sdk-go
sdk-go copied to clipboard
Published
20 hours ago •
cloudevents
cloudevents
URI Validation fails to catch invalid relative `Source` URI
CE SDK Spec for source is defined as:
URI - Absolute uniform resource identifier.
- String encoding:
Absolute URIas defined in RFC 3986 Section 4.3
To quote from the RFC:
A path segment that contains a colon character (e.g., "this:that")
cannot be used as the first segment of a relative-path reference, as
it would be mistaken for a scheme name. Such a segment must be
preceded by a dot-segment (e.g., "./this:that") to make a relative-
path reference.
Though this invalid URI passes the SPEC validation in the SDK:
package main
import (
"fmt"
"net/url"
)
func main() {
u, err := url.Parse("this:that")
if err != nil {
panic(err.Error())
}
fmt.Println(u)
}
// prints this:that
https://github.com/cloudevents/sdk-go/blob/9f80fd3a004fcabea03987db1fdfcb324deef14e/v2/types/uriref_test.go#L17
The CE SDK Meeting on Feb 17 2022 we agreed to open an issue in the Go SDK though the problem seems to be in the underlying net/url std lib.
