Validate request methods against a regex (#512) Fixes #511

commit: abb2bb182fbd7f03aafd1f889b902d7b3bdb8769 [log] [tgz]
author: Marcin Niemira <marcin.niemira@gmail.com> Fri Apr 30 10:50:54 2021 +1000
committer: GitHub <noreply@github.com> Thu Apr 29 17:50:54 2021 -0700
tree: 5828cef2223a62252e3f31e00d9a2a3e482c6787
parent: ca730a3415c158035ef77001fccc916e901a0556 [diff]
diff --git a/CHANGELOG.md b/CHANGELOG.md
index c7edf67..e786f21 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md

@@ -1,5 +1,7 @@
 ## 0.13.3-dev
 
+* Validate that the `method` parameter of BaseRequest is a valid "token".
+
 ## 0.13.2
 
 * Add `package:http/retry.dart` with `RetryClient`. This is the same

diff --git a/lib/src/base_request.dart b/lib/src/base_request.dart
index 6380cb0..fd18bad 100644
--- a/lib/src/base_request.dart
+++ b/lib/src/base_request.dart

@@ -88,8 +88,17 @@
   bool get finalized => _finalized;
   bool _finalized = false;
 
-  BaseRequest(this.method, this.url)
-      : headers = LinkedHashMap(
+  static final _tokenRE = RegExp(r"^[\w!#%&'*+\-.^`|~]+$");
+  static String _validateMethod(String method) {
+    if (!_tokenRE.hasMatch(method)) {
+      throw ArgumentError.value(method, 'method', 'Not a valid method');
+    }
+    return method;
+  }
+
+  BaseRequest(String method, this.url)
+      : method = _validateMethod(method),
+        headers = LinkedHashMap(
             equals: (key1, key2) => key1.toLowerCase() == key2.toLowerCase(),
             hashCode: (key) => key.toLowerCase().hashCode);
 

diff --git a/test/request_test.dart b/test/request_test.dart
index 5b74bff..59cb098 100644
--- a/test/request_test.dart
+++ b/test/request_test.dart

@@ -334,4 +334,10 @@
       expect(request.toString(), 'POST $dummyUrl');
     });
   });
+
+  group('#method', () {
+    test('must be a token', () {
+      expect(() => http.Request('LLAMA[0]', dummyUrl), throwsArgumentError);
+    });
+  });
 }

diff --git a/test/streamed_request_test.dart b/test/streamed_request_test.dart
index c8c801d..4baa3e6 100644
--- a/test/streamed_request_test.dart
+++ b/test/streamed_request_test.dart

@@ -24,4 +24,10 @@
       expect(() => request.contentLength = 10, throwsStateError);
     });
   });
+  group('#method', () {
+    test('must be a token', () {
+      expect(() => http.StreamedRequest('SUPER LLAMA', dummyUrl),
+          throwsArgumentError);
+    });
+  });
 }
commit	abb2bb182fbd7f03aafd1f889b902d7b3bdb8769	[log] [tgz]
author	Marcin Niemira <marcin.niemira@gmail.com>	Fri Apr 30 10:50:54 2021 +1000
committer	GitHub <noreply@github.com>	Thu Apr 29 17:50:54 2021 -0700
tree	5828cef2223a62252e3f31e00d9a2a3e482c6787
parent	ca730a3415c158035ef77001fccc916e901a0556 [diff]