UrlValidator.java

  1. /*
  2.  * Licensed to the Apache Software Foundation (ASF) under one or more
  3.  * contributor license agreements.  See the NOTICE file distributed with
  4.  * this work for additional information regarding copyright ownership.
  5.  * The ASF licenses this file to You under the Apache License, Version 2.0
  6.  * (the "License"); you may not use this file except in compliance with
  7.  * the License.  You may obtain a copy of the License at
  8.  *
  9.  *      https://www.apache.org/licenses/LICENSE-2.0
  10.  *
  11.  * Unless required by applicable law or agreed to in writing, software
  12.  * distributed under the License is distributed on an "AS IS" BASIS,
  13.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14.  * See the License for the specific language governing permissions and
  15.  * limitations under the License.
  16.  */
  17. package org.apache.commons.validator;

  19. import java.io.Serializable;
  20. import java.util.Arrays;
  21. import java.util.HashSet;
  22. import java.util.Set;
  23. import java.util.regex.Matcher;
  24. import java.util.regex.Pattern;

  26. import org.apache.commons.validator.routines.InetAddressValidator;
  27. import org.apache.commons.validator.util.Flags;

  29. /**
  30.  * <p>Validates URLs.</p>
  31.  * Behaviour of validation is modified by passing in options:
  32.  * <ul>
  33.  * <li>ALLOW_2_SLASHES - [FALSE]  Allows double '/' characters in the path
  34.  * component.</li>
  35.  * <li>NO_FRAGMENT- [FALSE]  By default fragments are allowed, if this option is
  36.  * included then fragments are flagged as illegal.</li>
  37.  * <li>ALLOW_ALL_SCHEMES - [FALSE] By default only http, https, and ftp are
  38.  * considered valid schemes.  Enabling this option will let any scheme pass validation.</li>
  39.  * </ul>
  40.  *
  41.  * <p>Originally based in on php script by Debbie Dyer, validation.php v1.2b, Date: 03/07/02,
  42.  * https://javascript.internet.com. However, this validation now bears little resemblance
  43.  * to the php original.</p>
  44.  * <pre>
  45.  *   Example of usage:
  46.  *   Construct a UrlValidator with valid schemes of "http", and "https".
  47.  *
  48.  *    String[] schemes = {"http","https"}.
  49.  *    UrlValidator urlValidator = new UrlValidator(schemes);
  50.  *    if (urlValidator.isValid("ftp://foo.bar.com/")) {
  51.  *       System.out.println("URL is valid");
  52.  *    } else {
  53.  *       System.out.println("URL is invalid");
  54.  *    }
  55.  *
  56.  *    prints "URL is invalid"
  57.  *   If instead the default constructor is used.
  58.  *
  59.  *    UrlValidator urlValidator = new UrlValidator();
  60.  *    if (urlValidator.isValid("ftp://foo.bar.com/")) {
  61.  *       System.out.println("URL is valid");
  62.  *    } else {
  63.  *       System.out.println("URL is invalid");
  64.  *    }
  65.  *
  66.  *   prints out "URL is valid"
  67.  *  </pre>
  68.  *
  69.  * @see
  70.  * <a href="http://www.ietf.org/rfc/rfc2396.txt">
  71.  *  Uniform Resource Identifiers (URI): Generic Syntax
  72.  * </a>
  73.  *
  74.  * @since 1.1
  75.  * @deprecated Use the new UrlValidator in the routines package. This class
  76.  * will be removed in a future release.
  77.  */
  78. @Deprecated
  79. public class UrlValidator implements Serializable {

  81.     private static final int TOP_LEVEL_MAX_LEN = 4;

  83.     private static final int TOP_LEVEL_MIN_LEN = 2;

  85.     private static final long serialVersionUID = 24137157400029593L;

  87.     /**
  88.      * Allows all validly formatted schemes to pass validation instead of
  89.      * supplying a set of valid schemes.
  90.      */
  91.     public static final int ALLOW_ALL_SCHEMES = 1 << 0;

  93.     /**
  94.      * Allow two slashes in the path component of the URL.
  95.      */
  96.     public static final int ALLOW_2_SLASHES = 1 << 1;

  98.     /**
  99.      * Enabling this options disallows any URL fragments.
  100.      */
  101.     public static final int NO_FRAGMENTS = 1 << 2;

