Ensure special characters in manifest filepaths are urlencoded (#35)

* Ensure filepaths are encoded/decoded according to the spec

* Add allow-plugins config

* Switch host OS for PHP 7.3

* Finalize checks for bag filepaths

* Don't test for newlines in fetch files or manifest.

Author: whikloj

.github/workflows/build.yml

@@ -10,16 +10,21 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.host-os }}
     continue-on-error: ${{ matrix.experimental }}
     strategy:
       fail-fast: false
       matrix:
-        php-versions: ["7.3", "7.4"]
+        php-versions: ["7.4", "8.0"]
         experimental: [false]
+        host-os: ["ubuntu-latest"]
         include:
-          - php-versions: "8.0"
+          - php-versions: "7.3"
+            experimental: false
+            host-os: "ubuntu-18.04"
+          - php-versions: "8.1"
             experimental: true
+            host-os: "ubuntu-latest"
 
     name: PHP ${{ matrix.php-versions }}
     steps:
@@ -30,7 +35,7 @@ jobs:
         uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ matrix.php-versions }}
-          tools: phpunit
+          coverage: none
 
       - name: Get composer cache directory
         id: composercache

composer.json

@@ -46,5 +46,10 @@
       "@check",
       "phpdbg -qrr ./vendor/bin/phpunit"
     ]
+  },
+  "config": {
+    "allow-plugins": {
+      "symfony/flex": false
+    }
   }
 }

src/AbstractManifest.php

@@ -2,7 +2,6 @@
 
 namespace whikloj\BagItTools;
 
-use whikloj\BagItTools\Exceptions\BagItException;
 use whikloj\BagItTools\Exceptions\FilesystemException;
 
 /**
@@ -247,9 +246,7 @@ protected function loadFile()
                 if (preg_match("~^(\w+)\s+\*?(.*)$~", $line, $matches)) {
                     $hash = $matches[1];
                     $originalPath = $matches[2];
-                    if (substr($originalPath, 0, 2) == "./") {
-                        $this->addLoadWarning("Line {$lineCount} : Paths SHOULD not be relative");
-                    }
+                    $this->checkIncomingFilePath($originalPath, $lineCount);
                     $path = $this->cleanUpRelPath($originalPath);
                     // Normalized path in lowercase (for matching)
                     $lowerNormalized = $this->normalizePath($path);
@@ -263,6 +260,8 @@ protected function loadFile()
                         $this->hashes[$path] = $hash;
                         $this->addToNormalizedList($lowerNormalized);
                     }
+                } else {
+                    $this->addLoadError("Line $lineCount : Line is not of the form 'checksum path'");
                 }
             }
             fclose($fp);
@@ -286,13 +285,35 @@ protected function writeToDisk()
             throw new FilesystemException("Unable to write {$fullPath}");
         }
         foreach ($this->hashes as $path => $hash) {
+            $path = BagUtils::encodeFilepath($path);
             $line = "{$hash} {$path}" . PHP_EOL;
             $line = $this->bag->encodeText($line);
             BagUtils::checkedFwrite($fp, $line);
         }
         fclose($fp);
     }
 
+    /**
+     * Does validation on incoming file paths.
+     *
+     * @param string $filepath
+     *   The file path to be checked.
+     * @param int $lineCount
+     *   The line of the manifest we are currently checking.
+     */
+    private function checkIncomingFilePath(string $filepath, int $lineCount): void
+    {
+        if (substr($filepath, 0, 2) == "./") {
+            $this->addLoadWarning("Line $lineCount : Paths SHOULD not be relative");
+        }
+        if (BagUtils::checkUnencodedFilepath($filepath)) {
+            $this->addLoadError(
+                "Line $lineCount: File paths containing Line Feed (LF), Carriage Return (CR) or a percent sign (%) " .
+                "MUST be encoded, and only those characters can be encoded."
+            );
+        }
+    }
+
     /**
      * Calculate the hash of the file.
      *
@@ -423,6 +444,7 @@ private function cleanUpRelPath($filepath) : string
     {
         $filepath = $this->bag->makeAbsolute($filepath);
         $filepath = $this->cleanUpAbsPath($filepath);
+        $filepath = BagUtils::decodeFilepath($filepath);
         return $this->bag->makeRelative($filepath);
     }
 

src/Bag.php

@@ -866,18 +866,10 @@ public function setAlgorithm($algorithm)
      */
     public function addFetchFile($url, $destination, $size = null)
     {
-        $fetchData = [
-            'uri' => $url,
-            'destination' => $destination,
-        ];
-        if (!is_null($size) && is_int($size)) {
-            $fetchData['size'] = $size;
-        }
         if (!isset($this->fetchFile)) {
             $this->fetchFile = new Fetch($this, false);
         }
-        // Download the file now to help with manifest handling, deleted when you package() or finalize().
-        $this->fetchFile->download($fetchData);
+        $this->fetchFile->addFile($url, $destination, $size);
         $this->changed = true;
     }
 

