http, utility: Fix unicode URL parsing #12324
Conversation
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
| urls = ["https://storage.googleapis.com/quiche-envoy-integration/googleurl_6dafefa72cba2ab2ba4922d17a30618e9617c7cf.tar.gz"], | ||
| sha256 = "b8ca343feb9aedf29259f25169deb70f93a151a2e4713be97d0da2c5e3737e18", | ||
| strip_prefix = "quiche-googleurl-1bd6372fe3d267b2790ba76a49290b8a0b2df46c", | ||
| urls = ["https://github.com/dio/quiche-googleurl/archive/1bd6372fe3d267b2790ba76a49290b8a0b2df46c.tar.gz"], |
There was a problem hiding this comment.
Will update this when we have an agreement on how we do snapshot for googleurl release.
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
dio
changed the title
There was a problem hiding this comment.
@lizan would you be up for reviewing the build magic? I'm happy to do cross-company sign-off as long as it lands by tomorrow :-)
| @@ -1289,6 +1289,9 @@ TEST(Url, ParsingTest) { | |||
| // Test url with non-default ports. | |||
| validateUrl("https://www.host.com:8443", "https", "www.host.com:8443", "/", 8443); | |||
| validateUrl("http://www.host.com:8080", "http", "www.host.com:8080", "/", 8080); | |||
|
|
|||
| // Make sure we survive parsing unicode URL. | |||
| validateUrl("https://\xe5\x85\x89.example/", "https", "xn--54q.example", "/", 443); | |||
There was a problem hiding this comment.
So what was the prior behavior? Would all unicode URLs be deemed invalid? If so I think this merits guarding in case upstreams can't handle unicode and the change in Envoy validation causes problems. If some unicode URLS passed through previously maybe it doesn't make enough difference to merit the guard. WDYT?
Either way probably worth a release note.
There was a problem hiding this comment.
Would all unicode URLs be deemed invalid?
Unicode host name segments of URI's are invalid, at the transport level.
Unicode -> PunyCode. The resulting URI is a valid hostname by the DNS spec.
There was a problem hiding this comment.
@dio In what circumstances we would get unicode URL in non-punycode format? I'm confused why we need handling that.
There was a problem hiding this comment.
Sorry for the confusion. This is motivated by porting the test case from https://quiche.googlesource.com/googleurl/+/refs/heads/master/test/basic_test.cc#31.
I think It is possible if we want to process input from config or logging. However, if this is not a valid use case. I can skip checking for this one.
|
This is sort of confusing to me. Why would envoy be handling UI-representations, and not transport URI in these particular cases (punycode, for example)? What's the use case? |
|
@wrowe I'm moving the test from https://quiche.googlesource.com/googleurl/+/refs/heads/master/test/basic_test.cc#31 do you think it is not necessary? Or impossible to happen? |
|
I'm asking, what's the use case? URI at the transport layer aren't presentation elements, they are opaque octets, except as bound by specific RFC's on an element-by-element basis. For example, scheme is very well understood and constrained by familiar ASCII tokens. Hostname must confirm to the DNS spec. We aren't a user agent, so don't care to transform a URI bar, such as in chromium, via punycode, into a valid DNS hostname... Or do we? And when? |
| @@ -1289,6 +1289,9 @@ TEST(Url, ParsingTest) { | |||
| // Test url with non-default ports. | |||
| validateUrl("https://www.host.com:8443", "https", "www.host.com:8443", "/", 8443); | |||
| validateUrl("http://www.host.com:8080", "http", "www.host.com:8080", "/", 8080); | |||
|
|
|||
| // Make sure we survive parsing unicode URL. | |||
| validateUrl("https://\xe5\x85\x89.example/", "https", "xn--54q.example", "/", 443); | |||
There was a problem hiding this comment.
@dio In what circumstances we would get unicode URL in non-punycode format? I'm confused why we need handling that.
| urls = ["https://github.com/unicode-org/icu/archive/release-64-2.tar.gz"], | ||
| strip_prefix = "icu", | ||
| sha256 = "94a80cd6f251a53bd2a997f6f1b5ac6653fe791dfab66e1eb0227740fb86d5dc", | ||
| # 2020-04-23 |
There was a problem hiding this comment.
no need date for versioned release.
| @@ -0,0 +1,60 @@ | |||
| diff --git a/icu4c/source/common/udata.cpp b/icu4c/source/common/udata.cpp | |||
There was a problem hiding this comment.
Add comment what this patch do and why it is needed.
|
@lizan let me try to make it work for windows to generate ICU data. The generated gzip file was added since I wasn't sure how to do that in windows. Otherwise, probably I can just submit the *.c code. |
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
|
Seems like we don't really need to embed ICU data for now. I'm closing this and opening #12376 as a PR for updating ICU (to 67.1) and googleurl versions. |
Commit Message: Using the current version of
googleurlandICU, in combination with how we build it, we fail on initializing GURL with a unicode URL. This patch temporarily uses a mirror of https://quiche.googlesource.com/googleurl forgoogleurland updateICUto 67.1 to enable unicode URL parsing.This also introduces
tools/generate_data.shto facilitate generating a different set of ICU data, via editingtools/icu/filters.json.Signed-off-by: Dhi Aurrahman dio@tetrate.io
Additional Description: This requires a "manual" step to generate ICU data since I'm not sure on how to do proper setup (genrule) for Windows.
Risk Level: Low
Testing: Added.
Docs Changes: N/A
Release Notes: N/A
Fixes: #12015