,9 +45,47 @@ AST_TEST_DEFINE(uri_encode_decode_test)
 {
 	int res = AST_TEST_PASS;
 	const char *in = "abcdefghijklmnopurstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 1234567890 ~`!@#$%^&*()_-+={[}]|\\:;\"'<,>.?/";
-	const char *expected1 = "abcdefghijklmnopurstuvwxyz%20ABCDEFGHIJKLMNOPQRSTUVWXYZ%201234567890%20~%60!%40%23%24%25%5E%26*()_-%2B%3D%7B%5B%7D%5D%7C%5C%3A%3B%22'%3C%2C%3E.%3F%2F";
-	const char *expected2 = "abcdefghijklmnopurstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 1234567890 ~`!@#$%25^&*()_-+={[}]|\\:;\"'<,>.?/";
 	char out[256] = { 0 };
+	char small[4] = { 0 };
+	const struct ast_flags none = {0};
+	int i = 0;
+
+	static struct {
+		const char *spec_str;
+		struct ast_flags spec;
+
+		char *buf;
+		size_t buflen;
+
+		const char *input;
+		const char *output;
+		const char *decoded_output;
+	} tests[5];
+
+#define INIT_ENCODE_TEST(s, buffer, in, out, dec_out) do { \
+	if (i < ARRAY_LEN(tests)) { \
+		tests[i].spec_str = #s; \
+		tests[i].spec = s; \
+		tests[i].buf = buffer; \
+		tests[i].buflen = sizeof(buffer); \
+		tests[i].input = in; \
+		tests[i].output = out; \
+		tests[i].decoded_output = dec_out; \
+		i++; \
+	} else { \
+			ast_test_status_update(test, "error: 'tests' array too small\n"); \
+			res = AST_TEST_FAIL; \
+	} \
+	} while (0)
+
+	INIT_ENCODE_TEST(ast_uri_http, out, in,
+		"abcdefghijklmnopurstuvwxyz%20ABCDEFGHIJKLMNOPQRSTUVWXYZ%201234567890%20~%60!%40%23%24%25%5E%26*()_-%2B%3D%7B%5B%7D%5D%7C%5C%3A%3B%22'%3C%2C%3E.%3F%2F", in);
+	INIT_ENCODE_TEST(ast_uri_http_legacy, out, in,
+		"abcdefghijklmnopurstuvwxyz+ABCDEFGHIJKLMNOPQRSTUVWXYZ+1234567890+~%60!%40%23%24%25%5E%26*()_-%2B%3D%7B%5B%7D%5D%7C%5C%3A%3B%22'%3C%2C%3E.%3F%2F", in);
+	INIT_ENCODE_TEST(ast_uri_sip_user, out, in,
+		"abcdefghijklmnopurstuvwxyz%20ABCDEFGHIJKLMNOPQRSTUVWXYZ%201234567890%20~%60!%40%23$%25%5E&*()_-+=%7B%5B%7D%5D%7C%5C%3A;%22'%3C,%3E.?/", in);
+	INIT_ENCODE_TEST(none, small, in, "%61", "a");
+	INIT_ENCODE_TEST(ast_uri_http, small, in, "abc", "abc");
 
 	switch (cmd) {
 	case TEST_INIT:
@@ -60,43 +98,73 @@ AST_TEST_DEFINE(uri_encode_decode_test)
 		break;
 	}
 
-	ast_test_status_update(test, "Input before executing ast_uri_encode:\n%s\n", in);
-	ast_test_status_update(test, "Output expected for ast_uri_encode with enabling do_special_char: %s\n", expected1);
-	ast_test_status_update(test, "Output expected for ast_uri_encode with out enabling do_special_char: %s\n\n", expected2);
+	for (i = 0; i < ARRAY_LEN(tests); i++) {
+		ast_uri_encode(tests[i].input, tests[i].buf, tests[i].buflen, tests[i].spec);
+		if (strcmp(tests[i].output, tests[i].buf)) {
+			ast_test_status_update(test, "encoding with %s did not match expected output, FAIL\n", tests[i].spec_str);
+			ast_test_status_update(test, "original: %s\n", tests[i].input);
+			ast_test_status_update(test, "expected: %s\n", tests[i].output);
+			ast_test_status_update(test, "result: %s\n", tests[i].buf);
+			res = AST_TEST_FAIL;
+			continue;
+		}
 
