001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.commons.validator;
018
019 import java.io.Serializable;
020 import java.util.Arrays;
021 import java.util.HashSet;
022 import java.util.Set;
023 import java.util.regex.Matcher;
024 import java.util.regex.Pattern;
025
026 import org.apache.commons.validator.routines.InetAddressValidator;
027 import org.apache.commons.validator.util.Flags;
028
029 /**
030 * <p>Validates URLs.</p>
031 * Behavour of validation is modified by passing in options:
032 * <li>ALLOW_2_SLASHES - [FALSE] Allows double '/' characters in the path
033 * component.</li>
034 * <li>NO_FRAGMENT- [FALSE] By default fragments are allowed, if this option is
035 * included then fragments are flagged as illegal.</li>
036 * <li>ALLOW_ALL_SCHEMES - [FALSE] By default only http, https, and ftp are
037 * considered valid schemes. Enabling this option will let any scheme pass validation.</li>
038 *
039 * <p>Originally based in on php script by Debbie Dyer, validation.php v1.2b, Date: 03/07/02,
040 * http://javascript.internet.com. However, this validation now bears little resemblance
041 * to the php original.</p>
042 * <pre>
043 * Example of usage:
044 * Construct a UrlValidator with valid schemes of "http", and "https".
045 *
046 * String[] schemes = {"http","https"}.
047 * UrlValidator urlValidator = new UrlValidator(schemes);
048 * if (urlValidator.isValid("ftp://foo.bar.com/")) {
049 * System.out.println("url is valid");
050 * } else {
051 * System.out.println("url is invalid");
052 * }
053 *
054 * prints "url is invalid"
055 * If instead the default constructor is used.
056 *
057 * UrlValidator urlValidator = new UrlValidator();
058 * if (urlValidator.isValid("ftp://foo.bar.com/")) {
059 * System.out.println("url is valid");
060 * } else {
061 * System.out.println("url is invalid");
062 * }
063 *
064 * prints out "url is valid"
065 * </pre>
066 *
067 * @see
068 * <a href="http://www.ietf.org/rfc/rfc2396.txt">
069 * Uniform Resource Identifiers (URI): Generic Syntax
070 * </a>
071 *
072 * @version $Revision: 1227719 $ $Date: 2012-01-05 18:45:51 +0100 (Thu, 05 Jan 2012) $
073 * @since Validator 1.1
074 * @deprecated Use the new UrlValidator in the routines package. This class
075 * will be removed in a future release.
076 */
077 public class UrlValidator implements Serializable {
078
079 private static final long serialVersionUID = 24137157400029593L;
080
081 /**
082 * Allows all validly formatted schemes to pass validation instead of
083 * supplying a set of valid schemes.
084 */
085 public static final int ALLOW_ALL_SCHEMES = 1 << 0;
086
087 /**
088 * Allow two slashes in the path component of the URL.
089 */
090 public static final int ALLOW_2_SLASHES = 1 << 1;
091
092 /**
093 * Enabling this options disallows any URL fragments.
094 */
095 public static final int NO_FRAGMENTS = 1 << 2;
096
097 private static final String ALPHA_CHARS = "a-zA-Z";
098
099 private static final String ALPHA_NUMERIC_CHARS = ALPHA_CHARS + "\\d";
100
101 private static final String SPECIAL_CHARS = ";/@&=,.?:+$";
102
103 private static final String VALID_CHARS = "[^\\s" + SPECIAL_CHARS + "]";
104
105 // Drop numeric, and "+-." for now
106 private static final String AUTHORITY_CHARS_REGEX = "\\p{Alnum}\\-\\.";
107
108 private static final String ATOM = VALID_CHARS + '+';
109
110 /**
111 * This expression derived/taken from the BNF for URI (RFC2396).
112 */
113 private static final String URL_REGEX =
114 "^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?";
115 // 12 3 4 5 6 7 8 9
116 private static final Pattern URL_PATTERN = Pattern.compile(URL_REGEX);
117
118 /**
119 * Schema/Protocol (ie. http:, ftp:, file:, etc).
120 */
121 private static final int PARSE_URL_SCHEME = 2;
122
123 /**
124 * Includes hostname/ip and port number.
125 */
126 private static final int PARSE_URL_AUTHORITY = 4;
127
128 private static final int PARSE_URL_PATH = 5;
129
130 private static final int PARSE_URL_QUERY = 7;
131
132 private static final int PARSE_URL_FRAGMENT = 9;
133
134 /**
135 * Protocol (ie. http:, ftp:,https:).
136 */
137 private static final Pattern SCHEME_PATTERN = Pattern.compile("^\\p{Alpha}[\\p{Alnum}\\+\\-\\.]*");
138
139 private static final String AUTHORITY_REGEX =
140 "^([" + AUTHORITY_CHARS_REGEX + "]*)(:\\d*)?(.*)?";
141 // 1 2 3 4
142 private static final Pattern AUTHORITY_PATTERN = Pattern.compile(AUTHORITY_REGEX);
143
144 private static final int PARSE_AUTHORITY_HOST_IP = 1;
145
146 private static final int PARSE_AUTHORITY_PORT = 2;
147
148 /**
149 * Should always be empty.
