Fix bug in Uri.resolve with IPv6 addresses.

The `resolve`/`resolveUri` operation would take the
`.host` of the URI reference and include it verbatim
in the output. Since the `.host` getter returns IPv6
addresses *without* their `[`...`]` braces, that would
become invalid.

Also make sure to normalize the parts of the URI reference
that are used, if it is not a platform URI.

Fixes #55085

BUG= https://dartbug.com/55085

Change-Id: I3dbc8af953af0974346e38ba3203796647069ea8
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/355781
Reviewed-by: Stephen Adams <[email protected]>
Commit-Queue: Lasse Nielsen <[email protected]>
Reviewed-by: Martin Kustermann <[email protected]>
Reviewed-by: Nate Bosch <[email protected]>
Commit-Queue: Martin Kustermann <[email protected]>
Auto-Submit: Lasse Nielsen <[email protected]>

Author: lrhn

sdk/lib/core/uri.dart

@@ -1507,7 +1507,10 @@ abstract interface class Uri {
   }
 }
 
-class _Uri implements Uri {
+// Superclass of the two implementation types.
+sealed class _PlatformUri implements Uri {}
+
+final class _Uri implements _PlatformUri {
   // We represent the missing scheme as an empty string.
   // A valid scheme cannot be empty.
   final String scheme;
@@ -2705,12 +2708,12 @@ class _Uri implements Uri {
     return resolveUri(Uri.parse(reference));
   }
 
-  // Returns the index of the `/` after the package name of a package URI.
+  // The index of the `/` after the package name of a package URI.
   //
-  // Returns negative if the URI is not a valid package URI:
+  // Value is negative if the URI is not a valid package URI:
   // * Scheme must be "package".
   // * No authority.
-  // * Path starts with "something"/
+  // * Path starts with "something/".
   // * where "something" is not all "." characters,
   // * and contains no escapes or colons.
   //
@@ -2730,7 +2733,21 @@ class _Uri implements Uri {
     int? targetPort;
     String targetPath;
     String? targetQuery;
+    // Position up to which values are known to already be normalized,
+    // because the value is taken from this `_Uri`
+    // If any part of the path is taken from a `reference` which is not
+    // a platform URI, and therefore not known to be canonicalized to the
+    // standard of platform URIs, the combined path counts as potentially
+    // non-normalized.
+    const int atStart = 0, // Nothing taken from this URI.
+        afterScheme = 1, // Scheme comes from this URI.
+        afterAuthority = 2, // Scheme and authority comes from this URI.
+        afterPath = 3, // The path, and everything before, is from this URI.
+        afterQuery = 4; // Everything except fragment is from this URI.
+    int split = atStart;
+
     if (reference.scheme.isNotEmpty) {
+      if (reference is _PlatformUri) return reference;
       targetScheme = reference.scheme;
       if (reference.hasAuthority) {
         targetUserInfo = reference.userInfo;
@@ -2744,26 +2761,33 @@ class _Uri implements Uri {
     } else {
       targetScheme = this.scheme;
       if (reference.hasAuthority) {
+        if (reference is _PlatformUri) {
+          return reference.replace(scheme: targetScheme);
+        }
         targetUserInfo = reference.userInfo;
         targetHost = reference.host;
         targetPort =
             _makePort(reference.hasPort ? reference.port : null, targetScheme);
         targetPath = _removeDotSegments(reference.path);
         if (reference.hasQuery) targetQuery = reference.query;
+        split = afterScheme;
       } else {
         targetUserInfo = this._userInfo;
         targetHost = this._host;
         targetPort = this._port;
-        if (reference.path == "") {
+        if (reference.hasEmptyPath) {
           targetPath = this.path;
           if (reference.hasQuery) {
+            split = afterPath;
             targetQuery = reference.query;
           } else {
             targetQuery = this._query;
+            split = afterQuery;
           }
         } else {
           String basePath = this.path;
           int packageNameEnd = _packageNameEnd(this, basePath);
+          split = afterAuthority;
           if (packageNameEnd > 0) {
             assert(targetScheme == "package");
             assert(!this.hasAuthority);
@@ -2809,11 +2833,41 @@ class _Uri implements Uri {
               }
             }
           }
-          if (reference.hasQuery) targetQuery = reference.query;
+          if (reference.hasQuery) {
+            targetQuery = reference.query;
+          }
         }
       }
     }
     String? fragment = reference.hasFragment ? reference.fragment : null;
+    if (reference is! _PlatformUri) {
+      // Don't trust values coming from `reference` to be normalized.
+      if (split == atStart) {
+        targetScheme = _makeScheme(targetScheme, 0, targetScheme.length);
+      }
+      if (split <= afterScheme) {
+        if (targetUserInfo != null) {
+          targetUserInfo =
+              _makeUserInfo(targetUserInfo, 0, targetUserInfo.length);
+        }
+        if (targetPort != null) {
+          targetPort = _makePort(targetPort, targetScheme);
+        }
+        if (targetHost != null && targetHost.isNotEmpty) {
+          targetHost = _makeHost(targetHost, 0, targetHost.length, false);
+        }
+      }
+      if (split <= afterPath) {
+        targetPath = _makePath(targetPath, 0, targetPath.length, null,
+            targetScheme, targetHost != null);
+      }
+      if (split <= afterPath && targetQuery != null) {
+        targetQuery = _makeQuery(targetQuery, 0, targetQuery.length, null);
+      }
+      if (fragment != null) {
+        fragment = _makeFragment(fragment, 0, fragment.length);
+      }
+    }
     return _Uri._internal(targetScheme, targetUserInfo, targetHost, targetPort,
         targetPath, targetQuery, fragment);
   }
@@ -4406,7 +4460,7 @@ int _scan(String uri, int start, int end, int state, List<int> indices) {
   return state;
 }
 
