mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-02-04 10:07:27 -05:00
11422cc572
`evhttp_uri_parse` can return a nullptr, for example when the URI contains invalid characters (e.g. "%"). `GetQueryParameterFromUri` passes the output of `evhttp_uri_parse` straight into `evhttp_uri_get_query`, which means that anyone calling a REST endpoint in which query parameters are used (e.g. `rest_headers`) can cause a segfault. This bugfix is designed to be minimal and without additional behaviour change. Follow-up work should be done to resolve this in a more general and robust way, so not every endpoint has to handle it individually.
42 lines
1.8 KiB
C++
42 lines
1.8 KiB
C++
// Copyright (c) 2012-2022 The Bitcoin Core developers
|
|
// Distributed under the MIT software license, see the accompanying
|
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
|
|
|
#include <httpserver.h>
|
|
#include <test/util/setup_common.h>
|
|
|
|
#include <boost/test/unit_test.hpp>
|
|
|
|
BOOST_FIXTURE_TEST_SUITE(httpserver_tests, BasicTestingSetup)
|
|
|
|
BOOST_AUTO_TEST_CASE(test_query_parameters)
|
|
{
|
|
std::string uri {};
|
|
|
|
// No parameters
|
|
uri = "localhost:8080/rest/headers/someresource.json";
|
|
BOOST_CHECK(!GetQueryParameterFromUri(uri.c_str(), "p1").has_value());
|
|
|
|
// Single parameter
|
|
uri = "localhost:8080/rest/endpoint/someresource.json?p1=v1";
|
|
BOOST_CHECK_EQUAL(GetQueryParameterFromUri(uri.c_str(), "p1").value(), "v1");
|
|
BOOST_CHECK(!GetQueryParameterFromUri(uri.c_str(), "p2").has_value());
|
|
|
|
// Multiple parameters
|
|
uri = "/rest/endpoint/someresource.json?p1=v1&p2=v2";
|
|
BOOST_CHECK_EQUAL(GetQueryParameterFromUri(uri.c_str(), "p1").value(), "v1");
|
|
BOOST_CHECK_EQUAL(GetQueryParameterFromUri(uri.c_str(), "p2").value(), "v2");
|
|
|
|
// If the query string contains duplicate keys, the first value is returned
|
|
uri = "/rest/endpoint/someresource.json?p1=v1&p1=v2";
|
|
BOOST_CHECK_EQUAL(GetQueryParameterFromUri(uri.c_str(), "p1").value(), "v1");
|
|
|
|
// Invalid query string syntax is the same as not having parameters
|
|
uri = "/rest/endpoint/someresource.json&p1=v1&p2=v2";
|
|
BOOST_CHECK(!GetQueryParameterFromUri(uri.c_str(), "p1").has_value());
|
|
|
|
// URI with invalid characters (%) raises a runtime error regardless of which query parameter is queried
|
|
uri = "/rest/endpoint/someresource.json&p1=v1&p2=v2%";
|
|
BOOST_CHECK_EXCEPTION(GetQueryParameterFromUri(uri.c_str(), "p1"), std::runtime_error, HasReason("URI parsing failed, it likely contained RFC 3986 invalid characters"));
|
|
}
|
|
BOOST_AUTO_TEST_SUITE_END()
|