150 */
151 private static final int PARSE_AUTHORITY_EXTRA = 3;
152
153 private static final Pattern PATH_PATTERN = Pattern.compile("^(/[-\\w:@&?=+,.!/~*'%$_;]*)?$");
154
155 private static final Pattern QUERY_PATTERN = Pattern.compile("^(.*)$");
156
157 private static final Pattern LEGAL_ASCII_PATTERN = Pattern.compile("^\\p{ASCII}+$");
158
159 private static final Pattern DOMAIN_PATTERN =
160 Pattern.compile("^" + ATOM + "(\\." + ATOM + ")*$");
161
162 private static final Pattern PORT_PATTERN = Pattern.compile("^:(\\d{1,5})$");
163
164 private static final Pattern ATOM_PATTERN = Pattern.compile("^(" + ATOM + ").*?$");
165
166 private static final Pattern ALPHA_PATTERN = Pattern.compile("^[" + ALPHA_CHARS + "]");
167
168 /**
169 * Holds the set of current validation options.
170 */
171 private Flags options = null;
172
173 /**
174 * The set of schemes that are allowed to be in a URL.
175 */
176 private Set allowedSchemes = new HashSet();
177
178 /**
179 * If no schemes are provided, default to this set.
180 */
181 protected String[] defaultSchemes = {"http", "https", "ftp"};
182
183 /**
184 * Create a UrlValidator with default properties.
185 */
186 public UrlValidator() {
187 this(null);
188 }
189
190 /**
191 * Behavior of validation is modified by passing in several strings options:
192 * @param schemes Pass in one or more url schemes to consider valid, passing in
193 * a null will default to "http,https,ftp" being valid.
194 * If a non-null schemes is specified then all valid schemes must
195 * be specified. Setting the ALLOW_ALL_SCHEMES option will
196 * ignore the contents of schemes.
197 */
198 public UrlValidator(String[] schemes) {
199 this(schemes, 0);
200 }
201
202 /**
203 * Initialize a UrlValidator with the given validation options.
204 * @param options The options should be set using the public constants declared in
205 * this class. To set multiple options you simply add them together. For example,
206 * ALLOW_2_SLASHES + NO_FRAGMENTS enables both of those options.
207 */
208 public UrlValidator(int options) {
209 this(null, options);
210 }
211
212 /**
213 * Behavour of validation is modified by passing in options:
214 * @param schemes The set of valid schemes.
215 * @param options The options should be set using the public constants declared in
216 * this class. To set multiple options you simply add them together. For example,
217 * ALLOW_2_SLASHES + NO_FRAGMENTS enables both of those options.
218 */
219 public UrlValidator(String[] schemes, int options) {
220 this.options = new Flags(options);
221
222 if (this.options.isOn(ALLOW_ALL_SCHEMES)) {
223 return;
224 }
225
226 if (schemes == null) {
227 schemes = this.defaultSchemes;
228 }
229
230 this.allowedSchemes.addAll(Arrays.asList(schemes));
231 }
232
233 /**
234 * <p>Checks if a field has a valid url address.</p>
235 *
236 * @param value The value validation is being performed on. A <code>null</code>
237 * value is considered invalid.
238 * @return true if the url is valid.
239 */
240 public boolean isValid(String value) {
241 if (value == null) {
242 return false;
243 }
244 if (!LEGAL_ASCII_PATTERN.matcher(value).matches()) {
245 return false;
246 }
247
248 // Check the whole url address structure
249 Matcher urlMatcher = URL_PATTERN.matcher(value);
250 if (!urlMatcher.matches()) {
251 return false;
252 }
253
254 if (!isValidScheme(urlMatcher.group(PARSE_URL_SCHEME))) {
255 return false;
256 }
257
258 if (!isValidAuthority(urlMatcher.group(PARSE_URL_AUTHORITY))) {
259 return false;
260 }
261
262 if (!isValidPath(urlMatcher.group(PARSE_URL_PATH))) {
263 return false;
264 }
265
266 if (!isValidQuery(urlMatcher.group(PARSE_URL_QUERY))) {
267 return false;
268 }
269
270 if (!isValidFragment(urlMatcher.group(PARSE_URL_FRAGMENT))) {
271 return false;
272 }
273
274 return true;
275 }
276
277 /**
278 * Validate scheme. If schemes[] was initialized to a non null,
279 * then only those scheme's are allowed. Note this is slightly different
280 * than for the constructor.
281 * @param scheme The scheme to validate. A <code>null</code> value is considered
282 * invalid.
283 * @return true if valid.
284 */
285 protected boolean isValidScheme(String scheme) {
286 if (scheme == null) {
287 return false;
288 }
289
290 if (!SCHEME_PATTERN.matcher(scheme).matches()) {
291 return false;
292 }
293
294 if (this.options.isOff(ALLOW_ALL_SCHEMES)) {
295
296 if (!this.allowedSchemes.contains(scheme)) {
297 return false;
298 }
299 }
300
301 return true;
302 }
303
304 /**
305 * Returns true if the authority is properly formatted. An authority is the combination
306 * of hostname and port. A <code>null</code> authority value is considered invalid.
