This adds an option to supress `../` at the start of the resulting path.
See RFC 8297 for more information.
http-request normalize-uri <normalizer> [ { if | unless } <condition> ]
-http-request normalize-uri dotdot [ { if | unless } <condition> ]
+http-request normalize-uri dotdot [ full ] [ { if | unless } <condition> ]
http-request normalize-uri merge-slashes [ { if | unless } <condition> ]
Performs normalization of the request's URI. The following normalizers are
- /foo/../bar/ -> /bar/
- /foo/bar/../ -> /foo/
- /../bar/ -> /../bar/
+ - /bar/../../ -> /../
- /foo//../ -> /foo/
+ If the "full" option is specified then "../" at the beginning will be
+ removed as well:
+
+ Example:
+ - /../bar/ -> /bar/
+ - /bar/../../ -> /
+
- merge-slashes: Merges adjacent slashes within the "path" component into a
single slash.
enum act_normalize_uri {
ACT_NORMALIZE_URI_MERGE_SLASHES,
ACT_NORMALIZE_URI_DOTDOT,
+ ACT_NORMALIZE_URI_DOTDOT_FULL,
};
/* NOTE: if <.action_ptr> is defined, the referenced function will always be
#include <haproxy/uri_normalizer-t.h>
-enum uri_normalizer_err uri_normalizer_path_dotdot(const struct ist path, struct ist *dst);
+enum uri_normalizer_err uri_normalizer_path_dotdot(const struct ist path, int full, struct ist *dst);
enum uri_normalizer_err uri_normalizer_path_merge_slashes(const struct ist path, struct ist *dst);
#endif /* _HAPROXY_URI_NORMALIZER_H */
http-request normalize-uri dotdot
http-request set-var(txn.after) url
+ http-request set-uri %[var(txn.before)]
+ http-request normalize-uri dotdot full
+ http-request set-var(txn.after_full) url
+
http-response add-header before %[var(txn.before)]
http-response add-header after %[var(txn.after)]
+ http-response add-header after-full %[var(txn.after_full)]
default_backend be
rxresp
expect resp.http.before == "/foo/bar"
expect resp.http.after == "/foo/bar"
+ expect resp.http.after-full == "/foo/bar"
txreq -url "/foo/.."
rxresp
expect resp.http.before == "/foo/.."
expect resp.http.after == "/"
+ expect resp.http.after-full == "/"
txreq -url "/foo/../"
rxresp
expect resp.http.before == "/foo/../"
expect resp.http.after == "/"
+ expect resp.http.after-full == "/"
txreq -url "/foo/bar/../"
rxresp
expect resp.http.before == "/foo/bar/../"
expect resp.http.after == "/foo/"
+ expect resp.http.after-full == "/foo/"
txreq -url "/foo/../bar"
rxresp
expect resp.http.before == "/foo/../bar"
expect resp.http.after == "/bar"
+ expect resp.http.after-full == "/bar"
txreq -url "/foo/../bar/"
rxresp
expect resp.http.before == "/foo/../bar/"
expect resp.http.after == "/bar/"
+ expect resp.http.after-full == "/bar/"
txreq -url "/foo/../../bar/"
rxresp
expect resp.http.before == "/foo/../../bar/"
expect resp.http.after == "/../bar/"
+ expect resp.http.after-full == "/bar/"
txreq -url "/foo//../../bar/"
rxresp
expect resp.http.before == "/foo//../../bar/"
expect resp.http.after == "/bar/"
+ expect resp.http.after-full == "/bar/"
txreq -url "/foo/?bar=/foo/../"
rxresp
expect resp.http.before == "/foo/?bar=/foo/../"
expect resp.http.after == "/foo/?bar=/foo/../"
+ expect resp.http.after-full == "/foo/?bar=/foo/../"
txreq -url "/foo/../?bar=/foo/../"
rxresp
expect resp.http.before == "/foo/../?bar=/foo/../"
expect resp.http.after == "/?bar=/foo/../"
+ expect resp.http.after-full == "/?bar=/foo/../"
txreq -req OPTIONS -url "*"
rxresp
expect resp.http.before == "*"
expect resp.http.after == "*"
+ expect resp.http.after-full == "*"
} -run
break;
}
- case ACT_NORMALIZE_URI_DOTDOT: {
+ case ACT_NORMALIZE_URI_DOTDOT:
+ case ACT_NORMALIZE_URI_DOTDOT_FULL: {
const struct ist path = http_get_path(uri);
struct ist newpath = ist2(replace->area, replace->size);
if (!isttest(path))
goto leave;
- err = uri_normalizer_path_dotdot(iststop(path, '?'), &newpath);
+ err = uri_normalizer_path_dotdot(iststop(path, '?'), rule->action == ACT_NORMALIZE_URI_DOTDOT_FULL, &newpath);
if (err != URI_NORMALIZER_ERR_NONE)
break;
else if (strcmp(args[cur_arg], "dotdot") == 0) {
cur_arg++;
- rule->action = ACT_NORMALIZE_URI_DOTDOT;
+ if (strcmp(args[cur_arg], "full") == 0) {
+ cur_arg++;
+ rule->action = ACT_NORMALIZE_URI_DOTDOT_FULL;
+ }
+ else if (!*args[cur_arg]) {
+ rule->action = ACT_NORMALIZE_URI_DOTDOT;
+ }
+ else if (strcmp(args[cur_arg], "if") != 0 && strcmp(args[cur_arg], "unless") != 0) {
+ memprintf(err, "unknown argument '%s' for 'dotdot' normalizer", args[cur_arg]);
+ return ACT_RET_PRS_ERR;
+ }
}
else {
memprintf(err, "unknown normalizer '%s'", args[cur_arg]);
#include <haproxy/api.h>
#include <haproxy/uri_normalizer.h>
-/* Merges `/../` with preceding path segments. */
-enum uri_normalizer_err uri_normalizer_path_dotdot(const struct ist path, struct ist *dst)
+/* Merges `/../` with preceding path segments.
+ *
+ * If `full` is set to `0` then `/../` will be printed at the start of the resulting
+ * path if the number of `/../` exceeds the number of other segments. If `full` is
+ * set to `1` these will not be printed.
+ */
+enum uri_normalizer_err uri_normalizer_path_dotdot(const struct ist path, int full, struct ist *dst)
{
enum uri_normalizer_err err;
/* Prepend a trailing slash. */
*(--head) = '/';
- /* Prepend unconsumed `/..`. */
- do {
- *(--head) = '.';
- *(--head) = '.';
- *(--head) = '/';
- up--;
- } while (up > 0);
+ if (!full) {
+ /* Prepend unconsumed `/..`. */
+ do {
+ *(--head) = '.';
+ *(--head) = '.';
+ *(--head) = '/';
+ up--;
+ } while (up > 0);
+ }
}
*dst = ist2(head, tail - head);
projects / thirdparty / haproxy.git / commitdiff