-class _SimpleUri implements Uri {
+final class _SimpleUri implements _PlatformUri {
   final String _uri;
   final int _schemeEnd;
   final int _hostStart;

tests/corelib/uri_ipv6_test.dart

@@ -211,7 +211,76 @@ void testParseIPv6Address() {
       [32, 16, 131, 107, 65, 121, 0, 0, 0, 0, 0, 0, 127, 0, 0, 1]);
 }
 
+void testPropagateIPv6() {
+  // A regression test for https://dartbug.com/55085
+
+  // A "Normal" URI. Simple URIs cannot have IPv6 addresses.
+  var ipv6Uri = Uri.parse("s://u:p@[::127.0.0.1]:1/p1/p2?q#f");
+
+  // A non-IPv6 URI.
+  var plainUri = Uri.parse("s2://u2:p2@host:2/p3/p4?q2#f2");
+
+  void expectSame(Uri expected, Uri actual) {
+    Expect.equals(expected, actual, "URI equality");
+    Expect.equals(
+        expected.toString(), actual.toString(), "URI.toString() equality");
+  }
+
+  Expect.equals("s://u:p@[::127.0.0.1]:1/p1/p2?q#f", ipv6Uri.toString());
+  Expect.equals("::127.0.0.1", ipv6Uri.host);
+  Expect.equals("u:p", ipv6Uri.userInfo);
+  Expect.equals(1, ipv6Uri.port);
+
+  // Using resolve to change parts of an IPv6 URI.
+  expectSame(
+      Uri.parse("s://u:p@[::127.0.0.1]:1/p1/p2?q#f2"), ipv6Uri.resolve("#f2"));
+  expectSame(Uri.parse("s://u:p@[::127.0.0.1]:1/p1/p2?q2#f2"),
+      ipv6Uri.resolve("?q2#f2"));
+  expectSame(Uri.parse("s://u:p@[::127.0.0.1]:1/p1/p3?q2#f2"),
+      ipv6Uri.resolve("p3?q2#f2"));
+  expectSame(Uri.parse("s://u:p@[::127.0.0.1]:1/p3/p4?q2#f2"),
+      ipv6Uri.resolve("/p3/p4?q2#f2"));
+  expectSame(Uri.parse("s://u:p@[::127.0.0.1]:1/p3/p4?q2#f2"),
+      ipv6Uri.resolve("/p3/p4?q2#f2"));
+  expectSame(Uri.parse("s://u2:[email protected]:2/p3/p4?q2#f2"),
+      ipv6Uri.resolve("//u2:[email protected]:2/p3/p4?q2#f2"));
+  expectSame(Uri.parse("s2://u2:[email protected]:2/p3/p4?q2#f2"),
+      ipv6Uri.resolve("s2://u2:[email protected]:2/p3/p4?q2#f2"));
+
+  // Using resolve to change parts to an IPv6 URI.
+  expectSame(Uri.parse("s2://u:p@[::127.0.0.1]:1/p1/p2?q#f"),
+      plainUri.resolve("//u:p@[::127.0.0.1]:1/p1/p2?q#f"));
+  expectSame(Uri.parse("s://u:p@[::127.0.0.1]:1/p1/p2?q#f"),
+      plainUri.resolveUri(ipv6Uri));
+
+  // Using replace to change non-host parts of an IPv6 URI.
+  expectSame(Uri.parse("s2://u:p@[::127.0.0.1]:1/p1/p2?q#f"),
+      ipv6Uri.replace(scheme: "s2"));
+  expectSame(
+      Uri.parse("s://u:p@[::127.0.0.1]:2/p1/p2?q#f"), ipv6Uri.replace(port: 2));
+  expectSame(Uri.parse("s://u:p@[::127.0.0.1]:1/p3/p4?q#f"),
+      ipv6Uri.replace(path: "p3/p4"));
+  expectSame(
+      Uri.parse("s://u:p@[::127.0.0.1]:1?q#f"), ipv6Uri.replace(path: ""));
+  expectSame(Uri.parse("s://u:p@[::127.0.0.1]:1/p1/p2?q2#f"),
+      ipv6Uri.replace(query: "q2"));
+  expectSame(Uri.parse("s://u:p@[::127.0.0.1]:1/p1/p2?q#f2"),
+      ipv6Uri.replace(fragment: "f2"));
+  // Replacing the host to or from an IPv6 address.
+  expectSame(
+      Uri.parse("s://u:p@host:1/p1/p2?q#f"), ipv6Uri.replace(host: "host"));
+  expectSame(Uri.parse("s2://u2:p2@[::127.0.0.1]:2/p3/p4?q2#f2"),
+      plainUri.replace(host: "[::127.0.0.1]"));
+  expectSame(Uri.parse("s2://u2:p2@[::127.0.0.1]:2/p3/p4?q2#f2"),
+      plainUri.replace(host: "::127.0.0.1"));
+
+  // Removing fragment.
+  expectSame(
+      Uri.parse("s://u:p@[::127.0.0.1]:1/p1/p2?q"), ipv6Uri.removeFragment());
+}
+
 void main() {
   testValidIpv6Uri();
   testParseIPv6Address();
+  testPropagateIPv6();
 }

