add endpoint check.

oss_c_sdk/oss_util.c

@@ -1002,6 +1002,11 @@ aos_status_t *oss_process_request(const oss_request_options_t *options,
         return s;
     }
 
+    if (!oss_is_valid_host(req->host)) {
+        aos_status_set(s, AOSE_INVALID_ARGUMENT, AOS_CLIENT_ERROR_CODE, "The endpoint is invalid.");
+        return s;
+    }
+
     return oss_send_request(options->ctl, req, resp);
 }
 
@@ -1529,4 +1534,48 @@ aos_status_t *oss_get_bucket_name_invalid_error()
     return &oss_bucket_name_invalid_error;
 }
 
+int oss_is_valid_host(const char *host)
+{
+    //format like: userinfo@host:port, just check host
+    const char *ptr;
+    const char *prevptr;
+    if (host == NULL) {
+        return 0;
+    }
+
+    prevptr = host;
+    //find @
+    for (ptr = prevptr; *ptr != '\0'; ptr++) {
+        if (*ptr == '@') {
+            prevptr = ptr + 1;
+            break;
+        }
+    }
+
+    //find :
+    for (ptr = prevptr; *ptr != '\0'; ptr++) {
+        if (*ptr == ':') {
+            break;
+        }
+    }
+
+    if (prevptr == ptr) {
+        return 0;
+    }
+
+    while (prevptr != ptr) {
+        char c = *prevptr;
+        if (!((c >= 'a' && c <= 'z') ||
+            (c >= '0' && c <= '9') ||
+            (c >= 'A' && c <= 'Z') ||
+            (c == '_') ||
+            (c == '-') ||
+            (c == '.'))) {
+            return 0;
+        }
+        prevptr++;
+    }
+
+    return 1;
+}
 

oss_c_sdk/oss_util.h

@@ -418,6 +418,12 @@ aos_status_t *oss_get_bucket_name_invalid_error();
         } \
     } while(0) 
 
+/**
+  * @brief  check if the host is valid.
+**/
+int oss_is_valid_host(const char *host);
+
+
 OSS_CPP_END
 
 #endif

oss_c_sdk_test/test_aos.c

@@ -1673,6 +1673,47 @@ void test_oss_fill_read_response_header(CuTest *tc) {
 }
 
 
+static void test_oss_is_valid_host(CuTest *tc) {
+    int i;
+    const char *valid_host[] =
+    {
+        "www.test.com:8192",
+        "www.test.com",
+        "test:[email protected]:80",
+        "test:[email protected]",
+        "192.168.1.1:8192",
+        "192.168.1.1",
+        "test:[email protected]:8192",
+        "test:[email protected]",
+        "www.test-inc_CN.com",
+        "a"
+    };
+
+    const char *invalid_host[] =
+    {
+        "www.test.com#www.test.cn:8192",
+        "test:[email protected]#www.test.cn:8192",
+        "www.test.com#www.test.cn",
+        "www.test.com\\www.test.cn",
+        "",
+        ":",
+        "@:",
+        NULL
+    };
+
+    for (i = 0; i < sizeof(valid_host) / sizeof(valid_host[0]); i++) {
+        CuAssertIntEquals(tc, 1, oss_is_valid_host(valid_host[i]));
+    }
+    CuAssertIntEquals(tc, 10, i);
+
+    for (i = 0; i < sizeof(invalid_host) / sizeof(invalid_host[0]); i++) {
+        CuAssertIntEquals(tc, 0, oss_is_valid_host(invalid_host[i]));
+    }
+    CuAssertIntEquals(tc, 8, i);
+
+    printf("%s ok\n", __FUNCTION__);
+}
+
 CuSuite *test_aos()
 {
     CuSuite* suite = CuSuiteNew();
@@ -1745,6 +1786,7 @@ CuSuite *test_aos()
     SUITE_ADD_TEST(suite, test_oss_preprocess_endpoint);
     SUITE_ADD_TEST(suite, test_oss_fill_read_response_header);
     SUITE_ADD_TEST(suite, test_oss_get_host_from_authority);
-
+    SUITE_ADD_TEST(suite, test_oss_is_valid_host);
+
     return suite;
 }

oss_c_sdk_test/test_oss_object.c

@@ -1844,6 +1844,61 @@ void test_get_object_to_buffer_use_invalid_sts(CuTest *tc)
 
