fix(ext/fetch): Guard against invalid URL before its used by reqwest (#17164)

2024-11-25 15:29:32 -05:00 · 2022-12-23 17:39:14 +01:00 · 2022-12-23 17:39:14 +01:00 · 2a61b5fdd4
commit 2a61b5fdd4
parent e58cdbcb4b
2 changed files with 20 additions and 1 deletions
--- a/cli/tests/unit/fetch_test.ts
+++ b/cli/tests/unit/fetch_test.ts
@ -93,6 +93,19 @@ Deno.test(
  },
 );
 Deno.test(
  { permissions: { net: true } },
  async function fetchMalformedUriError() {
    await assertRejects(
      async () => {
        const url = new URL("http://{{google/");
        await fetch(url);
      },
      TypeError,
    );
  },
 );
 Deno.test({ permissions: { net: true } }, async function fetchJsonSuccess() {
  const response = await fetch("http://localhost:4545/assets/fixture.json");
  const json = await response.json();
--- a/ext/fetch/lib.rs
+++ b/ext/fetch/lib.rs
@ -31,7 +31,7 @@ use deno_core::ResourceId;
 use deno_core::ZeroCopyBuf;
 use deno_tls::rustls::RootCertStore;
 use deno_tls::Proxy;
-use http::header::CONTENT_LENGTH;
+use http::{header::CONTENT_LENGTH, Uri};
 use reqwest::header::HeaderMap;
 use reqwest::header::HeaderName;
 use reqwest::header::HeaderValue;
@ -252,6 +252,12 @@ where
      let permissions = state.borrow_mut::<FP>();
      permissions.check_net_url(&url, "fetch()")?;
      // Make sure that we have a valid URI early, as reqwest's `RequestBuilder::send`
      // internally uses `expect_uri`, which panics instead of returning a usable `Result`.
      if url.as_str().parse::<Uri>().is_err() {
        return Err(type_error("Invalid URL"));
      }
      let mut request = client.request(method.clone(), url);
      let request_body_rid = if has_body {