Boost
C++ Libraries
...one of the most highly
regarded and expertly designed C++ library projects in the
world.
— Herb Sutter and Andrei
Alexandrescu, C++
Coding Standards
Boost
C++ Libraries
...one of the most highly
regarded and expertly designed C++ library projects in the
world.
— Herb Sutter and Andrei
Alexandrescu, C++
Coding Standards
This example parses a non-strict or invalid URL into path components according to its delimiters. This pattern can be adapted to the requirements of other applications.
Once the non-strict components are determined, a new URL is created and its
parts are set with the set_encoded_X
functions, which will encode any invalid chars accordingly.
This sort of transformation is useful in applications that are extremely loose in what kinds of URLs they accept, such as browsers. The sanitized URL can later be used for machine-to-machine communication.
Using non-strict URLs directly is a security concern in machine-to-machine communication, is ambiguous, and also involve an extra cost for the transformations.
Different transformations are required by different applications to construct a valid URL appropriate for machine-to-machine communication. For instance, if an invalid relative reference includes something that looks like a host in the first path segment, browsers usually interpret that as the host with an implicit "https" scheme. Other applications also have other implicit schemes.
The example also identifies whether the input url is already valid. It includes diagnostics that can be used to help the user determine if a URL is invalid and why it's invalid.
Once all transformations are applied, the result is a URL appropriate for machine-to-machine communication.
/* This example parses a non-strict / invalid URL into path components according to its delimiters. This pattern can be adapted to the requirements of other applications. Once the non-strict components are determined, a new URL is created and its parts are set with the set_encoded_X functions, which will encode any invalid chars accordingly. This sort of transformation is useful in applications that are extremely loose in what kinds of URLs they accept, such as browsers. The sanitized URL can later be used for machine-to-machine communication. Using non-strict URLs directly is a security concern in machine-to-machine communication, is ambiguous, and also involve an extra cost for the transformations. Different transformations are required by different applications to construct a valid URL appropriate for machine-to-machine communication. For instance, if an invalid relative reference includes something that looks like a host in the first path segment, browsers usually interpret that as the host with an implicit "https" scheme. Other applications also have other implicit schemes. The example also identifies whether the input url is already valid. It includes diagnostics that can be used to help the user determine if a URL is invalid and why it's invalid. Once all transformations are applied, the result is a URL appropriate for machine-to-machine communication. */ #include <boost/url/url.hpp> #include <boost/url/parse.hpp> #include <boost/url/parse_path.hpp> #include <boost/url/string_view.hpp> #include <boost/url/grammar/alpha_chars.hpp> #include <boost/url/grammar/charset.hpp> #include <boost/url/grammar/digit_chars.hpp> #include <boost/url/grammar/lut_chars.hpp> #include <algorithm> #include <iostream> #include <array> namespace urls = boost::urls; namespace core = boost::core; struct url_components { core::string_view scheme; core::string_view user; core::string_view password; core::string_view hostname; core::string_view port; core::string_view path; core::string_view query; core::string_view fragment; }; core::string_view port_of_scheme(core::string_view scheme_str) { static std::array<std::pair<core::string_view, core::string_view>, 21> scheme_ports = {{ {"http", "80"}, {"ftp", "21"}, {"https", "443"}, {"gopher", "70"}, {"ldap", "389"}, {"nntp", "119"}, {"snews", "563"}, {"imap", "143"}, {"pop", "110"}, {"sip", "5060"}, {"rtsp", "554"}, {"wais", "210"}, {"z39.50r", "210"}, {"z39.50s", "210"}, {"prospero", "191"}, {"nfs", "2049"}, {"tip", "3372"}, {"acap", "674"}, {"telnet", "23"}, {"ssh", "22"}, {"", "65535"} }}; auto iequals = [](core::string_view a, core::string_view b) { if (b.size() != a.size()) { return false; } for (unsigned int i = 0; i < a.size(); ++i) { if (std::tolower(a[i]) != std::tolower(b[i])) { return false; } } return true; }; auto const& it = std::find_if( scheme_ports.begin(), scheme_ports.end(), [&](std::pair<core::string_view, core::string_view> const& s) { return iequals(s.first, scheme_str); }); if (it != scheme_ports.end()) { return it->second; } else { return {}; } } void extract_relative_ref( core::string_view hostinfo_relative, url_components &out) { // split path and query#fragment constexpr urls::grammar::lut_chars path_end_chars("?