Page MenuHomePhabricator
Differential D12155

Expand URI parser test coverage to include SafeCurl test cases
ClosedPublic
Actions

Authored by epriestley on Mar 25 2015, 11:41 AM.
Tags
None
Referenced Files
F18370165: D12155.id.diff
Thu, Aug 28, 3:18 AM
F17918633: D12155.id29217.diff
Jul 30 2025, 1:25 AM
F17866649: D12155.id.diff
Jul 28 2025, 4:50 AM
F17848919: D12155.diff
Jul 27 2025, 7:55 AM
F17824699: D12155.diff
Jul 26 2025, 5:39 AM
F17807294: D12155.id.diff
Jul 25 2025, 2:46 PM
F17729144: D12155.diff
Jul 19 2025, 6:05 PM
Unknown Object (File)
May 25 2025, 3:40 PM
View All Files
Subscribers
epriestley

Details

Reviewers
btrahan
Maniphest Tasks
T6755: Allow more granular configuration of `security.allow-outbound-http`
Commits
rPHU7df0fc1297f9: Expand URI parser test coverage to include SafeCurl test cases
Summary

Ref T6755. See discussion at https://fin1te.net/articles/safecurl-capture-the-bitcoins-post-mortem/.

We already handle these cases safely, but add test coverage to underscore that.

Basically, in all these cases, we:

  • parse the ambiguous URI with parse_url(), which chooses some interpretation; then
  • emit an unambiguous URI which has only one reasonable interpretation.

So it's OK if we don't choose the same interpretation as cURL on ambiguous URIs, because we only pass unambiguous URIs to cURL.

Test Plan
  • Added and executed tests.
  • Performed fetches of these sorts of ambiguous URIs from the web UI and observed consistent behavior.

Diff Detail

Repository
rPHU libphutil
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley updated this revision to Diff 29217.Mar 25 2015, 11:41 AM
epriestley retitled this revision from to Expand URI parser test coverage to include SafeCurl test cases.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: btrahan.
epriestley added a task: T6755: Allow more granular configuration of `security.allow-outbound-http`.
Herald added a subscriber: epriestley. · View Herald TranscriptMar 25 2015, 11:41 AM
epriestley mentioned this in T6755: Allow more granular configuration of `security.allow-outbound-http`.Mar 25 2015, 11:42 AM
btrahan accepted this revision.Mar 25 2015, 5:00 PM
btrahan edited edge metadata.
This revision is now accepted and ready to land.Mar 25 2015, 5:00 PM
Closed by commit rPHU7df0fc1297f9: Expand URI parser test coverage to include SafeCurl test cases (authored by epriestley, committed by epriestley). · Explain WhyMar 25 2015, 5:21 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
parser/
__tests__/
26 lines

Diff 29227

View Options

src/parser/__tests__/PhutilURITestCase.php

Loading...
Phabricator · Built by Phacility