BUG#36105235 Uri_parser fails to parse an URI which contains unescaped '@' character

Paweł Andruszkiewicz · Paweł Andruszkiewicz · commit d4a461ac257d · 2024-09-12T15:32:20.000+02:00
When an URL contained an unescaped '@' character in the target path, i.e.: https://mysql.com/@.manifest.json Uri_parser treated "mysql.com/" as a user name. Slash is not a valid character in a user name, and an exception was thrown. Change-Id: I5a5fa848043029c2cf0a6102a0fe992261c7557d
diff --git a/mysqlshdk/libs/db/uri_parser.cc b/mysqlshdk/libs/db/uri_parser.cc
@@ -808,7 +808,10 @@ void Uri_parser::preprocess(const std::string &input) {
   // It is safe to look for the first @ symbol since before the
   // userinfo@targetinfo the @ should come pct-encoded. i.e. in a password
   position = input.find("@", first_char);
-  if (position != std::string::npos) {
+
+  // BUG#36105235 - make sure that '@' was not found in the path part of query
+  // NOTE: if '/' is not found, second condition is also true
+  if (position != std::string::npos && position < input.find("/", first_char)) {
     if (position > first_char) {
       _chunks[URI_USER_INFO] = {first_char, position - 1};
       first_char = position + 1;
@@ -835,9 +838,9 @@ void Uri_parser::preprocess(const std::string &input) {
   // definition
 
   int path_offset = 0;
-  if (m_type == Type::Generic)
+  if (m_type == Type::Generic) {
     position = input.find("/", first_char);
-  else {
+  } else {
     position = input.rfind("/", last_char);
     path_offset = 1;
   }
diff --git a/unittest/mysqlshdk/libs/db/uri_parser_t.cc b/unittest/mysqlshdk/libs/db/uri_parser_t.cc
@@ -474,6 +474,11 @@ TEST(Uri_parser, parse_user_info) {
   validate_bad_uri("ssh://user%2Aname:p@ssword@mysql.com",
                    "Illegal character [@] found at position 26", Type::Ssh);
   validate_bad_uri("ssh://:password@mysql.com", "Missing user name", Type::Ssh);
+
+  // BUG#36105235 - an unescaped '@' character in the target path
+  validate_uri("mysqlx://mysql.com/@.manifest.json", "mysqlx", NO_USER,
+               NO_PASSWORD, "mysql.com", NO_PORT, NO_SOCK, "@.manifest.json",
+               HAS_NO_PASSWORD, HAS_NO_PORT, Transport_type::Tcp, false);
 }
 
 TEST(Uri_parser, parse_host_name) {
