From d96c44e542204016e6ac00e9420b8a943e9eca06 Mon Sep 17 00:00:00 2001 From: MattMo Date: Wed, 28 Jun 2023 17:41:31 -0700 Subject: [PATCH 1/2] Working on code and tests for a serve file extension to make developing a small web server easier. --- Rest.Net.Tests/ServeFileTests.cs | 42 +++++++ Rest.Net/HttpListenerResponseExtensions.cs | 124 +++++++++++++++++++-- Rest.Net/StringExtensions.cs | 34 ++++++ 3 files changed, 192 insertions(+), 8 deletions(-) create mode 100644 Rest.Net.Tests/ServeFileTests.cs diff --git a/Rest.Net.Tests/ServeFileTests.cs b/Rest.Net.Tests/ServeFileTests.cs new file mode 100644 index 0000000..9035abe --- /dev/null +++ b/Rest.Net.Tests/ServeFileTests.cs @@ -0,0 +1,42 @@ +using System; +using System.Collections.Generic; +using System.IO; +using System.Linq; +using System.Text; +using System.Threading.Tasks; +using FluentAssertions; +using MontoyaTech.Rest.Net; +using Xunit; + +namespace Rest.Net.Tests +{ + public class ServeFileTests + { + public string TestDirectory = null; + + public string TestFile = null; + + public ServeFileTests() + { + this.TestDirectory = Path.Combine(Environment.CurrentDirectory, "test/"); + + if (!Directory.Exists(this.TestDirectory)) + Directory.CreateDirectory(this.TestDirectory); + + this.TestFile = Path.Combine(this.TestDirectory, "test.html"); + + if (!File.Exists(this.TestFile)) + File.WriteAllText(this.TestFile, "hello world"); + } + + [Fact] + public void ServeMultipleShouldWorkForFiles() + { + HttpListenerResponseExtensions.ResolveMultiPagePath(Path.Combine(Environment.CurrentDirectory, "test"), "../../test.html", null, out string resolvedPath, out bool isDirecotry).Should().BeTrue(); + + isDirecotry.Should().BeFalse(); + + resolvedPath.Should().BeEquivalentTo(this.TestFile); + } + } +} diff --git a/Rest.Net/HttpListenerResponseExtensions.cs b/Rest.Net/HttpListenerResponseExtensions.cs index 56a5bca..96a7a8e 100644 --- a/Rest.Net/HttpListenerResponseExtensions.cs +++ b/Rest.Net/HttpListenerResponseExtensions.cs @@ -501,21 +501,129 @@ namespace MontoyaTech.Rest.Net /// /// Sets the response to serve a file in the context of a multi page application. /// - /// - /// - /// - public static HttpListenerResponse ServeMultiPage(this HttpListenerResponse response, HttpListenerRequest request) + /// The response to modify + /// The base path where to serve files from + /// The request to serve + /// The name of the index file, default is index.html + /// The modified response + public static HttpListenerResponse ServeMultiPage(this HttpListenerResponse response, string basePath, HttpListenerRequest request, string indexFile = "index.html") { + if (ResolveMultiPagePath(basePath, request.Url.LocalPath, indexFile, out string resolvedPath, out bool isDirectory)) + { + if (isDirectory) + { + return response.WithNoBody().WithStatus(HttpStatusCode.NoContent); + } + else + { + if (request.HttpMethod.Equals("head", StringComparison.CurrentCultureIgnoreCase)) + return response.WithNoBody().WithStatus(HttpStatusCode.NoContent); + else + return response.WithStatus(HttpStatusCode.OK).WithFile(resolvedPath); + } + } + else + { + return response.WithStatus(HttpStatusCode.NotFound); + } + } + + internal static bool ResolveMultiPagePath(string basePath, string requestPath, string indexFile, out string resolvedPath, out bool isDirectory) + { + resolvedPath = null; + + isDirectory = false; + + var relativePath = Path.GetRelativePath(basePath, requestPath); + + if (string.IsNullOrWhiteSpace(relativePath) || relativePath == ".") + relativePath = indexFile; + + var absolutePath = Path.Combine(basePath, relativePath); + + if (File.Exists(absolutePath)) + { + resolvedPath = absolutePath; + + return true; + } + else if (Directory.Exists(absolutePath)) + { + resolvedPath = absolutePath; + + isDirectory = true; + + return true; + } + else + { + return false; + } } /// /// Sets the response to serve a file in the context of a single page application. /// - /// - /// - /// - public static HttpListenerResponse ServeSinglePage(this HttpListenerResponse response, HttpListenerRequest