 }
 
+void test_object_with_invalid_endpoint(CuTest *tc)
+{
+    aos_pool_t *p = NULL;
+    aos_string_t bucket;
+    char *object_name = "video_1.ts";
+    aos_string_t object;
+    int is_cname = 0;
+    oss_request_options_t *options = NULL;
+    aos_table_t *headers = NULL;
+    aos_table_t *params = NULL;
+    aos_table_t *resp_headers = NULL;
+    aos_status_t *s = NULL;
+    aos_list_t buffer;
+    char endpoint_buf[256];
+
+    aos_pool_create(&p, NULL);
+    options = oss_request_options_create(p);
+    init_test_request_options(options, is_cname);
+
+    aos_str_set(&bucket, TEST_BUCKET_NAME);
+    aos_str_set(&object, object_name);
+    aos_list_init(&buffer);
+
+    aos_str_set(&options->config->endpoint, "www.test.com\\www.aliyuncs.com");
+    s = oss_get_object_to_buffer(options, &bucket, &object, headers,
+        params, &buffer, &resp_headers);
+    CuAssertIntEquals(tc, AOSE_INVALID_ARGUMENT, s->code);
+    CuAssertStrEquals(tc, AOS_CLIENT_ERROR_CODE, s->error_code);
+    CuAssertStrEquals(tc, "The endpoint is invalid.", s->error_msg);
+
+    aos_str_set(&options->config->endpoint, "test:[email protected]*www.aliyuncs.com:80");
+    s = oss_get_object_to_buffer(options, &bucket, &object, headers,
+        params, &buffer, &resp_headers);
+    CuAssertIntEquals(tc, AOSE_INVALID_ARGUMENT, s->code);
+    CuAssertStrEquals(tc, AOS_CLIENT_ERROR_CODE, s->error_code);
+    CuAssertStrEquals(tc, "The endpoint is invalid.", s->error_msg);
+
+    aos_str_set(&options->config->endpoint, "www.test.com*www.aliyuncs.com");
+    s = oss_get_object_to_buffer(options, &bucket, &object, headers,
+        params, &buffer, &resp_headers);
+    CuAssertIntEquals(tc, AOSE_INVALID_ARGUMENT, s->code);
+    CuAssertStrEquals(tc, AOS_CLIENT_ERROR_CODE, s->error_code);
+    CuAssertStrEquals(tc, "The endpoint is invalid.", s->error_msg);
+
+    sprintf(endpoint_buf, "%s:80/test?x=1#segment", TEST_OSS_ENDPOINT);
+    aos_str_set(&options->config->endpoint, endpoint_buf);
+    s = oss_get_object_to_buffer(options, &bucket, &object, headers,
+        params, &buffer, &resp_headers);
+    CuAssertIntEquals(tc, 200, s->code);
+
+    aos_pool_destroy(p);
+
+    printf("test_object_with_invalid_endpoint ok\n");
+
+}
 
 
 CuSuite *test_oss_object()
@@ -1889,6 +1944,7 @@ CuSuite *test_oss_object()
     SUITE_ADD_TEST(suite, test_object_invalid_parameter);
     SUITE_ADD_TEST(suite, test_get_object_to_buffer_with_maxbuffersize);
     SUITE_ADD_TEST(suite, test_get_object_to_buffer_use_invalid_sts);
+    SUITE_ADD_TEST(suite, test_object_with_invalid_endpoint);
     SUITE_ADD_TEST(suite, test_object_cleanup); 
 
     return suite;