307 * @param authority Authority value to validate.
308 * @return true if authority (hostname and port) is valid.
309 */
310 protected boolean isValidAuthority(String authority) {
311 if (authority == null) {
312 return false;
313 }
314
315 InetAddressValidator inetAddressValidator =
316 InetAddressValidator.getInstance();
317
318 Matcher authorityMatcher = AUTHORITY_PATTERN.matcher(authority);
319 if (!authorityMatcher.matches()) {
320 return false;
321 }
322
323 boolean hostname = false;
324 // check if authority is IP address or hostname
325 String hostIP = authorityMatcher.group(PARSE_AUTHORITY_HOST_IP);
326 boolean ipV4Address = inetAddressValidator.isValid(hostIP);
327
328 if (!ipV4Address) {
329 // Domain is hostname name
330 hostname = DOMAIN_PATTERN.matcher(hostIP).matches();
331 }
332
333 //rightmost hostname will never start with a digit.
334 if (hostname) {
335 // LOW-TECH FIX FOR VALIDATOR-202
336 // TODO: Rewrite to use ArrayList and .add semantics: see VALIDATOR-203
337 char[] chars = hostIP.toCharArray();
338 int size = 1;
339 for(int i=0; i<chars.length; i++) {
340 if(chars[i] == '.') {
341 size++;
342 }
343 }
344 String[] domainSegment = new String[size];
345 boolean match = true;
346 int segmentCount = 0;
347 int segmentLength = 0;
348
349 while (match) {
350 Matcher atomMatcher = ATOM_PATTERN.matcher(hostIP);
351 match = atomMatcher.matches();
352 if (match) {
353 domainSegment[segmentCount] = atomMatcher.group(1);
354 segmentLength = domainSegment[segmentCount].length() + 1;
355 hostIP =
356 (segmentLength >= hostIP.length())
357 ? ""
358 : hostIP.substring(segmentLength);
359
360 segmentCount++;
361 }
362 }
363 String topLevel = domainSegment[segmentCount - 1];
364 if (topLevel.length() < 2 || topLevel.length() > 4) {
365 return false;
366 }
367
368 // First letter of top level must be a alpha
369 if (!ALPHA_PATTERN.matcher(topLevel.substring(0, 1)).matches()) {
370 return false;
371 }
372
373 // Make sure there's a host name preceding the authority.
374 if (segmentCount < 2) {
375 return false;
376 }
377 }
378
379 if (!hostname && !ipV4Address) {
380 return false;
381 }
382
383 String port = authorityMatcher.group(PARSE_AUTHORITY_PORT);
384 if (port != null) {
385 if (!PORT_PATTERN.matcher(port).matches()) {
386 return false;
387 }
388 }
389
390 String extra = authorityMatcher.group(PARSE_AUTHORITY_EXTRA);
391 if (!GenericValidator.isBlankOrNull(extra)) {
392 return false;
393 }
394
395 return true;
396 }
397
398 /**
399 * Returns true if the path is valid. A <code>null</code> value is considered invalid.
400 * @param path Path value to validate.
401 * @return true if path is valid.
402 */
403 protected boolean isValidPath(String path) {
404 if (path == null) {
405 return false;
406 }
407
408 if (!PATH_PATTERN.matcher(path).matches()) {
409 return false;
410 }
411
412 int slash2Count = countToken("//", path);
413 if (this.options.isOff(ALLOW_2_SLASHES) && (slash2Count > 0)) {
414 return false;
415 }
416
417 int slashCount = countToken("/", path);
418 int dot2Count = countToken("..", path);
419 if (dot2Count > 0) {
420 if ((slashCount - slash2Count - 1) <= dot2Count) {
421 return false;
422 }
423 }
424
425 return true;
426 }
427
428 /**
429 * Returns true if the query is null or it's a properly formatted query string.
430 * @param query Query value to validate.
431 * @return true if query is valid.
432 */
433 protected boolean isValidQuery(String query) {
434 if (query == null) {
435 return true;
436 }
437
438 return QUERY_PATTERN.matcher(query).matches();
439 }
440
441 /**
442 * Returns true if the given fragment is null or fragments are allowed.
443 * @param fragment Fragment value to validate.
444 * @return true if fragment is valid.
445 */
446 protected boolean isValidFragment(String fragment) {
447 if (fragment == null) {
448 return true;
449 }
450
451 return this.options.isOff(NO_FRAGMENTS);
452 }
453
454 /**
455 * Returns the number of times the token appears in the target.
456 * @param token Token value to be counted.
457 * @param target Target value to count tokens in.
458 * @return the number of tokens.
459 */
460 protected int countToken(String token, String target) {
461 int tokenIndex = 0;
462 int count = 0;
463 while (tokenIndex != -1) {
464 tokenIndex = target.indexOf(token, tokenIndex);
465 if (tokenIndex > -1) {
466 tokenIndex++;
467 count++;
468 }
469 }
470 return count;
471 }
472 }