request) + /// The response to modify + /// The base path where to serve files from + /// The request to serve + /// The name of the index file, default is index.html + /// The modified response + public static HttpListenerResponse ServeSinglePage(this HttpListenerResponse response, string basePath, HttpListenerRequest request, string indexFile = "index.html") { + var relativePath = Path.GetRelativePath(basePath, request.Url.LocalPath); + + if (string.IsNullOrWhiteSpace(relativePath) || relativePath == ".") + relativePath = indexFile; + + var absolutePath = Path.Combine(basePath, relativePath); + + if (File.Exists(absolutePath)) + { + if (request.HttpMethod.Equals("head", StringComparison.CurrentCultureIgnoreCase)) + return response.WithNoBody().WithStatus(HttpStatusCode.NoContent); + else + return response.WithStatus(HttpStatusCode.OK).WithFile(absolutePath); + } + else if (Directory.Exists(absolutePath)) + { + return response.WithNoBody().WithStatus(HttpStatusCode.NoContent); + } + else + { + var components = relativePath.Split(new char[] { '/', '\\' }, StringSplitOptions.RemoveEmptyEntries).ToList(); + + while (components.Count > 0) + { + string path = Path.Combine(basePath, components[0]); + + if (File.Exists(path) || Directory.Exists(path)) + break; + else + components.RemoveAt(0); + } + + if (components.Count == 0) + return response.WithStatus(HttpStatusCode.NotFound); + + var combined = Path.Combine(basePath, components.Separate(Path.PathSeparator)); + + if (File.Exists(combined)) + { + if (request.HttpMethod.Equals("head", StringComparison.CurrentCultureIgnoreCase)) + return response.WithNoBody().WithStatus(HttpStatusCode.NoContent); + else + return response.WithStatus(HttpStatusCode.OK).WithFile(absolutePath); + } + else if (Directory.Exists(combined)) + { + return response.WithNoBody().WithStatus(HttpStatusCode.NoContent); + } + else + { + return response.WithStatus(HttpStatusCode.NotFound); + } + } } } } diff --git a/Rest.Net/StringExtensions.cs b/Rest.Net/StringExtensions.cs index d3bcbd0..35c771e 100644 --- a/Rest.Net/StringExtensions.cs +++ b/Rest.Net/StringExtensions.cs @@ -18,5 +18,39 @@ namespace MontoyaTech.Rest.Net return count; } + + public static string Separate(this IList input, char separator) + { + if (input == null || input.Count == 0) + return null; + else if (input.Count < 2) + return input[0]; + + var builder = new StringBuilder(); + + builder.Append(input[0]); + + for (int i = 1; i < input.Count; i++) + builder.Append(separator).Append(input[1]); + + return builder.ToString(); + } + + public static string Separate(this IList input, string separator) + { + if (input == null || input.Count == 0) + return null; + else if (input.Count < 2) + return input[0]; + + var builder = new StringBuilder(); + + builder.Append(input[0]); + + for (int i = 1; i < input.Count; i++) + builder.Append(separator).Append(input[1]); + + return builder.ToString(); + } } } -- 2.34.1 From c2f60ff19f8c97e11f321974e639469b2fd067a4 Mon Sep 17 00:00:00 2001 From: MattMo Date: Wed, 28 Jun 2023 18:37:46 -0700 Subject: [PATCH 2/2] Bumped package version to 1.6.3. Added unit tests for serving files. Fixed issues and improved the security of the serve file extensions and the ability to compress files. --- Rest.Net.Tests/ServeFileTests.cs | 79 ++++++++- Rest.Net/HttpListenerResponseExtensions.cs | 189 +++++++++++++++++---- Rest.Net/Rest.Net.csproj | 2 +- Rest.Net/StringExtensions.cs | 4 +- 4 files changed, 231 insertions(+), 43 deletions(-) diff --git a/Rest.Net.Tests/ServeFileTests.cs b/Rest.Net.Tests/ServeFileTests.cs index 9035abe..77478fa 100644 --- a/Rest.Net.Tests/ServeFileTests.cs +++ b/Rest.Net.Tests/ServeFileTests.cs @@ -12,29 +12,98 @@ namespace Rest.Net.Tests { public class ServeFileTests { + public string BaseDirectory = null; + public string TestDirectory = null; public string TestFile = null; public ServeFileTests() { - this.TestDirectory = Path.Combine(Environment.CurrentDirectory, "test/"); + this.BaseDirectory = Path.Combine(Environment.CurrentDirectory, "test"); + + if (!Directory.Exists(this.BaseDirectory)) + Directory.CreateDirectory(this.BaseDirectory); + + this.TestDirectory = Path.Combine(this.BaseDirectory, "test2"); if (!Directory.Exists(this.TestDirectory)) Directory.CreateDirectory(this.TestDirectory); - this.TestFile = Path.Combine(this.TestDirectory, "test.html"); + this.TestFile = Path.Combine(this.BaseDirectory, "test.html"); if (!File.Exists(this.TestFile)) File.WriteAllText(this.TestFile, "hello world"); } [Fact] - public void ServeMultipleShouldWorkForFiles() + public void ServeMultiple_File_ShouldWork() { - HttpListenerResponseExtensions.ResolveMultiPagePath(Path.Combine(Environment.CurrentDirectory, "test"), "../../test.html", null, out string resolvedPath, out bool isDirecotry).Should().BeTrue(); + HttpListenerResponseExtensions.ResolveMultiPagePath(this.BaseDirectory, "/test.html", null, out string resolvedPath, out bool isDirectory).Should().BeTrue(); - isDirecotry.Should().BeFalse(); + isDirectory.Should().BeFalse(); + + resolvedPath.Should().BeEquivalentTo(this.TestFile); + } + + [Fact] + public void ServeMultiple_Directory_ShouldWork() + { + HttpListenerResponseExtensions.ResolveMultiPagePath(this.BaseDirectory, "/test2", null, out string resolvedPath, out bool isDirectory).Should().BeTrue(); + + isDirectory.Should().BeTrue(); + + resolvedPath.Should().BeEquivalentTo(this.TestDirectory); + } + + [Fact] + public void ServeMultiple_NavigatingUp_Should_NotWork() + { + HttpListenerResponseExtensions.ResolveMultiPagePath(this.BaseDirectory, "../test.html", null, out string resolvedPath, out bool isDirectory).Should().BeFalse(); + } + + [Fact] + public void ServeMultiple_Correct_NavigatingUp_Should_Work() + { + HttpListenerResponseExtensions.ResolveMultiPagePath(this.BaseDirectory, "a/b/../../test.html", null, out string resolvedPath, out bool isDirectory).Should().BeTrue(); + + isDirectory.Should().BeFalse(); + + resolvedPath.Should().BeEquivalentTo(this.TestFile); + } + + [Fact] + public void ServeMultiple_NavigatingUp_Multiple_Should_NotWork() + { + HttpListenerResponseExtensions.ResolveMultiPagePath(this.BaseDirectory, "test/../../test.html", null, out string resolvedPath, out bool isDirectory).Should().BeFalse(); + } + + [Fact] + public void ServeSingle_File_ShouldWork() + { + HttpListenerResponseExtensions.ResolveSinglePagePath(this.BaseDirectory, "/test.html", null, out string resolvedPath, out bool isDirectory).Should().BeTrue(); + + isDirectory.Should().BeFalse(); + + resolvedPath.Should().BeEquivalentTo(this.TestFile); + } + + [Fact] + public void ServeSingle_Directory_ShouldWork() + { + HttpListenerResponseExtensions.ResolveSinglePagePath(this.BaseDirectory, "/test2", null, out string resolvedPath, out bool isDirectory).Should().BeTrue(); + + isDirectory.Should().BeTrue(); + + resolvedPath.Should().BeEquivalentTo(this.TestDirectory); + } + + [Fact] + public void ServeSingle_File_Route_ShouldWork() + { + HttpListenerResponseExtensions.ResolveSinglePagePath(this.BaseDirectory, "/a/b/test.html", null, out string resolvedPath, out bool isDirectory).Should().BeTrue(); + + isDirectory.Should().BeFalse(); resolvedPath.Should().BeEquivalentTo(this.TestFile); } diff --git a/Rest.Net/HttpListenerResponseExtensions.cs b/Rest.Net/HttpListenerResponseExtensions.cs index 96a7a8e..bbff058 100644 --- a/Rest.Net/HttpListenerResponseExtensions.cs +++ b/Rest.Net/HttpListenerResponseExtensions.cs @@ -505,8 +505,10 @@ namespace MontoyaTech.Rest.Net /// The base path where to serve files from /// The request to serve /// The name of the index file, default is index.html + /// Whether or not to compress files served. Default is false. + /// A collection of file extensions that should be compressed, example: .jpg, default is null. If and compress is true, all files will be compressed. /// The modified response - public static HttpListenerResponse ServeMultiPage(this HttpListenerResponse response, string basePath, HttpListenerRequest request, string indexFile = "index.html") + public static HttpListenerResponse ServeMultiPage(this HttpListenerResponse