Get default file name from content-disposition or URL (#269)

The order here is:
- use a file name from content disposition header (filename* over filename)
- otherwise try to get a file name from the redirected URL
- otherwise try to get a file name from the original URL
- otherwise use a default file name ("download.txt")

Author: StefanKarpinski

src/Downloads.jl

@@ -170,6 +170,11 @@ end
 
 ## download API ##
 
+# Getting file names from URLs and Responses:
+include("filenames.jl")
+
+const DEFAULT_FILENAME = "download.txt"
+
 """
     download(url, [ output = tempname() ];
         [ method = "GET", ]
@@ -255,7 +260,21 @@ function download(
     debug      :: Union{Function, Nothing} = nothing,
     downloader :: Union{Downloader, Nothing} = nothing,
 ) :: ArgWrite
-    arg_write(output) do output
+    # only rename when output is originally empty
+    try_rename = false
+    if output === nothing
+        @show url
+        try_rename = true
+        # guess file name from URL (might not be final name)
+        name = url_filename(url)
+        if !is_safe_filename(name)
+            name = DEFAULT_FILENAME
+        end
+        @show name
+        output = joinpath(mktempdir(), name)
+    end
+    local response # capture outside closure
+    path = arg_write(output) do output
         response = request(
             url,
             output = output,
@@ -270,6 +289,20 @@ function download(
         status_ok(response) && return output
         throw(RequestError(url, Curl.CURLE_OK, "", response))
     end
+    # fix file suffix based on headers & redirected URL
+    if try_rename && ispath(path)
+        name = get_filename(response)
+        @show name, is_safe_filename(name)
+        if is_safe_filename(name)
+            path′ = joinpath(dirname(path), name)
+            @assert dirname(path) == dirname(path′)
+            if path != path′
+                mv(path, path′)
+                path = path′
+            end
+        end
+    end
+    return path
 end
 