  103.     private static final String ALPHA_CHARS = "a-zA-Z";

  105. // NOT USED   private static final String ALPHA_NUMERIC_CHARS = ALPHA_CHARS + "\\d";

  107.     private static final String SPECIAL_CHARS = ";/@&=,.?:+$";

  109.     private static final String VALID_CHARS = "[^\\s" + SPECIAL_CHARS + "]";

  111.     // Drop numeric, and  "+-." for now
  112.     private static final String AUTHORITY_CHARS_REGEX = "\\p{Alnum}\\-\\.";

  114.     private static final String ATOM = VALID_CHARS + '+';

  116.     /**
  117.      * This expression derived/taken from the BNF for URI (RFC2396).
  118.      */
  119.     private static final String URL_REGEX =
  120.             "^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?";
  121.     //                                                                      12            3  4          5       6   7        8 9
  122.     private static final Pattern URL_PATTERN = Pattern.compile(URL_REGEX);

  124.     /**
  125.      * Schema/Protocol (ie. http:, ftp:, file:, etc).
  126.      */
  127.     private static final int PARSE_URL_SCHEME = 2;

  129.     /**
  130.      * Includes hostname/ip and port number.
  131.      */
  132.     private static final int PARSE_URL_AUTHORITY = 4;

  134.     private static final int PARSE_URL_PATH = 5;

  136.     private static final int PARSE_URL_QUERY = 7;

  138.     private static final int PARSE_URL_FRAGMENT = 9;

  140.     /**
  141.      * Protocol (for example, http:, ftp:, https:).
  142.      */
  143.     private static final Pattern SCHEME_PATTERN = Pattern.compile("^\\p{Alpha}[\\p{Alnum}\\+\\-\\.]*");

  145.     private static final String AUTHORITY_REGEX =
  146.        "^([" + AUTHORITY_CHARS_REGEX + "]*)(:\\d*)?(.*)?";
  147.     //                                                                            1                          2  3       4
  148.     private static final Pattern AUTHORITY_PATTERN = Pattern.compile(AUTHORITY_REGEX);

  150.     private static final int PARSE_AUTHORITY_HOST_IP = 1;

  152.     private static final int PARSE_AUTHORITY_PORT = 2;

  154.     /**
  155.      * Should always be empty.
  156.      */
  157.     private static final int PARSE_AUTHORITY_EXTRA = 3;

  159.     private static final Pattern PATH_PATTERN = Pattern.compile("^(/[-\\w:@&?=+,.!/~*'%$_;]*)?$");

  161.     private static final Pattern QUERY_PATTERN = Pattern.compile("^(.*)$");

  163.     private static final Pattern LEGAL_ASCII_PATTERN = Pattern.compile("^\\p{ASCII}+$");

  165.     private static final Pattern DOMAIN_PATTERN =
  166.             Pattern.compile("^" + ATOM + "(\\." + ATOM + ")*$");

  168.     private static final Pattern PORT_PATTERN = Pattern.compile("^:(\\d{1,5})$");

  170.     private static final Pattern ATOM_PATTERN = Pattern.compile("^(" + ATOM + ").*?$");

  172.     private static final Pattern ALPHA_PATTERN = Pattern.compile("^[" + ALPHA_CHARS + "]");

  174.     /**
  175.      * Holds the set of current validation options.
  176.      */
  177.     private final Flags options;

  179.     /**
  180.      * The set of schemes that are allowed to be in a URL.
  181.      */
  182.     private final Set<String> allowedSchemes = new HashSet<>();

  184.     /**
  185.      * If no schemes are provided, default to this set.
  186.      */
  187.     protected String[] defaultSchemes = {"http", "https", "ftp"};

  189.     /**
  190.      * Create a UrlValidator with default properties.
  191.      */
  192.     public UrlValidator() {
  193.         this(null);
  194.     }

  196.     /**
  197.      * Initialize a UrlValidator with the given validation options.
  198.      * @param options The options should be set using the public constants declared in
  199.      * this class.  To set multiple options you simply add them together.  For example,
  200.      * ALLOW_2_SLASHES + NO_FRAGMENTS enables both of those options.
  201.      */
  202.     public UrlValidator(final int options) {
  203.         this(null, options);
  204.     }