src/BagUtils.php

@@ -353,4 +353,65 @@ public static function checkedFwrite($fp, $content)
             throw new FilesystemException("Error writing to file");
         }
     }
+
+    /**
+     * Decode a file path according to the special rules of the spec.
+     *
+     * RFC 8943 - sections 2.1.3 & 2.2.3
+     * If _filename_ includes an LF, a CR, a CRLF, or a percent sign (%), those characters (and only those) MUST be
+     * percent-encoded as described in [RFC3986].
+     *
+     * @param string $line
+     *   The original filepath from the manifest file.
+     * @return string
+     *   The filepath with the special characters decoded.
+     */
+    public static function decodeFilepath(string $line): string
+    {
+        // Strip newlines from the right.
+        $decoded = rtrim($line, "\r\n");
+        return str_replace(
+            ["%0A", "%0D", "%25"],
+            ["\n", "\r", "%"],
+            $decoded
+        );
+    }
+
+    /**
+     * Encode a file path according to the special rules of the spec.
+     *
+     * RFC 8943 - sections 2.1.3 & 2.2.3
+     * If _filename_ includes an LF, a CR, a CRLF, or a percent sign (%), those characters (and only those) MUST be
+     * percent-encoded as described in [RFC3986].
+     *
+     * @param string $line
+     *   The original file path.
+     * @return string
+     *   The file path with the special manifest characters encoded.
+     */
+    public static function encodeFilepath(string $line): string
+    {
+        // Strip newlines from the right.
+        $encoded = rtrim($line, "\r\n");
+        return str_replace(
+            ["%", "\n", "\r"],
+            ["%25", "%0A", "%0D"],
+            $encoded
+        );
+    }
+
+    /**
+     * Check for unencoded newlines, carriage returns or % symbols in a file path.
+     *
+     * @param string $filepath
+     *   The file path to check
+     * @return bool
+     *   True if there are un-encoded characters
+     * @see \whikloj\BagItTools\BagUtils::encodeFilepath()
+     * @see \whikloj\BagItTools\BagUtils::decodeFilepath()
+     */
+    public static function checkUnencodedFilepath(string $filepath): bool
+    {
+        return preg_match_all("/%(?!(25|0A|0D))/", $filepath);
+    }
 }

src/Fetch.php

@@ -112,6 +112,9 @@ public function getData() : array
      */
     public function downloadAll()
     {
+        if (count($this->getErrors()) > 0) {
+            throw new BagItException("The fetch.txt file has errors, unable to download files.");
+        }
         $this->resetErrors();
         $this->downloadQueue = [];
         foreach ($this->files as $file) {
@@ -146,15 +149,36 @@ private function validateData(array $fetchData)
         if (!$this->internalValidateUrl($uri)) {
             throw new BagItException("This library only supports http/https URLs");
         }
-        if (!$this->validatePath($dest)) {
-            // Skip destinations with %xx other than %0A, %0D and %25
-            throw new BagItException("Destination paths can't have any percent encoded characters except CR, LF, & %");
-        }
         if (!$this->bag->pathInBagData($dest)) {
             throw new BagItException("Path {$dest} resolves outside the bag.");
         }
     }
 
+    /**
+     * Add a file to this fetch file.
+     *
+     * @param string $url
+     *   The remote URL for the file.
+     * @param string $destination
+     *   The bag destination path for the file.
+     * @param int|null $size
+     *   The expected size of the file, or null for unknown.
+     * @throws \whikloj\BagItTools\Exceptions\BagItException
+     *   Errors with adding this file to your fetch file.
+     */
+    public function addFile(string $url, string $destination, int $size = null): void
+    {
+        $fetchData = [
+            'uri' => $url,
+            'destination' => $destination,
+        ];
+        if (is_int($size)) {
+            $fetchData['size'] = $size;
+        }
+        // Download the file now to help with manifest handling, deleted when you package() or finalize().
+        $this->download($fetchData);
+    }
+
     /**
      * Download a single file as it is added to the fetch file so we can generate checksums.
      *
@@ -327,13 +351,20 @@ private function loadFiles()
                         $filesize = (int)$filesize;
                     }
                     $destination = BagUtils::baseInData($matches[3]);
+                    if (BagUtils::checkUnencodedFilepath($destination)) {
+                        $this->addError(
+                            "Line $lineCount: Filepaths containing Line Feed (LF), Carriage Return (CR) or a " .
+                            "percent sign (%) MUST be encoded, and only those characters can be encoded."
+                        );
+                    }
+                    $destination = BagUtils::decodeFilepath($destination);
                     $this->files[] = [
                         'uri' => $uri,
                         'size' => $filesize,
                         'destination' => $destination,
                     ];
                 } else {
-                    $this->addError("Line {$lineCount} : This line is not valid.");
+                    $this->addError("Line $lineCount : This line is not valid.");
                 }
             }
         }
@@ -513,7 +544,8 @@ private function writeToDisk()
                 throw new FilesystemException("Unable to write {$this->filename}");
             }
             foreach ($this->files as $fileData) {
-                $line = "{$fileData['uri']} {$fileData['size']} {$fileData['destination']}" . PHP_EOL;
+                $destination = BagUtils::encodeFilepath($fileData['destination']);
+                $line = "{$fileData['uri']} {$fileData['size']} $destination" . PHP_EOL;
                 $line = $this->bag->encodeText($line);
                 BagUtils::checkedFwrite($fp, $line);
             }
@@ -555,30 +587,6 @@ private function internalValidateUrl($url) : bool
         return true;
     }
 
