001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.commons.validator.routines; 018 019 import java.io.Serializable; 020 import java.util.Arrays; 021 import java.util.Collections; 022 import java.util.HashSet; 023 import java.util.Set; 024 import java.util.regex.Matcher; 025 import java.util.regex.Pattern; 026 027 /** 028 * <p><b>URL Validation</b> routines.</p> 029 * Behavior of validation is modified by passing in options: 030 * <li>ALLOW_2_SLASHES - [FALSE] Allows double '/' characters in the path 031 * component.</li> 032 * <li>NO_FRAGMENT- [FALSE] By default fragments are allowed, if this option is 033 * included then fragments are flagged as illegal.</li> 034 * <li>ALLOW_ALL_SCHEMES - [FALSE] By default only http, https, and ftp are 035 * considered valid schemes. Enabling this option will let any scheme pass validation.</li> 036 * 037 * <p>Originally based in on php script by Debbie Dyer, validation.php v1.2b, Date: 03/07/02, 038 * http://javascript.internet.com. However, this validation now bears little resemblance 039 * to the php original.</p> 040 * <pre> 041 * Example of usage: 042 * Construct a UrlValidator with valid schemes of "http", and "https". 043 * 044 * String[] schemes = {"http","https"}. 045 * UrlValidator urlValidator = new UrlValidator(schemes); 046 * if (urlValidator.isValid("ftp://foo.bar.com/")) { 047 * System.out.println("url is valid"); 048 * } else { 049 * System.out.println("url is invalid"); 050 * } 051 * 052 * prints "url is invalid" 053 * If instead the default constructor is used. 054 * 055 * UrlValidator urlValidator = new UrlValidator(); 056 * if (urlValidator.isValid("ftp://foo.bar.com/")) { 057 * System.out.println("url is valid"); 058 * } else { 059 * System.out.println("url is invalid"); 060 * } 061 * 062 * prints out "url is valid" 063 * </pre> 064 * 065 * @see 066 * <a href='http://www.ietf.org/rfc/rfc2396.txt' > 067 * Uniform Resource Identifiers (URI): Generic Syntax 068 * </a> 069 * 070 * @version $Revision: 595020 $ $Date: 2007-11-14 20:36:45 +0100 (Mi, 14. Nov 2007) $ 071 * @since Validator 1.4 072 */ 073 public class UrlValidator implements Serializable { 074 075 /** 076 * Allows all validly formatted schemes to pass validation instead of 077 * supplying a set of valid schemes. 078 */ 079 public static final long ALLOW_ALL_SCHEMES = 1 << 0; 080 081 /** 082 * Allow two slashes in the path component of the URL. 083 */ 084 public static final long ALLOW_2_SLASHES = 1 << 1; 085 086 /** 087 * Enabling this options disallows any URL fragments. 088 */ 089 public static final long NO_FRAGMENTS = 1 << 2; 090 091 // Drop numeric, and "+-." for now 092 private static final String AUTHORITY_CHARS_REGEX = "\\p{Alnum}\\-\\."; 093 094 /** 095 * This expression derived/taken from the BNF for URI (RFC2396). 096 */ 097 private static final String URL_REGEX = 098 "^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"; 099 // 12 3 4 5 6 7 8 9 100 private static final Pattern URL_PATTERN = Pattern.compile(URL_REGEX); 101 102 /** 103 * Schema/Protocol (ie. http:, ftp:, file:, etc). 104 */ 105 private static final int PARSE_URL_SCHEME = 2; 106 107 /** 108 * Includes hostname/ip and port number. 109 */ 110 private static final int PARSE_URL_AUTHORITY = 4; 111 112 private static final int PARSE_URL_PATH = 5; 113 114 private static final int PARSE_URL_QUERY = 7; 115 116 private static final int PARSE_URL_FRAGMENT = 9; 117 118 /** 119 * Protocol (ie. http:, ftp:,https:). 120 */ 121 private static final String SCHEME_REGEX = "^\\p{Alpha}[\\p{Alnum}\\+\\-\\.]