From cb876d2c1ef03aaed23b45c0a3ccf447ae451a22 Mon Sep 17 00:00:00 2001 From: HaiqalAly Date: Sat, 21 Feb 2026 09:58:27 +0700 Subject: [PATCH] fix(uri): update path and query validation to reject DEL character --- src/uri/path.rs | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/src/uri/path.rs b/src/uri/path.rs index 058aae07..e46cc0bc 100644 --- a/src/uri/path.rs +++ b/src/uri/path.rs @@ -63,7 +63,7 @@ impl PathAndQuery { 0x7E => {} // potentially utf8, might not, should check - 0x7F..=0xFF => { + 0x80..=0xFF => { is_maybe_not_utf8 = true; } @@ -99,7 +99,7 @@ impl PathAndQuery { 0x3D | 0x3F..=0x7E => {} - 0x7F..=0xFF => { + 0x80..=0xFF => { is_maybe_not_utf8 = true; } @@ -505,7 +505,7 @@ const fn validate_path_and_query_bytes(bytes: &[u8]) -> Result= 0x7F); + || (b >= 0x80); if !allowed { return Err(PathAndQueryError::InvalidPathChar); @@ -526,7 +526,7 @@ const fn validate_path_and_query_bytes(bytes: &[u8]) -> Result= 0x24 && b <= 0x3B) || b == 0x3D || (b >= 0x3F && b <= 0x7E) - || (b >= 0x7F); + || (b >= 0x80); if !allowed { return Err(PathAndQueryError::InvalidQueryChar); @@ -652,6 +652,16 @@ mod tests { assert_eq!(Some("pizza=🍕"), pq("/test?pizza=🍕").query()); } + #[test] + fn rejects_del_in_path() { + PathAndQuery::try_from(&[b'/', 0x7F][..]).expect_err("reject DEL"); + } + + #[test] + fn rejects_del_in_query() { + PathAndQuery::try_from(&[b'/', b'a', b'?', 0x7F][..]).expect_err("reject DEL"); + } + #[test] fn rejects_invalid_utf8_in_path() { PathAndQuery::try_from(&[b'/', 0xFF][..]).expect_err("reject invalid utf8");