#\0"); auto it = urls::grammar::find_if( hostinfo_relative.begin(), hostinfo_relative.end(), path_end_chars); core::string_view query_and_frag = hostinfo_relative.substr(it - hostinfo_relative.begin()); if (query_and_frag != hostinfo_relative) out.path = hostinfo_relative.substr( 0, query_and_frag.data() - hostinfo_relative.data()); if (query_and_frag.empty()) return; // ?query#fragment if (query_and_frag.front() == '?') { query_and_frag = query_and_frag.substr(1); core::string_view::size_type hash_pos = query_and_frag.find('#'); if (hash_pos != core::string_view::npos) { core::string_view fragment_part = query_and_frag.substr(hash_pos); out.fragment = fragment_part.substr(1); out.query = query_and_frag.substr( 0, fragment_part.data() - query_and_frag.data()); } else { out.query = query_and_frag; } return; } // fragment out.fragment = query_and_frag.substr(1); } void extract_userinfo_relative( core::string_view relative_ref, core::string_view userinfo_relative, core::string_view host_info, url_components& out) { // We expect userinfo_relative to point to the first character of // the hostname. If there's a port it is the first colon, // except with IPv6. auto host_end_pos = host_info.find(':'); if (host_end_pos == core::string_view::npos) { // definitely no port out.hostname = userinfo_relative.substr( 0, relative_ref.data() - userinfo_relative.data()); return extract_relative_ref(relative_ref, out); } // extract hostname and port out.hostname = userinfo_relative.substr(0, host_end_pos); core::string_view host_relative = userinfo_relative.substr(host_end_pos + 1); out.port = host_relative.substr(0, relative_ref.data() - host_relative.data()); // validate port bool const valid_port = urls::grammar::find_if_not( out.port.begin(), out.port.end(), urls::grammar::digit_chars) == out.port.end(); if (!valid_port) { // move port to hostname where it can be encoded out.hostname = {out.hostname.begin(), out.port.end()}; out.port = {}; } extract_relative_ref(relative_ref, out); if (out.port.empty() && !out.scheme.empty()) out.port = port_of_scheme(out.scheme); } void extract_scheme_relative( core::string_view scheme_relative, url_components &out) { // hostinfo constexpr urls::grammar::lut_chars hostinfo_end_chars("/?#\0"); auto it = urls::grammar::find_if( scheme_relative.begin(), scheme_relative.end(), hostinfo_end_chars); auto path_offset = (std::min)( scheme_relative.size(), static_cast<std::size_t>(it - scheme_relative.begin())); core::string_view host_info = scheme_relative.substr(0, path_offset); // userinfo core::string_view relative_ref = scheme_relative.substr(path_offset); auto host_offset = host_info.find_last_of('@'); if (host_offset == core::string_view::npos) return extract_userinfo_relative( relative_ref, scheme_relative, host_info, out); // password core::string_view userinfo_at_relative = scheme_relative.substr(host_offset); core::string_view userinfo(host_info.data(), userinfo_at_relative.data() - host_info.data()); auto password_offset = std::min(userinfo.size(), userinfo.find(':')); if (password_offset != userinfo.size()) { out.user = scheme_relative.substr(0, password_offset); core::string_view password = scheme_relative.substr(password_offset + 1); out.password = password.substr(0, userinfo_at_relative.data() - password.data()); } else { out.user = scheme_relative.substr(0, userinfo_at_relative.data() - scheme_relative.data()); } // userinfo-relative core::string_view userinfo_relative = userinfo_at_relative.substr(1); it = urls::grammar::find_if( userinfo_relative.begin(), userinfo_relative.end(), hostinfo_end_chars); path_offset = (std::min)( userinfo_relative.size(), static_cast<std::size_t>(it - userinfo_relative.begin())); host_info = userinfo_relative.substr(0, path_offset); extract_userinfo_relative( relative_ref, userinfo_relative, host_info, out); } void extract_uri_components( core::string_view s, url_components &out) { if (s.starts_with("//") && !s.starts_with("///")) { return extract_scheme_relative(s.substr(2), out); } if (s.starts_with('/')) { return extract_relative_ref(s, out); } // extract scheme // first char in a scheme must be letter (we accept uppercase here) bool has_scheme = false; if (!s.empty() && urls::grammar::alpha_chars(s.front())) { constexpr urls::grammar::lut_chars scheme_chars( "0123456789+-.ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"); char const* it = urls::grammar::find_if_not( s.begin() + 1, s.end(), scheme_chars); size_t scheme_size = (std::min)( s.size(), static_cast<std::size_t>(it - s.begin())); // scheme must be non-empty and followed by ':' if (s.size() > scheme_size && s[scheme_size] == ':') { out.scheme = s.substr(0, scheme_size); has_scheme = true; } } // The usual route, parse scheme first core::string_view scheme_relative = s; if (has_scheme) { scheme_relative = s.substr(out.scheme.size() + 1); } const bool has_authority = scheme_relative.starts_with("//"); if (has_authority) { scheme_relative = scheme_relative.substr(2); return extract_scheme_relative(scheme_relative, out); } const bool is_relative_ref = !has_scheme && !has_authority; if (is_relative_ref) { // this is the trick browsers usually apply when 1) there's no // authority because the "//" is missing, 2) the scheme is also missing, // and 3) the first path segment looks like an authority // // This behavior is widespread, although it's ambiguous because valid // host characters are also valid path characters. // // It's this rule that allows for things like "www.boost.org" in the // browser. This is an invalid URL because it has no "//" to indicate // this is the authority and "www.boost.org" is a perfectly valid // path segment. auto first_seg_offset = (std::min)(s.size(), s.find_first_of('/')); core::string_view first_seg = s.substr(0, first_seg_offset); auto host_delimiter_pos = first_seg.find_first_of(".:"); bool const looks_like_authority = urls::parse_authority(first_seg) && host_delimiter_pos != core::string_view::npos && host_delimiter_pos != first_seg.size() - 1; if (looks_like_authority) return extract_scheme_relative(s, out); // if the first_seg is really a seg, parse as relative ref return extract_relative_ref(s, out); } // all that's left is a relative path return extract_relative_ref(scheme_relative, out); } void sanitize_uri(core::string_view s, urls::url_base& dest) { url_components o; dest.clear(); extract_uri_components(s, o); if (o.scheme.data()) dest.set_scheme(o.scheme); if (o.user.data()) dest.set_encoded_user(o.user); if (o.password.data()) dest.set_encoded_password(o.password); if (o.hostname.data()) dest.set_encoded_host(o.hostname); if (o.port.data()) dest.set_port(o.port); if (o.path.data()) dest.set_encoded_path(o.path); if (o.query.data()) dest.set_encoded_query(o.query); if (o.fragment.data()) dest.set_encoded_fragment(o.fragment); } urls::url sanitize_uri(core::string_view s) { urls::url u; sanitize_uri(s, u); return u; } void print_url_components(urls::url_view u) { std::cout << "url: " << u.buffer() << '\n'; if (u.has_scheme()) std::cout << "scheme: " << u.scheme() << '\n'; if (u.has_userinfo()) std::cout << "user: " << u.encoded_user() << '\n'; if (u.has_password()) std::cout << "password: " << u.encoded_password() << '\n'; if (u.has_authority()) std::cout << "hostname: " << u.encoded_host() << '\n'; if (u.has_port()) std::cout << "port: " << u.port() << '\n'; std::cout << "path: " << u.encoded_path() << '\n'; std::cout << "segments:\n"; for (auto seg: u.encoded_segments()) std::cout << "- " << seg << '\n'; if (u.has_query()) std::cout << "query: " << u.encoded_query() << '\n'; std::cout << "params:\n"; for (auto param: u.encoded_params()) { if (param.has_value) std::cout << "- " << param.key << ": " << param.value << '\n'; else std::cout << "- " << param.key << '\n'; } if (u.has_fragment()) std::cout << "fragment: " << u.encoded_fragment() << '\n'; } int main(int argc, char **argv) { if (argc != 2) { core::string_view exec = argv[0]; auto p = exec.find_last_of("/\\"); if (p != core::string_view::npos) exec = exec.substr(p); std::cerr << "Usage: " << exec << " <url>\n" "target: a non-strict url\n"; return EXIT_FAILURE; } core::string_view uri_str = argv[1]; boost::system::result<urls::url_view> ru = urls::parse_uri_reference(uri_str); if (ru) { urls::url_view u = *ru; if (u.has_scheme() && u.has_fragment()) std::cout << "Input is a valid URL\n"; else if (u.has_scheme()) std::cout << "Input is a valid absolute URL\n"; else std::cout << "Input is a valid relative URL\n"; print_url_components(u); return EXIT_SUCCESS; } std::cout << "Sanitizing URL:\n"; std::cout << "input: " << uri_str << '\n'; urls::url u = sanitize_uri(uri_str); print_url_components(u); return EXIT_SUCCESS; }