diff --git a/src/Http/Http/src/BindingAddress.cs b/src/Http/Http/src/BindingAddress.cs index b8ceef625b06..20cc26ee74fd 100644 --- a/src/Http/Http/src/BindingAddress.cs +++ b/src/Http/Http/src/BindingAddress.cs @@ -203,10 +203,11 @@ public static BindingAddress Parse(string address) var port = 0; var hasSpecifiedPort = false; - if (!isUnixPipe) + if (!isUnixPipe && !isNamedPipe) { + // Verify not a loopback uri. var portDelimiterStart = address.LastIndexOf(':', pathDelimiterStart - 1, pathDelimiterStart - schemeDelimiterEnd); - if (portDelimiterStart >= 0) + if (portDelimiterStart >= 0 && address.Substring(pathDelimiterStart - 1, 1) != "]") { var portDelimiterEnd = portDelimiterStart + ":".Length; @@ -218,6 +219,10 @@ public static BindingAddress Parse(string address) host = address.Substring(schemeDelimiterEnd, portDelimiterStart - schemeDelimiterEnd); port = portNumber; } + else + { + throw new FormatException($"Invalid port: '{portString}', only numbers are allowed."); + } } if (!hasSpecifiedPort) diff --git a/src/Http/Http/test/BindingAddressTests.cs b/src/Http/Http/test/BindingAddressTests.cs index f75f483559a8..2d0c568a834a 100644 --- a/src/Http/Http/test/BindingAddressTests.cs +++ b/src/Http/Http/test/BindingAddressTests.cs @@ -30,6 +30,24 @@ public void FromUriThrowsForUrlsWithoutHost(string url) Assert.Throws(() => BindingAddress.Parse(url)); } + [Theory] + [InlineData("http://localhost:NOTAPORT")] + [InlineData("http://localhost:NOTAPORT/")] + [InlineData("http://localhost:NOTAPORT/random/url")] + [InlineData("https://localhost:NOTAPORT")] + [InlineData("https://localhost:NOTAPORT/")] + [InlineData("https://localhost:NOTAPORT/random/url")] + [InlineData("http://www.example.com:NOTAPORT")] + [InlineData("http://www.example.com:NOTAPORT/")] + [InlineData("http://www.example.com:NOTAPORT/foo?bar=baz")] + [InlineData("https://www.example.com:NOTAPORT")] + [InlineData("https://www.example.com:NOTAPORT/")] + [InlineData("https://www.example.com:NOTAPORT/foo?bar=baz")] + public void FromUriThrowsForUrlsWithInvalidPortNumbers(string url) + { + Assert.Throws(() => BindingAddress.Parse(url)); + } + [ConditionalTheory] [InlineData("http://unix:/")] [InlineData("http://unix:/c")] @@ -52,11 +70,6 @@ public void FromUriThrowsForUrlsWithWrongFilePathOnWindows(string url) [InlineData("http://www.example.com:5000", "http", "www.example.com", 5000, "", null)] [InlineData("https://www.example.com:5000", "https", "www.example.com", 5000, "", null)] [InlineData("http://www.example.com:5000/", "http", "www.example.com", 5000, "", "http://www.example.com:5000")] - [InlineData("http://www.example.com:NOTAPORT", "http", "www.example.com:NOTAPORT", 80, "", "http://www.example.com:notaport:80")] - [InlineData("https://www.example.com:NOTAPORT", "https", "www.example.com:NOTAPORT", 443, "", "https://www.example.com:notaport:443")] - [InlineData("http://www.example.com:NOTAPORT/", "http", "www.example.com:NOTAPORT", 80, "", "http://www.example.com:notaport:80")] - [InlineData("http://foo:/tmp/kestrel-test.sock:5000/doesn't/matter", "http", "foo:", 80, "/tmp/kestrel-test.sock:5000/doesn't/matter", "http://foo::80/tmp/kestrel-test.sock:5000/doesn't/matter")] - [InlineData("http://unix:foo/tmp/kestrel-test.sock", "http", "unix:foo", 80, "/tmp/kestrel-test.sock", "http://unix:foo:80/tmp/kestrel-test.sock")] [InlineData("http://unix:5000/tmp/kestrel-test.sock", "http", "unix", 5000, "/tmp/kestrel-test.sock", "http://unix:5000/tmp/kestrel-test.sock")] public void UrlsAreParsedCorrectly(string url, string scheme, string host, int port, string pathBase, string toString) {