  206.     /**
  207.      * Behavior of validation is modified by passing in several strings options:
  208.      * @param schemes Pass in one or more URL schemes to consider valid, passing in
  209.      *        a null will default to "http,https,ftp" being valid.
  210.      *        If a non-null schemes is specified then all valid schemes must
  211.      *        be specified. Setting the ALLOW_ALL_SCHEMES option will
  212.      *        ignore the contents of schemes.
  213.      */
  214.     public UrlValidator(final String[] schemes) {
  215.         this(schemes, 0);
  216.     }

  218.     /**
  219.      * Behaviour of validation is modified by passing in options:
  220.      * @param schemes The set of valid schemes.
  221.      * @param options The options should be set using the public constants declared in
  222.      * this class.  To set multiple options you simply add them together.  For example,
  223.      * ALLOW_2_SLASHES + NO_FRAGMENTS enables both of those options.
  224.      */
  225.     public UrlValidator(String[] schemes, final int options) {
  226.         this.options = new Flags(options);

  228.         if (this.options.isOn(ALLOW_ALL_SCHEMES)) {
  229.             return;
  230.         }

  232.         if (schemes == null) {
  233.             schemes = defaultSchemes;
  234.         }

  236.         allowedSchemes.addAll(Arrays.asList(schemes));
  237.     }

  239.     /**
  240.      * Returns the number of times the token appears in the target.
  241.      * @param token Token value to be counted.
  242.      * @param target Target value to count tokens in.
  243.      * @return the number of tokens.
  244.      */
  245.     protected int countToken(final String token, final String target) {
  246.         int tokenIndex = 0;
  247.         int count = 0;
  248.         while (tokenIndex != -1) {
  249.             tokenIndex = target.indexOf(token, tokenIndex);
  250.             if (tokenIndex > -1) {
  251.                 tokenIndex++;
  252.                 count++;
  253.             }
  254.         }
  255.         return count;
  256.     }

  258.     /**
  259.      * <p>Checks if a field has a valid URL address.</p>
  260.      *
  261.      * @param value The value validation is being performed on.  A {@code null}
  262.      * value is considered invalid.
  263.      * @return true if the URL is valid.
  264.      */
  265.     public boolean isValid(final String value) {
  266.         if (value == null || !LEGAL_ASCII_PATTERN.matcher(value).matches()) {
  267.            return false;
  268.         }

  270.         // Check the whole url address structure
  271.         final Matcher urlMatcher = URL_PATTERN.matcher(value);
  272.         if (!urlMatcher.matches() || !isValidScheme(urlMatcher.group(PARSE_URL_SCHEME)) || !isValidAuthority(urlMatcher.group(PARSE_URL_AUTHORITY)) || !isValidPath(urlMatcher.group(PARSE_URL_PATH))) {
  273.             return false;
  274.         }

  276.         if (!isValidQuery(urlMatcher.group(PARSE_URL_QUERY))) {
  277.             return false;
  278.         }

  280.         if (!isValidFragment(urlMatcher.group(PARSE_URL_FRAGMENT))) {
  281.             return false;
  282.         }

  284.         return true;
  285.     }

  287.     /**
  288.      * Returns true if the authority is properly formatted.  An authority is the combination
  289.      * of hostname and port.  A {@code null} authority value is considered invalid.
  290.      * @param authority Authority value to validate.
  291.      * @return true if authority (hostname and port) is valid.
  292.      */
  293.     protected boolean isValidAuthority(final String authority) {
  294.         if (authority == null) {
  295.             return false;
  296.         }

  298.         final InetAddressValidator inetAddressValidator =
  299.                 InetAddressValidator.getInstance();

  301.         final Matcher authorityMatcher = AUTHORITY_PATTERN.matcher(authority);
  302.         if (!authorityMatcher.matches()) {
  303.             return false;
  304.         }

  306.         boolean hostname = false;
  307.         // check if authority is IP address or hostname
  308.         String hostIP = authorityMatcher.group(PARSE_AUTHORITY_HOST_IP);
  309.         final boolean ipV4Address = inetAddressValidator.isValid(hostIP);

  311.         if (!ipV4Address) {
  312.             // Domain is hostname name
  313.             hostname = DOMAIN_PATTERN.matcher(hostIP).matches();
  314.         }