-	/* Test with do_special_char enabled */
-	ast_uri_encode(in, out, sizeof(out), 1);
-	ast_test_status_update(test, "Output after enabling do_special_char:\n%s\n", out);
-	if (strcmp(expected1, out)) {
-		ast_test_status_update(test, "ENCODE DOES NOT MATCH EXPECTED, FAIL\n");
-		res = AST_TEST_FAIL;
+		ast_uri_decode(tests[i].buf, tests[i].spec);
+		if (strcmp(tests[i].decoded_output, tests[i].buf)) {
+			ast_test_status_update(test, "decoding with %s did not match the original input (or expected decoded output)\n", tests[i].spec_str);
+			ast_test_status_update(test, "original: %s\n", tests[i].input);
+			ast_test_status_update(test, "expected: %s\n", tests[i].decoded_output);
+			ast_test_status_update(test, "decoded: %s\n", tests[i].buf);
+			res = AST_TEST_FAIL;
+		}
 	}
 
-	/* Verify uri decode matches original */
-	ast_uri_decode(out);
-	if (strcmp(in, out)) {
-		ast_test_status_update(test, "Decoded string did not match original input\n");
-		res = AST_TEST_FAIL;
-	} else {
-		ast_test_status_update(test, "Decoded string matched original input\n");
-	}
+	return res;
+}
 
-	/* Test with do_special_char disabled */
-	out[0] = '\0';
-	ast_uri_encode(in, out, sizeof(out), 0);
-	ast_test_status_update(test, "Output after disabling do_special_char: %s\n", out);
-	if (strcmp(expected2, out)) {
-		ast_test_status_update(test, "ENCODE DOES NOT MATCH EXPECTED, FAIL\n");
-		res = AST_TEST_FAIL;
+AST_TEST_DEFINE(quoted_escape_test)
+{
+	int res = AST_TEST_PASS;
+	const char *in = "a\"bcdefg\"hijkl\\mnopqrs tuv\twxyz";
+	char out[256] = { 0 };
+	char small[4] = { 0 };
+	int i;
+
+	static struct {
+		char *buf;
+		const size_t buflen;
+
+		const char *output;
+	} tests[] = {
+		{0, sizeof(out),
+			"a\\\"bcdefg\\\"hijkl\\\\mnopqrs tuv\twxyz"},
+		{0, sizeof(small),
+			"a\\\""},
+	};
+
+	tests[0].buf = out;
+	tests[1].buf = small;
+
+	switch (cmd) {
+	case TEST_INIT:
+		info->name = "quoted_escape_test";
+		info->category = "/main/utils/";
+		info->summary = "escape a quoted string";
+		info->description = "Escape a string to be quoted and check the result.";
+		return AST_TEST_NOT_RUN;
+	case TEST_EXECUTE:
+		break;
 	}
 
-	/* Verify uri decode matches original */
-	ast_uri_decode(out);
-	if (strcmp(in, out)) {
-		ast_test_status_update(test, "Decoded string did not match original input\n");
-		res = AST_TEST_FAIL;
-	} else {
-		ast_test_status_update(test, "Decoded string matched original input\n");
+	for (i = 0; i < ARRAY_LEN(tests); i++) {
+		ast_escape_quoted(in, tests[i].buf, tests[i].buflen);
+		if (strcmp(tests[i].output, tests[i].buf)) {
+			ast_test_status_update(test, "ESCAPED DOES NOT MATCH EXPECTED, FAIL\n");
+			ast_test_status_update(test, "original: %s\n", in);
+			ast_test_status_update(test, "expected: %s\n", tests[i].output);
+			ast_test_status_update(test, "result: %s\n", tests[i].buf);
+			res = AST_TEST_FAIL;
+		}
 	}
 
 	return res;
@@ -348,6 +416,7 @@ AST_TEST_DEFINE(agi_loaded_test)
 static int unload_module(void)
 {
 	AST_TEST_UNREGISTER(uri_encode_decode_test);
+	AST_TEST_UNREGISTER(quoted_escape_test);
 	AST_TEST_UNREGISTER(md5_test);
 	AST_TEST_UNREGISTER(sha1_test);
 	AST_TEST_UNREGISTER(base64_test);
@@ -360,6 +429,7 @@ static int unload_module(void)
 static int load_module(void)
 {
 	AST_TEST_REGISTER(uri_encode_decode_test);
+	AST_TEST_REGISTER(quoted_escape_test);
 	AST_TEST_REGISTER(md5_test);
 	AST_TEST_REGISTER(sha1_test);
 	AST_TEST_REGISTER(base64_test);