*"; 122 private static final Pattern SCHEME_PATTERN = Pattern.compile(SCHEME_REGEX); 123 124 private static final String AUTHORITY_REGEX = 125 "^([" + AUTHORITY_CHARS_REGEX + "]*)(:\\d*)?(.*)?"; 126 // 1 2 3 4 127 private static final Pattern AUTHORITY_PATTERN = Pattern.compile(AUTHORITY_REGEX); 128 129 private static final int PARSE_AUTHORITY_HOST_IP = 1; 130 131 private static final int PARSE_AUTHORITY_PORT = 2; 132 133 /** 134 * Should always be empty. 135 */ 136 private static final int PARSE_AUTHORITY_EXTRA = 3; 137 138 private static final String PATH_REGEX = "^(/[-\\w:@&?=+,.!/~*'%$_;\\(\\)]*)?$"; 139 private static final Pattern PATH_PATTERN = Pattern.compile(PATH_REGEX); 140 141 private static final String QUERY_REGEX = "^(.*)$"; 142 private static final Pattern QUERY_PATTERN = Pattern.compile(QUERY_REGEX); 143 144 private static final String LEGAL_ASCII_REGEX = "^\\p{ASCII}+$"; 145 private static final Pattern ASCII_PATTERN = Pattern.compile(LEGAL_ASCII_REGEX); 146 147 private static final String PORT_REGEX = "^:(\\d{1,5})$"; 148 private static final Pattern PORT_PATTERN = Pattern.compile(PORT_REGEX); 149 150 /** 151 * Holds the set of current validation options. 152 */ 153 private final long options; 154 155 /** 156 * The set of schemes that are allowed to be in a URL. 157 */ 158 private final Set allowedSchemes; 159 160 /** 161 * Regular expressions used to manually validate authorities if IANA 162 * domain name validation isn't desired. 163 */ 164 private final RegexValidator authorityValidator; 165 166 /** 167 * If no schemes are provided, default to this set. 168 */ 169 private static final String[] DEFAULT_SCHEMES = {"http", "https", "ftp"}; 170 171 /** 172 * Singleton instance of this class with default schemes and options. 173 */ 174 private static final UrlValidator DEFAULT_URL_VALIDATOR = new UrlValidator(); 175 176 /** 177 * Returns the singleton instance of this class with default schemes and options. 178 * @return singleton instance with default schemes and options 179 */ 180 public static UrlValidator getInstance() { 181 return DEFAULT_URL_VALIDATOR; 182 } 183 184 /** 185 * Create a UrlValidator with default properties. 186 */ 187 public UrlValidator() { 188 this(null); 189 } 190 191 /** 192 * Behavior of validation is modified by passing in several strings options: 193 * @param schemes Pass in one or more url schemes to consider valid, passing in 194 * a null will default to "http,https,ftp" being valid. 195 * If a non-null schemes is specified then all valid schemes must 196 * be specified. Setting the ALLOW_ALL_SCHEMES option will 197 * ignore the contents of schemes. 198 */ 199 public UrlValidator(String[] schemes) { 200 this(schemes, (long)0); 201 } 202 203 /** 204 * Initialize a UrlValidator with the given validation options. 205 * @param options The options should be set using the public constants declared in 206 * this class. To set multiple options you simply add them together. For example, 207 * ALLOW_2_SLASHES + NO_FRAGMENTS enables both of those options. 208 */ 209 public UrlValidator(long options) { 210 this(null, null, options); 211 } 212 213 /** 214 * Behavior of validation is modified by passing in options: 215 * @param schemes The set of valid schemes. 216 * @param options The options should be set using the public constants declared in 217 * this class. To set multiple options you simply add them together. For example, 218 * ALLOW_2_SLASHES + NO_FRAGMENTS enables both of those options. 219 */ 220 public UrlValidator(String[] schemes, long options) { 221 this(schemes, null, options); 222 } 223 224 /** 225 * Initialize a UrlValidator with the given validation options. 