  316.         //rightmost hostname will never start with a digit.
  317.         if (hostname) {
  318.             // LOW-TECH FIX FOR VALIDATOR-202
  319.             // TODO: Rewrite to use ArrayList and .add semantics: see VALIDATOR-203
  320.             final char[] chars = hostIP.toCharArray();
  321.             int size = 1;
  322.             for (final char element : chars) {
  323.                 if (element == '.') {
  324.                     size++;
  325.                 }
  326.             }
  327.             final String[] domainSegment = new String[size];
  328.             boolean match = true;
  329.             int segmentCount = 0;
  330.             int segmentLength = 0;

  332.             while (match) {
  333.                 final Matcher atomMatcher = ATOM_PATTERN.matcher(hostIP);
  334.                 match = atomMatcher.matches();
  335.                 if (match) {
  336.                     domainSegment[segmentCount] = atomMatcher.group(1);
  337.                     segmentLength = domainSegment[segmentCount].length() + 1;
  338.                     hostIP =
  339.                             segmentLength >= hostIP.length()
  340.                             ? ""
  341.                             : hostIP.substring(segmentLength);

  343.                     segmentCount++;
  344.                 }
  345.             }
  346.             final String topLevel = domainSegment[segmentCount - 1];


  349.             // First letter of top level must be an alpha
  350.             // Make sure there's a host name preceding the authority.
  351.             if (topLevel.length() < TOP_LEVEL_MIN_LEN || topLevel.length() > TOP_LEVEL_MAX_LEN || !ALPHA_PATTERN.matcher(topLevel.substring(0, 1)).matches()
  352.                     || segmentCount < 2) {
  353.                 return false;
  354.             }
  355.         }

  357.         if (!hostname && !ipV4Address) {
  358.             return false;
  359.         }

  361.         final String port = authorityMatcher.group(PARSE_AUTHORITY_PORT);
  362.         if (port != null && !PORT_PATTERN.matcher(port).matches()) {
  363.             return false;
  364.         }

  366.         final String extra = authorityMatcher.group(PARSE_AUTHORITY_EXTRA);
  367.         if (!GenericValidator.isBlankOrNull(extra)) {
  368.             return false;
  369.         }

  371.         return true;
  372.     }

  374.     /**
  375.      * Returns true if the given fragment is null or fragments are allowed.
  376.      * @param fragment Fragment value to validate.
  377.      * @return true if fragment is valid.
  378.      */
  379.     protected boolean isValidFragment(final String fragment) {
  380.         if (fragment == null) {
  381.             return true;
  382.         }

  384.         return options.isOff(NO_FRAGMENTS);
  385.     }

  387.     /**
  388.      * Returns true if the path is valid.  A {@code null} value is considered invalid.
  389.      * @param path Path value to validate.
  390.      * @return true if path is valid.
  391.      */
  392.     protected boolean isValidPath(final String path) {
  393.         if (path == null || !PATH_PATTERN.matcher(path).matches()) {
  394.             return false;
  395.         }

  397.         final int slash2Count = countToken("//", path);
  398.         if (options.isOff(ALLOW_2_SLASHES) && slash2Count > 0) {
  399.             return false;
  400.         }

  402.         final int slashCount = countToken("/", path);
  403.         final int dot2Count = countToken("..", path);
  404.         if (dot2Count > 0 && slashCount - slash2Count - 1 <= dot2Count) {
  405.             return false;
  406.         }

  408.         return true;
  409.     }

  411.     /**
  412.      * Returns true if the query is null, or it's a properly formatted query string.
  413.      * @param query Query value to validate.
  414.      * @return true if query is valid.
  415.      */
  416.     protected boolean isValidQuery(final String query) {
  417.         if (query == null) {
  418.             return true;
  419.         }

  421.         return QUERY_PATTERN.matcher(query).matches();
  422.     }

  424.     /**
  425.      * Validate scheme. If schemes[] was initialized to a non-null,
  426.      * then only those schemes are allowed.  Note this is slightly different
  427.      * than for the constructor.
  428.      * @param scheme The scheme to validate.  A {@code null} value is considered
  429.      * invalid.
  430.      * @return true if valid.
  431.      */
  432.     protected boolean isValidScheme(final String scheme) {
  433.         if (scheme == null || !SCHEME_PATTERN.matcher(scheme).matches() || options.isOff(ALLOW_ALL_SCHEMES) && !allowedSchemes.contains(scheme)) {
  434.             return false;
  435.         }

  437.         return true;
  438.     }
  439. }
Created with JaCoCo 0.8.13.202504020838