 ## request API ##

src/filenames.jl

@@ -0,0 +1,144 @@
+## Getting file names from URLs and Responses
+
+struct BadEncoding <: Exception end
+
+function hex_digit(str::AbstractString, i::Int)::Tuple{UInt8,Int}
+    if i ≤ ncodeunits(str)
+        d, i = iterate(str, i)
+        '0' ≤ d ≤ '9' && return d - '0', i
+        'a' ≤ d ≤ 'f' && return d - 'a' + 10, i
+        'A' ≤ d ≤ 'F' && return d - 'A' + 10, i
+    end
+    throw(BadEncoding())
+end
+
+function url_unescape(str::Union{String, SubString{String}})
+    try return sprint(sizehint = ncodeunits(str)) do io
+            i = 1
+            while i ≤ ncodeunits(str)
+                c, i = iterate(str, i)
+                if c == '%'
+                    hi, i = hex_digit(str, i)
+                    lo, i = hex_digit(str, i)
+                    x = hi*0x10 + lo
+                    write(io, x)
+                else
+                    print(io, c)
+                end
+            end
+        end
+    catch err
+        err isa BadEncoding && return
+        rethrow()
+    end
+end
+
+function url_filename(url::AbstractString)
+    m = match(r"^[a-z][a-z+._-]*://[^#?]*/([^/#?]+)(?:[#?]|$)"i, url)
+    m === nothing && return
+    url_unescape(m[1])
+end
+
+let # build some complex regular expressions
+    s = raw"\s*" # interpolating this is handy
+    token = raw"[A-Za-z0-9!#$%&'*+-.\^_`|~]+"
+    bare_value = raw"[^\s'\";][^;]*(?<!\s)"
+    single_quoted = raw"'(?:[^'\\]|\\.)*'"
+    double_quoted = raw"\"(?:[^\"\\]|\\.)*\""
+    value = "(?:" *bare_value* "|" *single_quoted* "|" *double_quoted* ")"
+    pair = "(" *token* ")$s=$s(" *value* ")"
+    header_re = "^$s" *token* "$s(?:;$s" *pair* "$s)*;?$s\$"
+    each_pair_re = "(?:^" *token* "|\\G)$s;$s" *pair
+    global const content_disposition_re = Regex(header_re)
+    global const content_disposition_each_re = Regex(each_pair_re)
+end
+
+function get_filename(response::Response)
+    # look for content disposition header
+    filename = filename⁺ = nothing
+    for (h_key, h_val) in response.headers
+        h_key == "content-disposition" &&
+            contains(h_val, content_disposition_re) || continue
+        for m in eachmatch(content_disposition_each_re, h_val)
+            a_key = lowercase(m.captures[1])
+            a_val = m.captures[2]
+            a_val === nothing && continue
+            if a_key == "filename"
+                if a_val[1] in ('"', '\'') && a_val[1] == a_val[end]
+                    # quoted value
+                    filename = sprint(sizehint=ncodeunits(a_val)-2) do io
+                        i = nextind(a_val, 1)
+                        while i < ncodeunits(a_val)
+                            c, i = iterate(a_val, i)
+                            if c == '\\'
+                                c, i = iterate(a_val, i)
+                            end
+                            write(io, c)
+                        end
+                    end
+                else # unquoted value
+                    filename = a_val
+                end
+            elseif a_key == "filename*"
+                m = match(r"^([\w-]+)'\w*'(.*)$", a_val)
+                m === nothing && continue
+                encoding = lowercase(m.captures[1])
+                encoding in ("utf-8", "iso-8859-1") || continue
+                encoded = m.captures[2]
+                try filename⁺ = sprint() do io
+                        i = 1
+                        while i ≤ ncodeunits(encoded)
+                            c, i = iterate(encoded, i)
+                            if c == '%'
+                                hi, i = hex_digit(encoded, i)
+                                lo, i = hex_digit(encoded, i)
+                                x = hi*0x10 + lo
+                                if encoding == "utf-8"
+                                    write(io, x)
+                                else
+                                    write(io, Char(x))
+                                end
+                            else
+                                write(io, c)
+                            end
+                        end
+                    end
+                catch err
+                    err isa BadEncoding || rethrow()
+                end
+            end
+        end
+    end
+    filename⁺ !== nothing && return filename⁺
+    filename !== nothing && return filename
+    # no usable content disposition header
+    # extract from URL after redirects
+    return url_filename(response.url)
+end
+
+# Special names on Windows: CON PRN AUX NUL COM1-9 LPT1-9
+# we spell out uppercase/lowercase because of locales
+# these are dangerous with or without an extension
+const WIN_SPECIAL_NAMES = r"^(
+    [Cc][Oo][Nn] |
+    [Pp][Rr][Nn] |
+    [Aa][Uu][Xx] |
+    [Nn][Uu][Ll] |
+    [Cc][Oo][Mm][1-9] |
+    [Ll][Pp][Tt][1-9]
+)(\.|$)"x
+
+function is_safe_filename(name::AbstractString)
+    isvalid(name) || return false
+    '/' in name && return false
+    name in ("", ".", "..") && return false
+    any(iscntrl, name) && return false
+    if Sys.iswindows()
+        name[end] ∈ ". " && return false
+        any(in("\"*:<>?\\|"), name) && return false
+        contains(name, WIN_SPECIAL_NAMES) && return false
+    end
+    return true
+end
+
+is_safe_filename(::Nothing) = false