226 * @param authorityValidator Regular expression validator used to validate the authority part 227 * @param options Validation options. Set using the public constants of this class. 228 * To set multiple options, simply add them together: 229 * <p><code>ALLOW_2_SLASHES + NO_FRAGMENTS</code></p> 230 * enables both of those options. 231 */ 232 public UrlValidator(RegexValidator authorityValidator, long options) { 233 this(null, authorityValidator, options); 234 } 235 236 /** 237 * Customizable constructor. Validation behavior is modifed by passing in options. 238 * @param schemes the set of valid schemes 239 * @param authorityValidator Regular expression validator used to validate the authority part 240 * @param options Validation options. Set using the public constants of this class. 241 * To set multiple options, simply add them together: 242 * <p><code>ALLOW_2_SLASHES + NO_FRAGMENTS</code></p> 243 * enables both of those options. 244 */ 245 public UrlValidator(String[] schemes, RegexValidator authorityValidator, long options) { 246 this.options = options; 247 248 if (isOn(ALLOW_ALL_SCHEMES)) { 249 this.allowedSchemes = Collections.EMPTY_SET; 250 } else { 251 if (schemes == null) { 252 schemes = DEFAULT_SCHEMES; 253 } 254 this.allowedSchemes = new HashSet(); 255 this.allowedSchemes.addAll(Arrays.asList(schemes)); 256 } 257 258 this.authorityValidator = authorityValidator; 259 260 } 261 262 /** 263 * <p>Checks if a field has a valid url address.</p> 264 * 265 * @param value The value validation is being performed on. A <code>null</code> 266 * value is considered invalid. 267 * @return true if the url is valid. 268 */ 269 public boolean isValid(String value) { 270 if (value == null) { 271 return false; 272 } 273 274 if (!ASCII_PATTERN.matcher(value).matches()) { 275 return false; 276 } 277 278 // Check the whole url address structure 279 Matcher urlMatcher = URL_PATTERN.matcher(value); 280 if (!urlMatcher.matches()) { 281 return false; 282 } 283 284 if (!isValidScheme(urlMatcher.group(PARSE_URL_SCHEME))) { 285 return false; 286 } 287 288 if (!isValidAuthority(urlMatcher.group(PARSE_URL_AUTHORITY))) { 289 return false; 290 } 291 292 if (!isValidPath(urlMatcher.group(PARSE_URL_PATH))) { 293 return false; 294 } 295 296 if (!isValidQuery(urlMatcher.group(PARSE_URL_QUERY))) { 297 return false; 298 } 299 300 if (!isValidFragment(urlMatcher.group(PARSE_URL_FRAGMENT))) { 301 return false; 302 } 303 304 return true; 305 } 306 307 /** 308 * Validate scheme. If schemes[] was initialized to a non null, 309 * then only those scheme's are allowed. Note this is slightly different 310 * than for the constructor. 311 * @param scheme The scheme to validate. A <code>null</code> value is considered 312 * invalid. 313 * @return true if valid. 314 */ 315 protected boolean isValidScheme(String scheme) { 316 if (scheme == null) { 317 return false; 318 } 319 320 if (!SCHEME_PATTERN.matcher(scheme).matches()) { 321 return false; 322 } 323 324 if (isOff(ALLOW_ALL_SCHEMES)) { 325 326 if (!this.allowedSchemes.contains(scheme)) { 327 return false; 328 } 329 } 330 331 return true; 332 } 333 334 /** 335 * Returns true if the authority is properly formatted. An authority is the combination 336 * of hostname and port. A <code>null</code> authority value is considered invalid. 337 * @param authority Authority value to validate. 338 * @return true if authority (hostname and port) is valid. 