arnaucube
/
derosuite
mirror of https://github.com/arnaucube/derosuite.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17 Commits
1 Branch
0 Tags
68 MiB
Tree: 222cdca240
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '222cdca240'
${ noResults }
derosuite/vendor/golang.org/x/net/lex/httplex/httplex.go

351 lines
9.1 KiB
Raw Normal View History

Status update release 1
6 years ago
  1. // Copyright 2016 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  5. // Package httplex contains rules around lexical matters of various
  6. // HTTP-related specifications.
  7. //
  8. // This package is shared by the standard library (which vendors it)
  9. // and x/net/http2. It comes with no API stability promise.
  10. package httplex
  12. import (
  13. "net"
  14. "strings"
  15. "unicode/utf8"
  17. "golang.org/x/net/idna"
  18. )
  20. var isTokenTable = [127]bool{
  21. '!': true,
  22. '#': true,
  23. '$': true,
  24. '%': true,
  25. '&': true,
  26. '\'': true,
  27. '*': true,
  28. '+': true,
  29. '-': true,
  30. '.': true,
  31. '0': true,
  32. '1': true,
  33. '2': true,
  34. '3': true,
  35. '4': true,
  36. '5': true,
  37. '6': true,
  38. '7': true,
  39. '8': true,
  40. '9': true,
  41. 'A': true,
  42. 'B': true,
  43. 'C': true,
  44. 'D': true,
  45. 'E': true,
  46. 'F': true,
  47. 'G': true,
  48. 'H': true,
  49. 'I': true,
  50. 'J': true,
  51. 'K': true,
  52. 'L': true,
  53. 'M': true,
  54. 'N': true,
  55. 'O': true,
  56. 'P': true,
  57. 'Q': true,
  58. 'R': true,
  59. 'S': true,
  60. 'T': true,
  61. 'U': true,
  62. 'W': true,
  63. 'V': true,
  64. 'X': true,
  65. 'Y': true,
  66. 'Z': true,
  67. '^': true,
  68. '_': true,
  69. '`': true,
  70. 'a': true,
  71. 'b': true,
  72. 'c': true,
  73. 'd': true,
  74. 'e': true,
  75. 'f': true,
  76. 'g': true,
  77. 'h': true,
  78. 'i': true,
  79. 'j': true,
  80. 'k': true,
  81. 'l': true,
  82. 'm': true,
  83. 'n': true,
  84. 'o': true,
  85. 'p': true,
  86. 'q': true,
  87. 'r': true,
  88. 's': true,
  89. 't': true,
  90. 'u': true,
  91. 'v': true,
  92. 'w': true,
  93. 'x': true,
  94. 'y': true,
  95. 'z': true,
  96. '|': true,
  97. '~': true,
  98. }
  100. func IsTokenRune(r rune) bool {
  101. i := int(r)
  102. return i < len(isTokenTable) && isTokenTable[i]
  103. }
  105. func isNotToken(r rune) bool {
  106. return !IsTokenRune(r)
  107. }
  109. // HeaderValuesContainsToken reports whether any string in values
  110. // contains the provided token, ASCII case-insensitively.
  111. func HeaderValuesContainsToken(values []string, token string) bool {
  112. for _, v := range values {
  113. if headerValueContainsToken(v, token) {
  114. return true
  115. }
  116. }
  117. return false
  118. }
  120. // isOWS reports whether b is an optional whitespace byte, as defined
  121. // by RFC 7230 section 3.2.3.
  122. func isOWS(b byte) bool { return b == ' ' || b == '\t' }
  124. // trimOWS returns x with all optional whitespace removes from the
  125. // beginning and end.
  126. func trimOWS(x string) string {
  127. // TODO: consider using strings.Trim(x, " \t") instead,
  128. // if and when it's fast enough. See issue 10292.
  129. // But this ASCII-only code will probably always beat UTF-8
  130. // aware code.