response, string basePath, HttpListenerRequest request, string indexFile = "index.html", bool compress = false, HashSet compressExtensions = null) { if (ResolveMultiPagePath(basePath, request.Url.LocalPath, indexFile, out string resolvedPath, out bool isDirectory)) { @@ -517,9 +519,16 @@ namespace MontoyaTech.Rest.Net else { if (request.HttpMethod.Equals("head", StringComparison.CurrentCultureIgnoreCase)) + { return response.WithNoBody().WithStatus(HttpStatusCode.NoContent); + } else - return response.WithStatus(HttpStatusCode.OK).WithFile(resolvedPath); + { + if (compress && (compressExtensions == null || compressExtensions.Contains(Path.GetExtension(resolvedPath)))) + return response.WithStatus(HttpStatusCode.OK).WithCompressedFile(resolvedPath); + else + return response.WithStatus(HttpStatusCode.OK).WithFile(resolvedPath); + } } } else @@ -534,12 +543,48 @@ namespace MontoyaTech.Rest.Net isDirectory = false; - var relativePath = Path.GetRelativePath(basePath, requestPath); + //If the requestPath is pointing to nothing change that to the index file. + if (string.IsNullOrWhiteSpace(requestPath) || requestPath == "/" || requestPath == ".") + requestPath = indexFile; - if (string.IsNullOrWhiteSpace(relativePath) || relativePath == ".") - relativePath = indexFile; + //Break th erequest path into it's components so we can enfore staying in the base path. + var components = requestPath.Split(new char[] { '/', '\\' }, StringSplitOptions.RemoveEmptyEntries).ToList(); - var absolutePath = Path.Combine(basePath, relativePath); + for (int i = 0; i < components.Count; i++) + { + if (components[i].Trim() == "..") + { + components.RemoveAt(i--); + + if (i >= 0) + components.RemoveAt(i--); + else + return false; //Trying to jump outside of basePath + } + else if (components[i].Trim() == "...") + { + components.RemoveAt(i--); + + if (i >= 0) + components.RemoveAt(i--); + else + return false; //Trying to jump outside of basePath + + if (i >= 0) + components.RemoveAt(i--); + else + return false; //Trying to jump outside of basePath + } + else if (components[i].Trim() == ".") + { + components.RemoveAt(i--); + } + } + + if (components.Count == 0) + return false; + + var absolutePath = Path.Combine(basePath, components.Separate(Path.DirectorySeparatorChar)); if (File.Exists(absolutePath)) { @@ -568,31 +613,104 @@ namespace MontoyaTech.Rest.Net /// The base path where to serve files from /// The request to serve /// The name of the index file, default is index.html + /// Whether or not to compress files served. Default is false. + /// A collection of file extensions that should be compressed, example: .jpg, default is null. If and compress is true, all files will be compressed. /// The modified response - public static HttpListenerResponse ServeSinglePage(this HttpListenerResponse response, string basePath, HttpListenerRequest request, string indexFile = "index.html") + public static HttpListenerResponse ServeSinglePage(this HttpListenerResponse response, string basePath, HttpListenerRequest request, string indexFile = "index.html", bool compress = false, HashSet compressExtensions = null) { - var relativePath = Path.GetRelativePath(basePath, request.Url.LocalPath); - - if (string.IsNullOrWhiteSpace(relativePath) || relativePath == ".") - relativePath = indexFile; - - var absolutePath = Path.Combine(basePath, relativePath); - - if (File.Exists(absolutePath)) + if (ResolveSinglePagePath(basePath, request.Url.LocalPath, indexFile, out string resolvedPath, out bool isDirectory)) { - if (request.HttpMethod.Equals("head", StringComparison.CurrentCultureIgnoreCase)) + if (isDirectory) + { return response.WithNoBody().WithStatus(HttpStatusCode.NoContent); + } else - return response.WithStatus(HttpStatusCode.OK).WithFile(absolutePath); - } - else if (Directory.Exists(absolutePath)) - { - return response.WithNoBody().WithStatus(HttpStatusCode.NoContent); + { + if (request.HttpMethod.Equals("head", StringComparison.CurrentCultureIgnoreCase)) + { + return response.WithNoBody().WithStatus(HttpStatusCode.NoContent); + } + else + { + if (compress && (compressExtensions == null || compressExtensions.Contains(Path.GetExtension(resolvedPath)))) + return response.WithStatus(HttpStatusCode.OK).WithCompressedFile(resolvedPath); + else + return response.WithStatus(HttpStatusCode.OK).WithFile(resolvedPath); + } + } } else { - var components = relativePath.Split(new char[] { '/', '\\' }, StringSplitOptions.RemoveEmptyEntries).ToList(); + return response.WithStatus(HttpStatusCode.NotFound); + } + } + internal static bool ResolveSinglePagePath(string basePath, string requestPath, string indexFile, out string resolvedPath, out bool isDirectory) + { + resolvedPath = null; + + isDirectory = false; + + //If the requestPath is pointing to nothing change that to the index file. + if (string.IsNullOrWhiteSpace(requestPath) || requestPath == "/" || requestPath == ".") + requestPath = indexFile; + + //Break th erequest path into it's components so we can enfore staying in the base path. + var components = requestPath.Split(new char[] { '/', '\\' }, StringSplitOptions.RemoveEmptyEntries).ToList(); + + for (int i = 0; i < components.Count; i++) + { + if (components[i].Trim() == "..") + { + components.RemoveAt(i--); + + if (i >= 0) + components.RemoveAt(i--); + else + return false; //Trying to jump outside of basePath + } + else if (components[i].Trim() == "...") + { + components.RemoveAt(i--); + + if (i >= 0) + components.RemoveAt(i--); + else + return false; //Trying to jump outside of basePath + + if (i >= 0) + components.RemoveAt(i--); + else + return false; //Trying to jump outside of basePath + } + else if (components[i].Trim() == ".") + { + components.RemoveAt(i--); + } + } + + if (components.Count == 0) + return false; + + var absolutePath = Path.Combine(basePath, components.Separate(Path.DirectorySeparatorChar)); + + if (File.Exists(absolutePath)) + { + resolvedPath = absolutePath; + + return true; + } + else if (Directory.Exists(absolutePath)) + { + resolvedPath = absolutePath; + + isDirectory = true; + + return true; + } + else + { + //Try to components that don't exist and try again while (components.Count > 0) { string path = Path.Combine(basePath, components[0]); @@ -604,25 +722,26 @@ namespace MontoyaTech.Rest.Net } if (components.Count == 0) - return response.WithStatus(HttpStatusCode.NotFound); + return false; - var combined = Path.Combine(basePath, components.Separate(Path.PathSeparator)); + absolutePath = Path.Combine(basePath, components.Separate(Path.PathSeparator)); - if (File.Exists(combined)) + if (File.Exists(absolutePath)) { - if (request.HttpMethod.Equals("head", StringComparison.CurrentCultureIgnoreCase)) - return response.WithNoBody().WithStatus(HttpStatusCode.NoContent); - else - return response.WithStatus(HttpStatusCode.OK).WithFile(absolutePath); + resolvedPath = absolutePath; + + return true; } - else if (Directory.Exists(combined)) + else if (Directory.Exists(absolutePath)) { - return response.WithNoBody().WithStatus(HttpStatusCode.NoContent); - } - else - { - return response.WithStatus(HttpStatusCode.NotFound); + resolvedPath = absolutePath; + + isDirectory = true; + + return true; } + + return false; } } } diff --git a/Rest.Net/Rest.Net.csproj b/Rest.Net/Rest.Net.csproj index 31923dd..a77cf3b 100644 --- a/Rest.Net/Rest.Net.csproj +++ b/Rest.Net/Rest.Net.csproj @@ -17,7 +17,7 @@ MontoyaTech.Rest.Net MontoyaTech.Rest.Net True - 1.6.2 + 1.6.3 Logo_Symbol_Black_Outline.png diff --git a/Rest.Net/StringExtensions.cs b/Rest.Net/StringExtensions.cs index 35c771e..c51e144 100644 --- a/Rest.Net/StringExtensions.cs +++ b/Rest.Net/StringExtensions.cs @@ -22,7 +22,7 @@ namespace MontoyaTech.Rest.Net public static string Separate(this IList input, char separator) { if (input == null || input.Count == 0) - return null; + return ""; else if (input.Count < 2) return input[0]; @@ -39,7 +39,7 @@ namespace MontoyaTech.Rest.Net public static string Separate(this IList input, string separator) { if (input == null || input.Count == 0) - return null; + return ""; else if (input.Count < 2) return input[0]; -- 2.34.1