Page MenuHomePhabricator
Differential D12155

Expand URI parser test coverage to include SafeCurl test cases
ClosedPublic
Actions

Authored by epriestley on Mar 25 2015, 11:41 AM.
Tags
None
Referenced Files
F17918633: D12155.id29217.diff
Wed, Jul 30, 1:25 AM
F17866649: D12155.id.diff
Mon, Jul 28, 4:50 AM
F17848919: D12155.diff
Sun, Jul 27, 7:55 AM
F17824699: D12155.diff
Sat, Jul 26, 5:39 AM
F17807294: D12155.id.diff
Fri, Jul 25, 2:46 PM
F17729144: D12155.diff
Sat, Jul 19, 6:05 PM
Unknown Object (File)
May 25 2025, 3:40 PM
Unknown Object (File)
May 21 2025, 4:00 AM
View All Files
Subscribers
epriestley

Details

Reviewers
btrahan
Maniphest Tasks
T6755: Allow more granular configuration of `security.allow-outbound-http`
Commits
rPHU7df0fc1297f9: Expand URI parser test coverage to include SafeCurl test cases
Summary

Ref T6755. See discussion at https://fin1te.net/articles/safecurl-capture-the-bitcoins-post-mortem/.

We already handle these cases safely, but add test coverage to underscore that.

Basically, in all these cases, we:

  • parse the ambiguous URI with parse_url(), which chooses some interpretation; then
  • emit an unambiguous URI which has only one reasonable interpretation.

So it's OK if we don't choose the same interpretation as cURL on ambiguous URIs, because we only pass unambiguous URIs to cURL.

Test Plan
  • Added and executed tests.
  • Performed fetches of these sorts of ambiguous URIs from the web UI and observed consistent behavior.

Diff Detail

Repository
rPHU libphutil
Branch
uritest
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 4972
Build 4990: [Placeholder Plan] Wait for 30 Seconds

Event Timeline

epriestley updated this revision to Diff 29217.Mar 25 2015, 11:41 AM
epriestley retitled this revision from to Expand URI parser test coverage to include SafeCurl test cases.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: btrahan.
epriestley added a task: T6755: Allow more granular configuration of `security.allow-outbound-http`.
Herald added a subscriber: epriestley. · View Herald TranscriptMar 25 2015, 11:41 AM
epriestley mentioned this in T6755: Allow more granular configuration of `security.allow-outbound-http`.Mar 25 2015, 11:42 AM
btrahan accepted this revision.Mar 25 2015, 5:00 PM
btrahan edited edge metadata.
This revision is now accepted and ready to land.Mar 25 2015, 5:00 PM
Closed by commit rPHU7df0fc1297f9: Expand URI parser test coverage to include SafeCurl test cases (authored by epriestley, committed by epriestley). · Explain WhyMar 25 2015, 5:21 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
parser/
__tests__/
26 lines

Diff 29217

View Options

src/parser/__tests__/PhutilURITestCase.php

Loading...
Phabricator · Built by Phacility