test/runtests.jl

@@ -220,6 +220,149 @@ include("setup.jl")
         end
     end
 
+    @testset "download file names" begin
+        @testset "url_filename helper" begin
+            for url in urls_with_filename()
+                @test nothing === Downloads.url_filename(url)
+            end
+            for name in file_names,
+                url in urls_with_filename(name)
+                @test name === Downloads.url_filename(url)
+            end
+            # URLs that we shouldn't get a file name from
+            for url in [
+                "",
+                "abc",
+                "abc.txt",
+                "abc:def",
+                "file:/",
+                "file://",
+                "file:///",
+                "$server/anything/%",
+                "$server/anything/%.txt",
+                "$server/anything/%0.txt",
+            ]
+                @test nothing === Downloads.url_filename(url)
+            end
+        end
+        # set a more unique default file name
+        default = Downloads.DEFAULT_FILENAME
+        @testset "from URL" begin
+            for url in rand(urls_with_filename(), 10)
+                @test default == splitdir(download(url))[2]
+                url′ = "$server/redirect-to?url="*url_escape(url)
+                # would be reasonable for this to be `default` too but
+                # currently we use the name from the original URL
+                @test Downloads.url_filename(url′) ==
+                    splitdir(download(url′))[2]
+            end
+            for name in file_names
+                Sys.iswindows() && '"' in name && continue
+                for url in rand(urls_with_filename(name), 3)
+                    @test name == splitdir(download(url))[2]
+                    url′ = "$server/redirect-to?url="*url_escape(url)
+                    @test name == splitdir(download(url′))[2]
+                end
+            end
+        end
+        @testset "unsafe names in URLs" begin
+            bad_names = [
+                url_escape(".")
+                url_escape("..")
+                url_escape("\a")
+                "%ff"
+                "%ff.txt"
+            ]
+            if Sys.iswindows()
+                push!(bad_names, url_escape("file."))
+                push!(bad_names, url_escape("file "))
+                push!(bad_names, url_escape("file:txt"))
+                push!(bad_names, url_escape("CON"))
+                push!(bad_names, url_escape("LPT1.txt"))
+            end
+            for name in bad_names
+                url = "$server/anything/$name"
+                @test default == splitdir(download(url))[2]
+            end
+        end
+        @testset "from content disposition" begin
+            for name in file_names
+                Sys.iswindows() && '"' in name && continue
+                url = content_disposition_url(:utf8 => name)
+                @test name == splitdir(download(url))[2]
+                isascii(name) || continue
+                url = content_disposition_url(:ascii => name)
+                @test name == splitdir(download(url))[2]
+                url = content_disposition_url(:ascii_1q => name)
+                @test name == splitdir(download(url))[2]
+                url = content_disposition_url(:ascii_2q => name)
+                @test name == splitdir(download(url))[2]
+            end
+            let name = "ÿ.txt"
+                url = content_disposition_url(:latin1 => name)
+                @test name == splitdir(download(url))[2]
+            end
+            let name = "y.txt", name⁺ = "ÿ.txt"
+                url = content_disposition_url(:ascii => name, :utf8 => name⁺)
+                @test name⁺ == splitdir(download(url))[2]
+                url = content_disposition_url(:ascii => name, :latin1 => name⁺)
+                @test name⁺ == splitdir(download(url))[2]
+                url = content_disposition_url(:utf8 => name⁺, :ascii => name)
+                @test name⁺ == splitdir(download(url))[2]
+                url = content_disposition_url(:latin1 => name⁺, :ascii => name)
+                @test name⁺ == splitdir(download(url))[2]
+                url = content_disposition_url(:latin1 => name, :utf8 => name⁺)
+                @test name⁺ == splitdir(download(url))[2]
+                url = content_disposition_url(:utf8 => name, :latin1 => name⁺)
+                @test name⁺ == splitdir(download(url))[2]
+            end
+        end
+        @testset "invalid content disposition" begin
+            # invalid content disposition header syntax
+            values = [
+                "\a\b"
+                "inline"
+                "attachment"
+                "attachment; filename"
+                "attachment; filename='"
+                "attachment; filename=\""
+                "attachment; filename='unclosed"
+                "attachment; filename=\"unclosed"
+                "attachment; filename*=name.txt"
+                "attachment; filename*='name.txt'"
+                "attachment; filename*=\"name.txt\""
+                "attachment; filename*=utf-8''%"
+                "attachment; filename*=utf-8''%.txt"
+            ]
+            bad_names = [
+                ""
+                "."
+                ".."
+                "foo/bar"
+                "foo\0"
+                "\a"
+                "ding!\v"
+            ]
+            if Sys.iswindows()
+                push!(bad_names, "file.")
+                push!(bad_names, "file ")
+                push!(bad_names, "file:txt")
+                push!(bad_names, "CON")
+                push!(bad_names, "LPT1.txt")
+            end
+            for name in bad_names
+                push!(values, "attachment; filename*=utf-8''$(url_escape(name))")
+                '\0' in name && continue
+                push!(values, "attachment; filename=\"$name\"")
+            end
+            for value in values
+                url = "$server/response-headers?content-disposition="*
+                    url_escape(value)
+                @test "response-headers" === splitdir(download(url))[2]
+            end
+        end
+    end
+
     @testset "debug callback" begin
         url = "$server/get"
         events = Pair{String,String}[]