From 85affab04d1326c5ab44856288c80990d805bd51 Mon Sep 17 00:00:00 2001 From: Thomas Buckley-Houston Date: Wed, 11 Jul 2018 16:36:19 +0800 Subject: [PATCH] Collapse recursive URLs to the HTML service Eg; https://html.brow.sh/https://html.brow.sh/google.com jsut becomes google.com --- interfacer/src/browsh/raw_text_server.go | 19 +++++++++ interfacer/src/browsh/raw_text_server_test.go | 41 +++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 interfacer/src/browsh/raw_text_server_test.go diff --git a/interfacer/src/browsh/raw_text_server.go b/interfacer/src/browsh/raw_text_server.go index 5c6ab34..d9043cf 100644 --- a/interfacer/src/browsh/raw_text_server.go +++ b/interfacer/src/browsh/raw_text_server.go @@ -78,7 +78,14 @@ func (h *slashFix) ServeHTTP(w http.ResponseWriter, r *http.Request) { func handleHTTPServerRequest(w http.ResponseWriter, r *http.Request) { var message string + var isErrored bool urlForBrowsh, _ := url.PathUnescape(strings.TrimPrefix(r.URL.Path, "/")) + urlForBrowsh, isErrored = deRecurseURL(urlForBrowsh) + if isErrored { + message = "Invalid URL" + io.WriteString(w, message) + return + } if isProductionHTTP(r) { http.Redirect(w, r, "https://" + r.Host + "/" + urlForBrowsh, 301) return @@ -112,6 +119,18 @@ func handleHTTPServerRequest(w http.ResponseWriter, r *http.Request) { waitForResponse(rawTextRequestID, w) } +// Prevent https://html.brow.sh/html.brow.sh/... being recursive +func deRecurseURL(urlForBrowsh string) (string, bool) { + nestedURL, err := url.Parse(urlForBrowsh) + if err != nil { + return urlForBrowsh, false + } + if nestedURL.Host != "html.brow.sh" && nestedURL.Host != "text.brow.sh" { + return urlForBrowsh, false + } + return deRecurseURL(strings.TrimPrefix(nestedURL.RequestURI(), "/")) +} + func isDisallowedURL(urlForBrowsh string) bool { r, _ := regexp.Compile("[mail|accounts].google.com") return r.MatchString(urlForBrowsh) diff --git a/interfacer/src/browsh/raw_text_server_test.go b/interfacer/src/browsh/raw_text_server_test.go new file mode 100644 index 0000000..508fe4a --- /dev/null +++ b/interfacer/src/browsh/raw_text_server_test.go @@ -0,0 +1,41 @@ +package browsh + +import ( + "testing" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +func TestRawTextServer(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "Raw text server tests") +} + +var _ = Describe("Raw text server", func() { + Describe("De-recursing URLs", func() { + It("should not do anything to normal URLs", func() { + testURL := "https://google.com/path?q=hey" + url, _ := deRecurseURL(testURL) + Expect(url).To(Equal(testURL)) + }) + It("should de-recurse a single level", func() { + testURL := "https://html.brow.sh/word" + url, _ := deRecurseURL(testURL) + Expect(url).To(Equal("word")) + }) + It("should de-recurse a multi level recurse without a URL ending", func() { + testURL := "https://html.brow.sh/https://html.brow.sh" + url, _ := deRecurseURL(testURL) + Expect(url).To(Equal("")) + }) + It("should de-recurse a multi level recurse with a URL ending", func() { + google := "https://google.com/path?q=hey" + testURL := "https://html.brow.sh/https://html.brow.sh/" + google + url, _ := deRecurseURL(testURL) + Expect(url).To(Equal(google)) + }) + }) +}) + +