summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2013-09-02 21:34:09 +0200
committermakefu <github@syntax-fehler.de>2013-09-02 21:34:09 +0200
commit4a150dd91c25ff36e1604fedb5354033d90a2049 (patch)
tree61a312e673386b9f1e71c66147141e8648ab407f
parent4f8ac29f0ca730d48212282605cd61c654a42529 (diff)
sanitize uriparse output
-rwxr-xr-xutil/bin/uriparse16
-rwxr-xr-xutil/t/uriparse/parse-retard-uri13
-rwxr-xr-xutil/t/uriparse/parse-url5
3 files changed, 24 insertions, 10 deletions
diff --git a/util/bin/uriparse b/util/bin/uriparse
index 685b1ab1..b16bd9c8 100755
--- a/util/bin/uriparse
+++ b/util/bin/uriparse
@@ -1,6 +1,6 @@
#!/usr/bin/python
-import os
-from sys import argv,exit
+from sys import argv, exit
+
def uri_parser(uri):
try:
@@ -17,12 +17,12 @@ if __name__ == "__main__":
print('usage: %s URI')
exit(1)
u = uri_parser(uri)
-
- print('SCHEME="%s"' % u.scheme)
+
+ print("SCHEME='%s'" % u.scheme.replace("'", "'\\''"))
if u.username:
- print('USERNAME="%s"' % u.username)
+ print("USERNAME='%s'" % u.username.replace("'", "'\\''"))
if u.password:
- print('PASSWORD="%s"' % u.password)
+ print("PASSWORD='%s'" % u.password.replace("'", "'\\''"))
if u.path:
- print('URIPATH="%s"' % u.path)
- print('HOSTNAME="%s"' % u.hostname)
+ print("URIPATH='%s'" % u.path.replace("'", "'\\''"))
+ print("HOSTN='%s'" % u.hostname.replace("'", "'\\''"))
diff --git a/util/t/uriparse/parse-retard-uri b/util/t/uriparse/parse-retard-uri
new file mode 100755
index 00000000..14aab28e
--- /dev/null
+++ b/util/t/uriparse/parse-retard-uri
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -euf
+tempfile="`mktemp /tmp/test.XXXXXXXX`"
+trap "/bin/rm -f $tempfile" EXIT INT
+
+uriparse "http://'lolwut:\"khan@domain.tld/'''" > $tempfile
+. $tempfile
+[ $HOSTN == "domain.tld" ] && \
+ [ "$USERNAME" == "'lolwut" ] && \
+ [ "$PASSWORD" == '"khan' ] && \
+ [ "$URIPATH" == "/'''" ]
+
+
diff --git a/util/t/uriparse/parse-url b/util/t/uriparse/parse-url
index 153afb4a..b0c926ca 100755
--- a/util/t/uriparse/parse-url
+++ b/util/t/uriparse/parse-url
@@ -3,10 +3,11 @@ set -euf
tempfile="`mktemp /tmp/test.XXXXXXXX`"
trap "/bin/rm -f $tempfile" EXIT INT
-urlparse "http://user:pass@domain.tld/path" > $tempfile
+uriparse "http://user:pass@domain.tld/path" > $tempfile
. $tempfile
-[ $HOSTNAME == "domain.tld" ] && \
+[ $HOSTN == "domain.tld" ] && \
[ $USERNAME == "user" ] && \
[ $PASSWORD == "pass" ] && \
[ $URIPATH == "/path" ]
+