-    /**
-     * Validate the path for fetch files.
-     *
-     * @param string $dest
-     *   The destination file path.
-     * @return bool
-     *   True if it is valid.
-     */
-    private function validatePath($dest) : bool
-    {
-        // You can't have any encoded characters in the destination string except LF, CR, CRLF and % itself.
-        if (strpos($dest, '%') !== false) {
-            $parts = explode('%', $dest);
-            foreach ($parts as $part) {
-                $char = substr($part, 0, 2);
-                $char = strtolower($char);
-                if (!($char == '0a' || $char == '0d' || $char == '25')) {
-                    return false;
-                }
-            }
-        }
-        return true;
-    }
-
     /**
      * Check if the url is already in the file.
      *

tests/BagInternalTest.php

@@ -267,4 +267,35 @@ public function testArrayKeyExistsNoCase()
             ['BOO', 'name', $test_array]
         ));
     }
+
+    /**
+     * @covers \whikloj\BagItTools\AbstractManifest::checkIncomingFilePath
+     */
+    public function testCheckFilePathEncoding(): void
+    {
+        $bag = Bag::create($this->tmpdir);
+        $payload = $bag->getPayloadManifests()['sha512'];
+        $class = new \ReflectionClass('whikloj\BagItTools\PayloadManifest');
+        $methodCall = $class->getMethod('checkIncomingFilePath');
+        $methodCall->setAccessible(true);
+        $loadIssues = $class->getProperty('loadIssues');
+        $loadIssues->setAccessible(true);
+        // Initially no errors
+        $this->assertCount(0, $loadIssues->getValue($payload)['error']);
+        // unencoded % symbol
+        $methodCall->invokeArgs($payload, ["fail-for-%-filename.txt", 1]);
+        $this->assertCount(1, $loadIssues->getValue($payload)['error']);
+        // Urlencoded character that is not %25, %0A or %0D
+        $methodCall->invokeArgs($payload, ["fail-for-%2F-filename.txt", 1]);
+        $this->assertCount(2, $loadIssues->getValue($payload)['error']);
+        // No issue with encoded %
+        $methodCall->invokeArgs($payload, ["succeed-for-%25-filename.txt", 1]);
+        $this->assertCount(2, $loadIssues->getValue($payload)['error']);
+        // No issue for encoded line feed
+        $methodCall->invokeArgs($payload, ["succeed-for-%0A-filename.txt", 1]);
+        $this->assertCount(2, $loadIssues->getValue($payload)['error']);
+        // No issue for encoded carriage return
+        $methodCall->invokeArgs($payload, ["succeed-for-%0D-filename.txt", 1]);
+        $this->assertCount(2, $loadIssues->getValue($payload)['error']);
+    }
 }

tests/BagUtilsTest.php

@@ -110,7 +110,7 @@ public function testGetAllFiles()
         $this->assertCount(2, $files);
 
         $files = BagUtils::getAllFiles(self::TEST_RESOURCES . DIRECTORY_SEPARATOR . 'fetchFiles');
-        $this->assertCount(4, $files);
+        $this->assertCount(5, $files);
 
         $files = BagUtils::getAllFiles(self::TEST_EXTENDED_BAG_DIR);
         $this->assertCount(7, $files);
@@ -211,4 +211,19 @@ public function testCheckedFwrite()
         // Write to the file.
         BagUtils::checkedFwrite($fp, "Some example text");
     }
+
+    /**
+     * @covers ::checkUnencodedFilepath
+     */
+    public function testCheckUnencodedFilepath(): void
+    {
+        $this->assertTrue(BagUtils::checkUnencodedFilepath("some/path/with%2ffake/slashes"));
+        $this->assertTrue(BagUtils::checkUnencodedFilepath("some/path/with%2Ffake/slashes"));
+        $this->assertFalse(BagUtils::checkUnencodedFilepath("some/path/with%252ffake/slashes"));
+        $this->assertFalse(BagUtils::checkUnencodedFilepath("some/path/with%252Ffake/slashes"));
+        $this->assertFalse(BagUtils::checkUnencodedFilepath("some/path/with%0Aencoded/newlines"));
+        $this->assertFalse(BagUtils::checkUnencodedFilepath("some/path/with%0Dencoded/carriage/returns"));
+        $this->assertTrue(BagUtils::checkUnencodedFilepath("some/path/with%22encoded/quotes"));
+        $this->assertFalse(BagUtils::checkUnencodedFilepath("some/path/with/nothing"));
+    }
 }