tests/corelib/uri_normalize_test.dart

@@ -72,6 +72,79 @@ testNormalizePath() {
   test("./", "a/..");
 }
 
+void testNormalizeResolve() {
+  var uri = Uri.parse("scheme://user:[email protected]:1/path/?query#fragment");
+
+  var nonCanon = NonCanonicalizingUri();
+
+  nonCanon
+    ..fragment = "fr%61gment"
+    ..hasFragment = true;
+  Expect.equals(uri, uri.resolveUri(nonCanon));
+
+  nonCanon
+    ..query = "qu%65ry"
+    ..hasQuery = true;
+  Expect.equals(uri, uri.resolveUri(nonCanon));
+
+  nonCanon..path = "/p%61th/";
+  Expect.equals(uri, uri.resolveUri(nonCanon));
+  nonCanon..path = "../p%61th/";
+  Expect.equals(uri, uri.resolveUri(nonCanon));
+
+  nonCanon
+    ..hasAuthority = true
+    ..hasUserInfo = true
+    ..userInfo = "us%65r:pass"
+    ..host = "ex%41mple.com"
+    ..hasPort = true
+    ..port = 1;
+  Expect.equals(uri, uri.resolveUri(nonCanon));
+
+  nonCanon
+    ..hasScheme = true
+    ..scheme = "schEme";
+  Expect.equals(uri, uri.resolveUri(nonCanon));
+}
+
 main() {
   testNormalizePath();
+  testNormalizeResolve();
+}
+
+class NonCanonicalizingUri implements Uri {
+  String scheme = "";
+  String userInfo = "";
+  String host = "";
+  int port = 0;
+  String path = "";
+  String query = "";
+  String fragment = "";
+  bool hasScheme = false;
+  bool hasAuthority = false;
+  bool hasUserInfo = false;
+  bool hasPort = false;
+  bool hasQuery = false;
+  bool hasFragment = false;
+
+  bool get hasEmptyPath => path.isEmpty;
+  bool get hasAbsolutePath => path.startsWith("/") || isScheme("file");
+  bool isScheme(String scheme) =>
+      scheme.toLowerCase() == Uri.decodeComponent(this.scheme).toLowerCase();
+
+  Uri normalize() => this; // Na-ah!
+
+  List<String> get pathSegments => path.split("/");
+
+  String toString() => "${hasScheme ? "$scheme:" : ""}"
+      "${hasAuthority ? "//${hasUserInfo ? "$userInfo@" : ""}"
+          "$host"
+          "${hasPort ? ":$port" : ""}" : ""}"
+      "$path${hasQuery ? "?$query" : ""}${hasFragment ? "#$fragment" : ""}";
+
+  int get hashCode => toString().hashCode;
+  bool operator ==(Object other) =>
+      other is Uri && toString() == other.toString();
+
+  Object? noSuchMethod(i) => super.noSuchMethod(i);
 }