339 */ 340 protected boolean isValidAuthority(String authority) { 341 if (authority == null) { 342 return false; 343 } 344 345 // check manual authority validation if specified 346 if (authorityValidator != null) { 347 if (authorityValidator.isValid(authority)) { 348 return true; 349 } 350 } 351 352 Matcher authorityMatcher = AUTHORITY_PATTERN.matcher(authority); 353 if (!authorityMatcher.matches()) { 354 return false; 355 } 356 357 String hostLocation = authorityMatcher.group(PARSE_AUTHORITY_HOST_IP); 358 // check if authority is hostname or IP address: 359 // try a hostname first since that's much more likely 360 DomainValidator domainValidator = DomainValidator.getInstance(); 361 if (!domainValidator.isValid(hostLocation)) { 362 // try an IP address 363 InetAddressValidator inetAddressValidator = 364 InetAddressValidator.getInstance(); 365 if (!inetAddressValidator.isValid(hostLocation)) { 366 // isn't either one, so the URL is invalid 367 return false; 368 } 369 } 370 371 String port = authorityMatcher.group(PARSE_AUTHORITY_PORT); 372 if (port != null) { 373 if (!PORT_PATTERN.matcher(port).matches()) { 374 return false; 375 } 376 } 377 378 String extra = authorityMatcher.group(PARSE_AUTHORITY_EXTRA); 379 if (extra != null && extra.trim().length() > 0){ 380 return false; 381 } 382 383 return true; 384 } 385 386 /** 387 * Returns true if the path is valid. A <code>null</code> value is considered invalid. 388 * @param path Path value to validate. 389 * @return true if path is valid. 390 */ 391 protected boolean isValidPath(String path) { 392 if (path == null) { 393 return false; 394 } 395 396 if (!PATH_PATTERN.matcher(path).matches()) { 397 return false; 398 } 399 400 int slash2Count = countToken("//", path); 401 if (isOff(ALLOW_2_SLASHES) && (slash2Count > 0)) { 402 return false; 403 } 404 405 int slashCount = countToken("/", path); 406 int dot2Count = countToken("..", path); 407 if (dot2Count > 0) { 408 if ((slashCount - slash2Count - 1) <= dot2Count) { 409 return false; 410 } 411 } 412 413 return true; 414 } 415 416 /** 417 * Returns true if the query is null or it's a properly formatted query string. 418 * @param query Query value to validate. 419 * @return true if query is valid. 420 */ 421 protected boolean isValidQuery(String query) { 422 if (query == null) { 423 return true; 424 } 425 426 return QUERY_PATTERN.matcher(query).matches(); 427 } 428 429 /** 430 * Returns true if the given fragment is null or fragments are allowed. 431 * @param fragment Fragment value to validate. 432 * @return true if fragment is valid. 433 */ 434 protected boolean isValidFragment(String fragment) { 435 if (fragment == null) { 436 return true; 437 } 438 439 return isOff(NO_FRAGMENTS); 440 } 441 442 /** 443 * Returns the number of times the token appears in the target. 444 * @param token Token value to be counted. 445 * @param target Target value to count tokens in. 446 * @return the number of tokens. 447 */ 448 protected int countToken(String token, String target) { 449 int tokenIndex = 0; 450 int count = 0; 451 while (tokenIndex != -1) { 452 tokenIndex = target.indexOf(token, tokenIndex); 453 if (tokenIndex > -1) { 454 tokenIndex++; 455 count++; 456 } 457 } 458 return count; 459 } 460 461 /** 462 * Tests whether the given flag is on. If the flag is not a power of 2 463 * (ie. 3) this tests whether the combination of flags is on. 464 * 465 * @param flag Flag value to check. 466 * 467 * @return whether the specified flag value is on. 468 */ 469 private boolean isOn(long flag) { 470 return (this.options & flag) > 0; 471 } 472 473 /** 474 * Tests whether the given flag is off. If the flag is not a power of 2 475 * (ie. 3) this tests whether the combination of flags is off. 476 * 477 * @param flag Flag value to check. 478 * 479 * @return whether the specified flag value is off. 480 */ 481 private boolean isOff(long flag) { 482 return (this.options & flag) == 0; 483 } 484 }