Improve some defects related to http service request path

House-Men · House-Men · commit ea2492090a20 · 2025-04-16T04:07:26.000+08:00
add hv_normalize_path function to hbase.h
support http legal relative path request
optimize http server path file cache map key
fix false positives '/..file' normal path bug
diff --git a/base/hbase.c b/base/hbase.c
@@ -540,3 +540,59 @@ int hv_parse_url(hurl_t* stURL, const char* strURL) {
     stURL->fields[HV_URL_FRAGMENT].len = ep - sp;
     return 0;
 }
+
+int hv_normalize_path(char *path) {
+    if (*path != '/') return 0;
+    int pos = 1;
+#ifdef OS_WIN
+    int sum = 0;
+#endif
+    for (int i = 1; path[i] != '\0'; ++i) {
+        switch (path[i]) {
+            case '\\':
+            case '/':
+                if (path[pos - 1] != '/') path[pos++] = '/';
+                break;
+
+            case '.':
+                if (path[pos - 1] == '/') {
+                    if (path[i + 1] == '.' && (path[i + 2] == '/' || path[i + 2] == '\\' || path[i + 2] == '\0')) {
+                        while (--pos > 0) {
+                            if (path[pos - 1] == '/') break;
+                        }
+                        if (pos < 1) return 0;
+                        i += path[i + 2] == '\0' ? 1 : 2;
+                        break;
+                    }
+                    if (path[i + 1] == '\0') break;
+                    if (path[i + 1] == '/' || path[i + 1] == '\\') {
+                        ++i;
+                        break;
+                    }
+                }
+                path[pos++] = '.';
+#ifdef OS_WIN
+                // windows does not have a trailing '.'
+                sum = 1;
+                while (path[i + sum] == '.') {
+                    path[pos++] = '.';
+                    ++sum;
+                }
+                if (path[i + sum] == '\0') pos -= sum;
+                i += sum - 1;
+#endif
+                break;
+
+            default:
+#ifdef OS_WIN
+                // windows is not case sensitive
+                path[pos++] = (char)tolower(path[i]);
+#else
+                path[pos++] = path[i];
+#endif
+                break;
+        }
+    }
+    path[pos] = '\0';
+    return pos;
+}
diff --git a/base/hbase.h b/base/hbase.h
@@ -140,6 +140,8 @@ typedef struct hurl_s {
 
 HV_EXPORT int hv_parse_url(hurl_t* stURL, const char* strURL);
 
+HV_EXPORT int hv_normalize_path(char *path);
+
 END_EXTERN_C
 
 #endif // HV_BASE_H_
diff --git a/http/server/HttpHandler.cpp b/http/server/HttpHandler.cpp
@@ -524,14 +524,15 @@ int HttpHandler::defaultRequestHandler() {
 int HttpHandler::defaultStaticHandler() {
     // file service
     std::string path = req->Path();
-    const char* req_path = path.c_str();
-    // path safe check
-    if (req_path[0] != '/' || strstr(req_path, "/..") || strstr(req_path, "\\..")) {
+    path.resize(hv_normalize_path(const_cast<char*>(path.c_str())));
+    if (path.empty()) {
+        hloge("[%s:%d] Illegal relative path: %s", ip, port, req->path.c_str());
         return HTTP_STATUS_BAD_REQUEST;
     }
 
+    const char* req_path = path.c_str();
     std::string filepath;
-    bool is_dir = path.back() == '/' &&
+    const bool is_dir = path.back() == '/' &&
                   service->index_of.size() > 0 &&
                   hv_strstartswith(req_path, service->index_of.c_str());
     if (is_dir) {
