hyperium / http

Rust HTTP types
Apache License 2.0
1.16k stars 291 forks source link

Audit use of unsafe in uri/mod.rs #417

Open sbosnick opened 4 years ago

sbosnick commented 4 years ago

Added tests for attempts to parse various types of invalid Uri's including ones with invalid UTF-8 bytes in them. Added a test for parsing &[u8] as a Uri where it has invalid UTF-8 bytes in the fragment. This test accepts the Uri as valid because Uri (currently) does not expose the fragment so those bytes are never interpreted as a &str.

Refactored the parse_full() function to eliminate some code duplication and thereby simplify the function. Finally, added comments to parse_full() and the functions it calls to document the postconditions that parse_full() relies on to make its use of unsafe sound.

This PR has a weak discrepancy on #414 and #416 in the sense that some of the comments added in this PR make more sense in light of the comments added in the earlier two PR's. There is no dependency in this PR on the earlier PR's to build or to run tests.

This is a part of #412.