improve conformance for parsing a host

Jake Champion · Jake Champion · commit e093be208f12 · 2022-09-27T13:48:10.000+01:00
diff --git a/c-dependencies/js-compute-runtime/builtins/backend.cpp b/c-dependencies/js-compute-runtime/builtins/backend.cpp
@@ -4,6 +4,7 @@
 #include <optional>
 #include <string>
 #include <string_view>
+#include <vector>
 
 // TODO: remove these once the warnings are fixed
 #pragma clang diagnostic push
@@ -15,20 +16,28 @@
 #include "host_call.h"
 #include "js/Conversions.h"
 
-bool isDash(char character) { return character == 45; }
-bool isDot(char character) { return character == 46; }
-
-bool isNotAlphaNumericOrDash(char character) {
-  return !std::isalnum(character) && !isDash(character);
-}
-
-bool isNotAlphaNumericDotOrDash(char character) {
-  return !std::isalnum(character) && !isDash(character) && !isDot(character);
+std::vector<std::string_view> split(std::string_view string, char delimiter) {
+  auto start = 0;
+  auto end = string.find(delimiter, start);
+  std::vector<std::string_view> result;
+  while (end != std::string::npos) {
+    result.push_back(string.substr(start, end - start));
+    start = end + 1;
+    end = string.find(delimiter, start);
+  }
+  result.push_back(string.substr(start));
+  return result;
 }
 
+// A "host" is a "hostname" and an optional "port" in the format hostname:port
+// A "hostname" is between 1 and 255 octets -- https://www.rfc-editor.org/rfc/rfc1123#page-13
+// A "hostname" must start with a letter or digit -- https://www.rfc-editor.org/rfc/rfc1123#page-13
+// A "hostname" is made up of "labels" delimited by a dot `.`
+// A "label" is between 1 and 63 octets
 bool isValidHost(std::string_view host) {
-  // ValidHostRegex =
-  // "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)$";
+  if (host.length() < 1) {
+    return false;
+  }
   auto firstCharacter = host.front();
   // check first character is in the regex [a-zA-Z0-9]
   if (!std::isalnum(firstCharacter)) {
@@ -38,37 +47,42 @@ bool isValidHost(std::string_view host) {
   int pos = host.find_first_of(':');
   std::string_view hostname = host.substr(0, pos);
 
+  // hostnames can not be longer than 253 characters
+  // This is because a hostname is represented as a series of labels, and is terminated by a label of length zero. 
+  // A label consists of a length octet followed by that number of octets representing the name itself.
+  // https://www.rfc-editor.org/rfc/rfc1035#section-3.3
+  // https://www.rfc-editor.org/rfc/rfc2181#section-11
+  if (hostname.length() > 253) {
+    return false;
+  }
+
   auto lastCharacter = hostname.back();
   // check last character is in the regex [a-zA-Z0-9]
   if (!std::isalnum(lastCharacter)) {
     return false;
   }
 
-  // find the position of the last .
-  auto lastDot = hostname.rfind('.');
-  if (lastDot == std::string::npos) {
-    return true;
-  }
+  auto labels = split(hostname, '.');
 
-  // check the character before the last . is in the regex [a-zA-Z0-9]
-  if (!std::isalnum(hostname.at(lastDot - 1))) {
-    return false;
-  }
-  // check all other characters before the last . are in the regex [a-zA-Z0-9\-.]
-  auto last = std::next(hostname.begin(), lastDot);
-  auto it = std::find_if(std::next(hostname.begin()), last, isNotAlphaNumericDotOrDash);
+  for (auto label:labels) {
+    // Each label in a hostname can not be longer than 63 characters
+    // https://www.rfc-editor.org/rfc/rfc2181#section-11
+    if (label.length() > 63) {
+      return false;
+    }
 
