Skip to content

Commit

Permalink
Merge pull request #1782 from microsoft/fix_uri_parsing
Browse files Browse the repository at this point in the history
make Uri.is_host_loopback() only return true for localhost and 127.0.0.1 exactly
  • Loading branch information
barcharcraz authored Dec 5, 2023
2 parents 9c65488 + 006271f commit 096a9a1
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 3 deletions.
5 changes: 3 additions & 2 deletions Release/include/cpprest/base_uri.h
Original file line number Diff line number Diff line change
Expand Up @@ -296,13 +296,14 @@ class uri
/// A loopback URI is one which refers to a hostname or ip address with meaning only on the local machine.
/// </summary>
/// <remarks>
/// Examples include "localhost", or ip addresses in the loopback range (127.0.0.0/24).
/// Examples include "localhost", or "127.0.0.1". The only URIs for which this method returns true are "127.0.0.1", and "localhost",
/// all other URIs return false
/// </remarks>
/// <returns><c>true</c> if this URI references the local host, <c>false</c> otherwise.</returns>
bool is_host_loopback() const
{
return !is_empty() &&
((host() == _XPLATSTR("localhost")) || (host().size() > 4 && host().substr(0, 4) == _XPLATSTR("127.")));
((host() == _XPLATSTR("localhost")) || (host() == _XPLATSTR("127.0.0.1")));
}

/// <summary>
Expand Down
5 changes: 5 additions & 0 deletions Release/tests/functional/uri/constructor_tests.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,11 @@ namespace uri_tests
{
SUITE(constructor_tests)
{
TEST(not_really_a_loopback_uri)
{
uri u(uri::encode_uri(U("https://127.evil.com")));
VERIFY_IS_FALSE(u.is_host_loopback());
}
TEST(parsing_constructor_char)
{
uri u(uri::encode_uri(U("net.tcp://steve:@testname.com:81/bleh%?qstring#goo")));
Expand Down
2 changes: 1 addition & 1 deletion Release/tests/functional/uri/diagnostic_tests.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ SUITE(diagnostic_tests)
VERIFY_IS_FALSE(uri(U("http://bleh/?qstring")).is_host_loopback());
VERIFY_IS_FALSE(uri(U("http://+*/?qstring")).is_host_loopback());
VERIFY_IS_TRUE(uri(U("http://127.0.0.1/")).is_host_loopback());
VERIFY_IS_TRUE(uri(U("http://127.155.0.1/")).is_host_loopback());
VERIFY_IS_FALSE(uri(U("http://127.155.0.1/")).is_host_loopback());
VERIFY_IS_FALSE(uri(U("http://128.0.0.1/")).is_host_loopback());
}

Expand Down

0 comments on commit 096a9a1

Please sign in to comment.