Merge pull request #75 from w-henderson/percent-encoding

Added percent-encoding support

Author: w-henderson

humphrey-server/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "humphrey_server"
-version = "0.5.0"
+version = "0.5.1"
 edition = "2018"
 license = "MIT"
 homepage = "https://github.com/w-henderson/Humphrey"
@@ -11,7 +11,7 @@ keywords = ["http", "server", "http-server"]
 categories = ["web-programming::http-server", "network-programming", "command-line-utilities"]
 
 [dependencies]
-humphrey = { version = "^0.5", path = "../humphrey" }
+humphrey = { version = "^0.5.2", path = "../humphrey" }
 libloading = { version = "0.7", optional = true }
 
 [features]

humphrey/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "humphrey"
-version = "0.5.1"
+version = "0.5.2"
 edition = "2018"
 license = "MIT"
 homepage = "https://github.com/w-henderson/Humphrey"

humphrey/src/lib.rs

@@ -9,6 +9,7 @@ pub mod handlers;
 pub mod http;
 pub mod krauss;
 pub mod monitor;
+pub mod percent;
 pub mod route;
 pub mod stream;
 pub mod thread;

humphrey/src/percent.rs

@@ -0,0 +1,60 @@
+//! Provides percent-encoding functionality.
+
+const UNRESERVED_CHARACTERS: &[u8] =
+    b"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.~";
+
+/// A trait which represents the ability of a type to be percent-encoded.
+pub trait PercentEncode {
+    /// Percent-encode the value.
+    fn percent_encode(&self) -> String;
+}
+
+/// A trait which represents the ability of a type to be percent-decoded.
+pub trait PercentDecode {
+    /// Attempt to percent-decode the value.
+    fn percent_decode(&self) -> Option<Vec<u8>>;
+}
+
+impl<T> PercentEncode for T
+where
+    T: AsRef<[u8]>,
+{
+    fn percent_encode(&self) -> String {
+        let bytes = self.as_ref();
+        let mut encoded = String::with_capacity(bytes.len() * 3);
+
+        for byte in bytes {
+            if UNRESERVED_CHARACTERS.contains(byte) {
+                encoded.push(*byte as char);
+            } else {
+                encoded += &format!("%{:02X}", byte);
+            }
+        }
+
+        encoded
+    }
+}
+
+impl<T> PercentDecode for T
+where
+    T: AsRef<str>,
+{
+    fn percent_decode(&self) -> Option<Vec<u8>> {
+        let length = self.as_ref().len();
+        let mut chars = self.as_ref().bytes();
+        let mut decoded = Vec::with_capacity(length);
+
+        while let Some(character) = chars.next() {
+            if character == b'%' {
+                let [hex_dig_1, hex_dig_2] = [chars.next()?, chars.next()?];
+                let hex = format!("{}{}", hex_dig_1 as char, hex_dig_2 as char);
+                let byte = u8::from_str_radix(&hex, 16).ok()?;
+                decoded.push(byte);
+            } else {
+                decoded.push(character);
+            }
+        }
+
+        Some(decoded)
+    }
+}

humphrey/src/route.rs

@@ -4,6 +4,7 @@ use crate::app::{
     PathAwareRequestHandler, RequestHandler, StatelessRequestHandler, WebsocketHandler,
 };
 use crate::krauss;
+use crate::percent::PercentDecode;
 
 use std::fs::metadata;
 use std::path::PathBuf;
@@ -138,6 +139,8 @@ pub fn try_find_path(
     request_path: &str,
     index_files: &[&str],
 ) -> Option<LocatedPath> {
+    let request_path = String::from_utf8(request_path.percent_decode()?).ok()?;
+
     // Avoid path traversal exploits
     if request_path.contains("..") || request_path.contains(':') {
         return None;

humphrey/src/tests/mod.rs

@@ -2,6 +2,7 @@ pub mod date;
 pub mod krauss;
 pub mod method;
 pub mod mock_stream;
+pub mod percent;
 pub mod request;
 pub mod response;
 pub mod status;

humphrey/src/tests/percent.rs

@@ -0,0 +1,49 @@
+use crate::percent::{PercentDecode, PercentEncode};
+
+#[test]
+fn encode_unreserved_chars() {
+    let string = "thisisatest";
+    let encoded = string.percent_encode();
+
+    assert_eq!(encoded, string);
+}
+
+#[test]
+fn encode_reserved_chars() {
+    let string = "this is a test! (and brackets)";
+    let encoded = string.percent_encode();
+
+    assert_eq!(encoded, "this%20is%20a%20test%21%20%28and%20brackets%29");
+}
+
+#[test]
+fn encode_bytes() {
+    let bytes = b"this is a \0null character";
+    let encoded = bytes.percent_encode();
+
+    assert_eq!(encoded, "this%20is%20a%20%00null%20character");
+}
+
+#[test]
+fn decode_unreserved_chars() {
+    let string = "thisisatest";
+    let decoded = string.percent_decode();
+
+    assert_eq!(decoded, Some(string.as_bytes().to_vec()));
+}
+
+#[test]
+fn decode_reserved_chars() {
+    let string = "this%20is%20a%20test%21%20%28and%20brackets%29";
+    let decoded = string.percent_decode();
+
+    assert_eq!(decoded, Some(b"this is a test! (and brackets)".to_vec()));
+}
+
+#[test]
+fn decode_bytes() {
+    let string = "this%20is%20a%20%00null%20character";
+    let decoded = string.percent_decode();
+
+    assert_eq!(decoded, Some(b"this is a \0null character".to_vec()));
+}