-  if (it != last) {
-    return false;
-  }
-  // check all characters after the last . (but not the last character) are in the regex
-  // [a-zA-Z0-9\-]
-  last = std::prev(hostname.end());
-  it = std::find_if(std::next(hostname.begin(), lastDot + 1), last, isNotAlphaNumericOrDash);
-  if (it != last) {
-    return false;
+    // Each label can only contain the characters in the regex [a-zA-Z0-9\-]
+    auto it = std::find_if_not(label.begin(), label.end(), [&](auto character) {
+      return std::isalnum(character) || character == '-';
+    });
+    if (it != label.end()) {
+
+      return false;
+    }
   }
+
   // if there is a port - confirm it is all digits and is between 0 and 65536
+  // https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
   if (pos != std::string::npos) {
     std::string_view port = host.substr(pos + 1);
     if (!std::all_of(port.begin(), port.end(), ::isdigit)) {
diff --git a/c-dependencies/js-compute-runtime/error-numbers.msg b/c-dependencies/js-compute-runtime/error-numbers.msg
@@ -64,7 +64,7 @@ MSG_DEF(JSMSG_BACKEND_NAME_TOO_LONG,                           0, JSEXN_TYPEERR,
 MSG_DEF(JSMSG_BACKEND_NAME_EMPTY,                              0, JSEXN_TYPEERR, "Backend constructor: name can not be an empty string")
 MSG_DEF(JSMSG_BACKEND_TARGET_NOT_SET,                          0, JSEXN_TYPEERR, "Backend constructor: target can not be null or undefined")
 MSG_DEF(JSMSG_BACKEND_TARGET_EMPTY,                            0, JSEXN_TYPEERR, "Backend constructor: target can not be an empty string")
-MSG_DEF(JSMSG_BACKEND_TARGET_INVALID,                          0, JSEXN_TYPEERR, "Backend constructor: target is not a valid host or IP address")
+MSG_DEF(JSMSG_BACKEND_TARGET_INVALID,                          0, JSEXN_TYPEERR, "Backend constructor: target does not contain a valid IPv4, IPv6, or hostname address")
 MSG_DEF(JSMSG_BACKEND_CIPHERS_EMPTY,                           0, JSEXN_TYPEERR, "Backend constructor: ciphers can not be an empty string")
 MSG_DEF(JSMSG_BACKEND_HOST_OVERRIDE_EMPTY,                     0, JSEXN_TYPEERR, "Backend constructor: hostOverride can not be an empty string")
 MSG_DEF(JSMSG_BACKEND_CERTIFICATE_HOSTNAME_EMPTY,              0, JSEXN_TYPEERR, "Backend constructor: certificateHostname can not be an empty string")
diff --git a/integration-tests/js-compute/fixtures/dynamic-backend/bin/index.js b/integration-tests/js-compute/fixtures/dynamic-backend/bin/index.js
@@ -305,11 +305,50 @@ routes.set('/', () => {
         return pass()
       });
 
-      routes.set("/backend/constructor/parameter-target-property-valid-string", async () => {
-        let error = assertDoesNotThrow(() => {
-          new Backend({ name: 'target-property-valid-string', target: "www.fastly.com" })
-        })
-        if (error) { return error }
+      routes.set("/backend/constructor/parameter-target-property-valid-host", async () => {
+        const targets = [
+          "www.fastly.com",
+          "w-w-w.f-a-s-t-l-y.c-o-m",
+          "a".repeat(63) + ".com",
+          `${"a".repeat(63)}.${"a".repeat(63)}.${"a".repeat(63)}.${"a".repeat(57)}.com`,
+          "ai",
+          "w.a:1",
+          "fastly.com:1",
+          "fastly.com:80",
+          "fastly.com:443",
+          "fastly.com:65535",
+        ];
+        let i = 0;
+        for (const target of targets) {
+          let error = assertDoesNotThrow(() => {
+            new Backend({ name: 'target-property-valid-host-'+i, target })
+          })
+          if (error) { return error }
+          i++;
+        }
+        return pass()
+      });
+      
+      routes.set("/backend/constructor/parameter-target-property-invalid-host", async () => {
+        const targets = [
+          "-www.fastly.com",
+          "www.fastly.com-",
+          "a".repeat(64) + ".com",
+          `${"a".repeat(63)}.${"a".repeat(63)}.${"a".repeat(63)}.${"a".repeat(58)}.com`,
+          "w$.com",
+          "w.a:a",
+          "fastly.com:-1",
+          "fastly.com:0",
+          "fastly.com:65536",
+        ];
+        let i = 0;
+        for (const target of targets) {
+          let error = assertThrows(() => {
+            new Backend({ name: 'target-property-invalid-host-'+i, target })
+          }, TypeError, `Backend constructor: target does not contain a valid IPv4, IPv6, or hostname address`)
+          if (error) { return error }
+          i++;
+        }
         return pass()
       });
     }
