Merge pull request #130 from postmanlabs/feature/fix-extra-slashes

Parser: remove leading slashes before extracting path

Author: codenirvana

CHANGELOG.yaml

@@ -1,4 +1,8 @@
 unreleased:
+  fixed bugs:
+    - >-
+      GH-130 Fixed a bug where extra slashes and backslashes in the protocol are
+      not handled correctly
   chores:
     - Added secure codecov publish script
     - Updated dependencies

parser/index.js

@@ -215,6 +215,8 @@ function parse (urlString) {
 
     // 4. url.path
     urlString = urlString.replace(/\\/g, '/'); // sanitize path
+    urlString = urlString.replace(/^\/+/, ''); // remove leading slashes
+
     if ((index = urlString.indexOf(PATH_SEPARATOR)) !== -1) {
         // extract from the back
         url.path.value = urlString.slice(index + 1).split(PATH_SEPARATOR);

test/unit/parser/parser.test.js

@@ -228,6 +228,42 @@ describe('parser', function () {
             });
         });
 
+        it('should handle extra slashes after protocol', function () {
+            expect(parser.parse('http:////localhost')).to.deep.include({
+                raw: 'http:////localhost',
+                protocol: 'http',
+                host: ['localhost'],
+                path: undefined
+            });
+        });
+
+        it('should handle extra backslashes after protocol', function () {
+            expect(parser.parse('http:\\\\\\\\localhost')).to.deep.include({
+                raw: 'http:\\\\\\\\localhost',
+                protocol: 'http',
+                host: ['localhost'],
+                path: undefined
+            });
+        });
+
+        it('should handle leading slashes', function () {
+            expect(parser.parse('//localhost/foo')).to.deep.include({
+                raw: '//localhost/foo',
+                protocol: undefined,
+                host: ['localhost'],
+                path: ['foo']
+            });
+        });
+
+        it('should handle leading backslashes', function () {
+            expect(parser.parse('\\\\localhost\\foo')).to.deep.include({
+                raw: '\\\\localhost\\foo',
+                protocol: undefined,
+                host: ['localhost'],
+                path: ['foo']
+            });
+        });
+
         it('should return default object for empty string input', function () {
             expect(parser.parse('')).to.deep.include(defaultObject);
             expect(parser.parse('  ')).to.deep.include(defaultObject);

test/unit/toNodeUrl.test.js

@@ -705,5 +705,49 @@ describe('.toNodeUrl', function () {
                 hostname: 'postman.com`f.society.org'
             });
         });
+
+        // Refer: https://huntr.dev/bounties/1625732310186-postmanlabs/postman-url-encoder/
+        it('should handle extra backslashes in protocol', function () {
+            expect(toNodeUrl('https:////example.com/foo/bar')).to.include({
+                protocol: 'https:',
+                host: 'example.com',
+                hostname: 'example.com',
+                pathname: '/foo/bar',
+                href: 'https://example.com/foo/bar'
+            });
+
+            expect(toNodeUrl('https:\\\\\\example.com/foo/bar')).to.include({
+                protocol: 'https:',
+                host: 'example.com',
+                hostname: 'example.com',
+                pathname: '/foo/bar',
+                href: 'https://example.com/foo/bar'
+            });
+
+            expect(toNodeUrl('https:///\\example.com/foo/bar')).to.include({
+                protocol: 'https:',
+                host: 'example.com',
+                hostname: 'example.com',
+                pathname: '/foo/bar',
+                href: 'https://example.com/foo/bar'
+            });
+
+            expect(toNodeUrl('////example.com/foo/bar')).to.include({
+                protocol: 'http:',
+                host: 'example.com',
+                hostname: 'example.com',
+                pathname: '/foo/bar',
+                href: 'http://example.com/foo/bar'
+            });
+
+            // eslint-disable-next-line no-useless-escape
+            expect(toNodeUrl('https:/\/\/\example.com/foo/bar')).to.include({
+                protocol: 'https:',
+                host: 'example.com',
+                hostname: 'example.com',
+                pathname: '/foo/bar',
+                href: 'https://example.com/foo/bar'
+            });
+        });
     });
 });