Client URL scheme validation helidon-io#6547

danielkec · Aug 27, 2023 · e7c4c2d · e7c4c2d
1 parent 67f4149
commit e7c4c2d
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 2 deletions.
diff --git a/webclient/api/src/main/java/io/helidon/webclient/api/ClientUri.java b/webclient/api/src/main/java/io/helidon/webclient/api/ClientUri.java
@@ -17,6 +17,7 @@
 package io.helidon.webclient.api;
 
 import java.net.URI;
+import java.util.Set;
 
 import io.helidon.common.uri.UriFragment;
 import io.helidon.common.uri.UriInfo;
@@ -28,6 +29,7 @@
  * URI abstraction for WebClient.
  */
 public class ClientUri implements UriInfo {
+    private static final Set<String> SUPPORTED_SCHEMES = Set.of("http", "https");
     private final UriInfo base;
     private final UriQueryWriteable query;
 
@@ -41,13 +43,15 @@ private ClientUri() {
     }
 
     private ClientUri(ClientUri baseUri) {
+        validateScheme(baseUri.scheme());
         this.base = baseUri;
         this.uriBuilder = UriInfo.builder(base);
         this.skipUriEncoding = baseUri.skipUriEncoding;
         this.query = UriQueryWriteable.create().from(baseUri.query());
     }
 
     private ClientUri(UriInfo baseUri) {
+        validateScheme(baseUri.scheme());
         this.base = baseUri;
         this.uriBuilder = UriInfo.builder(baseUri);
         this.skipUriEncoding = false;
@@ -121,6 +125,7 @@ public URI toUri() {
      * @return updated instance
      */
     public ClientUri scheme(String scheme) {
+        validateScheme(scheme);
         uriBuilder.scheme(scheme);
         return this;
     }
@@ -182,6 +187,7 @@ public ClientUri resolve(URI uri) {
         }
 
         if (uri.getScheme() != null) {
+            validateScheme(uri.getScheme());
             uriBuilder.scheme(uri.getScheme());
         }
         if (uri.getHost() != null) {
@@ -359,4 +365,15 @@ private String resolvePath(String path, String resolvePath) {
                 + "/"
                 + resolvePath;
     }
+
+    private void validateScheme(String scheme){
+        if (!SUPPORTED_SCHEMES.contains(scheme)) {
+            throw new IllegalArgumentException(
+                    String.format("Not supported scheme %s, client supported schemes are: %s",
+                                  scheme,
+                                  String.join(", ", SUPPORTED_SCHEMES)
+                    )
+            );
+        }
+    }
 }
diff --git a/webclient/api/src/test/java/io/helidon/webclient/api/ClientUriTest.java b/webclient/api/src/test/java/io/helidon/webclient/api/ClientUriTest.java
@@ -24,6 +24,7 @@
 
 import static org.hamcrest.CoreMatchers.is;
 import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
 class ClientUriTest {
     @Test
@@ -104,4 +105,12 @@ void testResolveAll() {
         assertThat(helper.port(), is(80));
         assertThat(helper.scheme(), is("https"));
     }
+
+    @Test
+    void testSchemeValidation() {
+        ClientUri validClientUri = ClientUri.create(URI.create("http://localhost"));
+        assertThrows(IllegalArgumentException.class, () -> ClientUri.create(URI.create("ftp://localhost")));
+        assertThrows(IllegalArgumentException.class, () -> validClientUri.scheme("git"));
+        assertThrows(IllegalArgumentException.class, () -> validClientUri.resolve(URI.create("ldap://localhost")));
+    }
 }
diff --git a/webclient/tests/http2/src/test/java/io/helidon/webclient/tests/http2/Http2ClientTest.java b/webclient/tests/http2/src/test/java/io/helidon/webclient/tests/http2/Http2ClientTest.java
@@ -39,7 +39,9 @@
 import java.util.function.Supplier;
 
 import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.startsWith;
 import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.jupiter.api.Assertions.fail;
 
 @ServerTest
 class Http2ClientTest {
@@ -50,10 +52,12 @@ class Http2ClientTest {
     private final Http1Client http1Client;
     private final Supplier<Http2Client> tlsClient;
     private final Supplier<Http2Client> plainClient;
+    private final int tlsPort;
+    private final int plainPort;
 
     Http2ClientTest(WebServer server, Http1Client http1Client) {
-        int plainPort = server.port();
-        int tlsPort = server.port("https");
+        plainPort = server.port();
+        tlsPort = server.port("https");
         this.http1Client = http1Client;
         Tls insecureTls = Tls.builder()
                 // insecure setup, as we have self-signed certificate
@@ -106,6 +110,21 @@ void testHttp1() {
         }
     }
 
+    @Test
+    void testSchemeValidation() {
+        try (var r = Http2Client.builder()
+                .baseUri("test://localhost:" + plainPort + "/")
+                .shareConnectionCache(false)
+                .build()
+                .get("/")
+                .request()) {
+
+            fail("Should have failed because of invalid scheme.");
+        } catch (IllegalArgumentException e) {
+            assertThat(e.getMessage(), startsWith("Not supported scheme test"));
+        }
+    }
+
     @Test
     void testUpgrade() {
         try (Http2ClientResponse response = plainClient.get()