string escape/unescape edge-cases, need to escape filename in DownloadFileByName()

Question

string escape/unescape edge-cases, need to escape filename in DownloadFileByName()

armhold opened this issue 7 years ago · comments

Hi, I did some fuzz-testing on blazer and found that there were some cases where the input does not come through cleanly for unescape(escape(s)):

		"&\x020000\x9c",
		"&\x020\x9c0",
		"&\x0230j",
		"&\x02\x98000",
		"&\x02\x983\xc8j00",
		"00\x000",
		"00\x0000",
		"00\x0000000000000",
		"\x11\x030",

I think this can be fixed, and at the same time greatly simplify the code, by following the pattern in Backblaze's sample code: use the platform's stdlib encoding function, and just replace "%2F" with "/" for their edge-case of not encoding the slash.

I also found that DownloadFileByName probably needs to escape the filename when used as part of the request URI.

My fixes and some tests for this are here:

armhold@4df8235
armhold@1b09f11

Would you mind reviewing? I can submit a PR if you think that's appropriate, but would appreciate your review of my potential changes.

Thanks!

Toby Burress · Answer 1 · Wed Oct 11 2017 01:25:20 GMT+0800 (China Standard Time)

Thanks for this!

This mostly LGTM. If you open a PR, though, you'll need to sign the Google CLA at https://cla.developers.google.com/clas before I can accept it.