  131. for len(x) > 0 && isOWS(x[0]) {
  132. x = x[1:]
  133. }
  134. for len(x) > 0 && isOWS(x[len(x)-1]) {
  135. x = x[:len(x)-1]
  136. }
  137. return x
  138. }
  140. // headerValueContainsToken reports whether v (assumed to be a
  141. // 0#element, in the ABNF extension described in RFC 7230 section 7)
  142. // contains token amongst its comma-separated tokens, ASCII
  143. // case-insensitively.
  144. func headerValueContainsToken(v string, token string) bool {
  145. v = trimOWS(v)
  146. if comma := strings.IndexByte(v, ','); comma != -1 {
  147. return tokenEqual(trimOWS(v[:comma]), token) || headerValueContainsToken(v[comma+1:], token)
  148. }
  149. return tokenEqual(v, token)
  150. }
  152. // lowerASCII returns the ASCII lowercase version of b.
  153. func lowerASCII(b byte) byte {
  154. if 'A' <= b && b <= 'Z' {
  155. return b + ('a' - 'A')
  156. }
  157. return b
  158. }
  160. // tokenEqual reports whether t1 and t2 are equal, ASCII case-insensitively.
  161. func tokenEqual(t1, t2 string) bool {
  162. if len(t1) != len(t2) {
  163. return false
  164. }
  165. for i, b := range t1 {
  166. if b >= utf8.RuneSelf {
  167. // No UTF-8 or non-ASCII allowed in tokens.
  168. return false
  169. }
  170. if lowerASCII(byte(b)) != lowerASCII(t2[i]) {
  171. return false
  172. }
  173. }
  174. return true
  175. }
  177. // isLWS reports whether b is linear white space, according
  178. // to http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
  179. // LWS = [CRLF] 1*( SP | HT )
  180. func isLWS(b byte) bool { return b == ' ' || b == '\t' }
  182. // isCTL reports whether b is a control byte, according
  183. // to http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
  184. // CTL = <any US-ASCII control character
  185. // (octets 0 - 31) and DEL (127)>
  186. func isCTL(b byte) bool {
  187. const del = 0x7f // a CTL
  188. return b < ' ' || b == del
  189. }
  191. // ValidHeaderFieldName reports whether v is a valid HTTP/1.x header name.
  192. // HTTP/2 imposes the additional restriction that uppercase ASCII
  193. // letters are not allowed.
  194. //
  195. // RFC 7230 says:
  196. // header-field = field-name ":" OWS field-value OWS
  197. // field-name = token
  198. // token = 1*tchar
  199. // tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." /
  200. // "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA
  201. func ValidHeaderFieldName(v string) bool {
  202. if len(v) == 0 {
  203. return false
  204. }
  205. for _, r := range v {
  206. if !IsTokenRune(r) {
  207. return false
  208. }
  209. }
  210. return true
  211. }
  213. // ValidHostHeader reports whether h is a valid host header.
  214. func ValidHostHeader(h string) bool {
  215. // The latest spec is actually this:
  216. //
  217. // http://tools.ietf.org/html/rfc7230#section-5.4
  218. // Host = uri-host [ ":" port ]
  219. //
  220. // Where uri-host is:
  221. // http://tools.ietf.org/html/rfc3986#section-3.2.2
  222. //
  223. // But we're going to be much more lenient for now and just
  224. // search for any byte that's not a valid byte in any of those
  225. // expressions.
  226. for i := 0; i < len(h); i++ {
  227. if !validHostByte[h[i]] {
  228. return false
  229. }
  230. }
  231. return true
  232. }
  234. // See the validHostHeader comment.
