From e7ec04ba1d12b4da9688c2c5ab39bce95c7d406e Mon Sep 17 00:00:00 2001 From: Philipp Thun Date: Thu, 23 Jan 2025 14:12:16 +0100 Subject: [PATCH] Use RFC2396 URI parser As a side-effect of updating activesupport to v8, the uri gem was added with its latest version (1.0.2). Since v1 the default URI parser was switched from RFC2396 to RFC3986. Thus the following changes were done: - URI::DEFAULT_PARSER replaced with URI::RFC2396_PARSER - URI::REGEXP replaced with URI::RFC2396_REGEXP - As some other gems (e.g. fog-local) wrongly assume that URI::DEFAULT_PARSER is the RFC2396 variant, the default parser was changed with a monkey patch. --- app/messages/validators/url_validator.rb | 2 +- lib/cloud_controller.rb | 8 ++++++++ lib/cloud_controller/config.rb | 2 +- lib/sequel_plugins/vcap_validations.rb | 2 +- lib/utils/uri_utils.rb | 2 +- lib/vcap/rest_api/message.rb | 6 +++--- 6 files changed, 15 insertions(+), 7 deletions(-) diff --git a/app/messages/validators/url_validator.rb b/app/messages/validators/url_validator.rb index 0b68efa89e9..0e2b98ebbc4 100644 --- a/app/messages/validators/url_validator.rb +++ b/app/messages/validators/url_validator.rb @@ -4,7 +4,7 @@ module VCAP::CloudController::Validators class UrlValidator < ActiveModel::Validator def validate(record) - if URI::DEFAULT_PARSER.make_regexp(%w[https http]).match?(record.url.to_s) + if URI::RFC2396_PARSER.make_regexp(%w[https http]).match?(record.url.to_s) record.errors.add(:url, 'must not contain authentication') if URI(record.url).user else record.errors.add(:url, "'#{record.url}' must be a valid url") diff --git a/lib/cloud_controller.rb b/lib/cloud_controller.rb index 7c4965dd80a..2edebf69a5f 100644 --- a/lib/cloud_controller.rb +++ b/lib/cloud_controller.rb @@ -117,3 +117,11 @@ module VCAP::CloudController; end require 'cloud_controller/errands/rotate_database_key' require 'services' + +# Switch default URI parser globally as some other gems (e.g. fog-local) wrongly assume that URI::DEFAULT_PARSER is the RFC2396 variant. +module URI + remove_const(:DEFAULT_PARSER) if const_defined?(:DEFAULT_PARSER) + const_set(:DEFAULT_PARSER, RFC2396_PARSER) + + self.parser = RFC2396_PARSER +end diff --git a/lib/cloud_controller/config.rb b/lib/cloud_controller/config.rb index 51e6b1573a4..329a6678065 100644 --- a/lib/cloud_controller/config.rb +++ b/lib/cloud_controller/config.rb @@ -95,7 +95,7 @@ def escape_userinfo(value) end def valid_in_userinfo?(value) - URI::REGEXP::PATTERN::USERINFO.match(value) + URI::RFC2396_REGEXP::PATTERN::USERINFO.match(value) end end diff --git a/lib/sequel_plugins/vcap_validations.rb b/lib/sequel_plugins/vcap_validations.rb index 7be89e97f60..be177799aeb 100644 --- a/lib/sequel_plugins/vcap_validations.rb +++ b/lib/sequel_plugins/vcap_validations.rb @@ -6,7 +6,7 @@ module InstanceMethods def validates_url(attr, opts={}) return unless send(attr) - validates_format(URI::DEFAULT_PARSER.make_regexp(%w[http https]), attr, message: opts.fetch(:message, :url)) + validates_format(URI::RFC2396_PARSER.make_regexp(%w[http https]), attr, message: opts.fetch(:message, :url)) end end end diff --git a/lib/utils/uri_utils.rb b/lib/utils/uri_utils.rb index a8ffc724379..18b946c0be0 100644 --- a/lib/utils/uri_utils.rb +++ b/lib/utils/uri_utils.rb @@ -8,7 +8,7 @@ module UriUtils class InvalidDockerURI < StandardError; end def self.is_uri?(candidate) - !!(candidate.is_a?(String) && /\A#{URI::DEFAULT_PARSER.make_regexp}\Z/ =~ candidate && URI(candidate)) + !!(candidate.is_a?(String) && /\A#{URI::RFC2396_PARSER.make_regexp}\Z/ =~ candidate && URI(candidate)) rescue StandardError false end diff --git a/lib/vcap/rest_api/message.rb b/lib/vcap/rest_api/message.rb index bdd26401109..efe3afe84e4 100644 --- a/lib/vcap/rest_api/message.rb +++ b/lib/vcap/rest_api/message.rb @@ -55,9 +55,9 @@ def self.schema_doc(schema) schema.deparse end - URL = UrlDecorator.new(URI::DEFAULT_PARSER.make_regexp(%w[http https])) - HTTPS_URL = HttpsUrlDecorator.new(URI::DEFAULT_PARSER.make_regexp('https')) - GIT_URL = GitUrlDecorator.new(URI::DEFAULT_PARSER.make_regexp(%w[http https git])) + URL = UrlDecorator.new(URI::RFC2396_PARSER.make_regexp(%w[http https])) + HTTPS_URL = HttpsUrlDecorator.new(URI::RFC2396_PARSER.make_regexp('https')) + GIT_URL = GitUrlDecorator.new(URI::RFC2396_PARSER.make_regexp(%w[http https git])) # The block will be evaluated in the context of the schema validator used # by class `JsonMessage` viz. `Membrane`.