  235. var validHostByte = [256]bool{
  236. '0': true, '1': true, '2': true, '3': true, '4': true, '5': true, '6': true, '7': true,
  237. '8': true, '9': true,
  239. 'a': true, 'b': true, 'c': true, 'd': true, 'e': true, 'f': true, 'g': true, 'h': true,
  240. 'i': true, 'j': true, 'k': true, 'l': true, 'm': true, 'n': true, 'o': true, 'p': true,
  241. 'q': true, 'r': true, 's': true, 't': true, 'u': true, 'v': true, 'w': true, 'x': true,
  242. 'y': true, 'z': true,
  244. 'A': true, 'B': true, 'C': true, 'D': true, 'E': true, 'F': true, 'G': true, 'H': true,
  245. 'I': true, 'J': true, 'K': true, 'L': true, 'M': true, 'N': true, 'O': true, 'P': true,
  246. 'Q': true, 'R': true, 'S': true, 'T': true, 'U': true, 'V': true, 'W': true, 'X': true,
  247. 'Y': true, 'Z': true,
  249. '!': true, // sub-delims
  250. '$': true, // sub-delims
  251. '%': true, // pct-encoded (and used in IPv6 zones)
  252. '&': true, // sub-delims
  253. '(': true, // sub-delims
  254. ')': true, // sub-delims
  255. '*': true, // sub-delims
  256. '+': true, // sub-delims
  257. ',': true, // sub-delims
  258. '-': true, // unreserved
  259. '.': true, // unreserved
  260. ':': true, // IPv6address + Host expression's optional port
  261. ';': true, // sub-delims
  262. '=': true, // sub-delims
  263. '[': true,
  264. '\'': true, // sub-delims
  265. ']': true,
  266. '_': true, // unreserved
  267. '~': true, // unreserved
  268. }
  270. // ValidHeaderFieldValue reports whether v is a valid "field-value" according to
  271. // http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 :
  272. //
  273. // message-header = field-name ":" [ field-value ]
  274. // field-value = *( field-content | LWS )
  275. // field-content = <the OCTETs making up the field-value
  276. // and consisting of either *TEXT or combinations
  277. // of token, separators, and quoted-string>
  278. //
  279. // http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2 :
  280. //
  281. // TEXT = <any OCTET except CTLs,
  282. // but including LWS>
  283. // LWS = [CRLF] 1*( SP | HT )
  284. // CTL = <any US-ASCII control character
  285. // (octets 0 - 31) and DEL (127)>
  286. //
  287. // RFC 7230 says:
  288. // field-value = *( field-content / obs-fold )
  289. // obj-fold = N/A to http2, and deprecated
  290. // field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ]
  291. // field-vchar = VCHAR / obs-text
  292. // obs-text = %x80-FF
  293. // VCHAR = "any visible [USASCII] character"
  294. //
  295. // http2 further says: "Similarly, HTTP/2 allows header field values
  296. // that are not valid. While most of the values that can be encoded
  297. // will not alter header field parsing, carriage return (CR, ASCII
  298. // 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII
  299. // 0x0) might be exploited by an attacker if they are translated
  300. // verbatim. Any request or response that contains a character not
  301. // permitted in a header field value MUST be treated as malformed
  302. // (Section 8.1.2.6). Valid characters are defined by the
  303. // field-content ABNF rule in Section 3.2 of [RFC7230]."
  304. //
  305. // This function does not (yet?) properly handle the rejection of
  306. // strings that begin or end with SP or HTAB.
  307. func ValidHeaderFieldValue(v string) bool {
  308. for i := 0; i < len(v); i++ {
  309. b := v[i]
  310. if isCTL(b) && !isLWS(b) {
  311. return false
  312. }
  313. }
  314. return true
  315. }
  317. func isASCII(s string) bool {
  318. for i := 0; i < len(s); i++ {
  319. if s[i] >= utf8.RuneSelf {
  320. return false
  321. }
  322. }
  323. return true
  324. }
  326. // PunycodeHostPort returns the IDNA Punycode version
  327. // of the provided "host" or "host:port" string.
  328. func PunycodeHostPort(v string) (string, error) {
  329. if isASCII(v) {
  330. return v, nil
  331. }
  333. host, port, err := net.SplitHostPort(v)
  334. if err != nil {
  335. // The input 'v' argument was just a "host" argument,
  336. // without a port. This error should not be returned
  337. // to the caller.
  338. host = v
  339. port = ""
  340. }
  341. host, err = idna.ToASCII(host)
  342. if err != nil {
  343. // Non-UTF-8? Not representable in Punycode, in any
  344. // case.
  345. return "", err
  346. }
  347. if port == "" {
  348. return host, nil
  349. }
  350. return net.JoinHostPort(host, port), nil
  351. }