001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.commons.validator.routines;
018
019 import java.io.Serializable;
020 import java.util.Arrays;
021 import java.util.Collections;
022 import java.util.HashSet;
023 import java.util.Set;
024 import java.util.regex.Matcher;
025 import java.util.regex.Pattern;
026
027 /**
028 * <p><b>URL Validation</b> routines.</p>
029 * Behavior of validation is modified by passing in options:
030 * <li>ALLOW_2_SLASHES - [FALSE] Allows double '/' characters in the path
031 * component.</li>
032 * <li>NO_FRAGMENT- [FALSE] By default fragments are allowed, if this option is
033 * included then fragments are flagged as illegal.</li>
034 * <li>ALLOW_ALL_SCHEMES - [FALSE] By default only http, https, and ftp are
035 * considered valid schemes. Enabling this option will let any scheme pass validation.</li>
036 *
037 * <p>Originally based in on php script by Debbie Dyer, validation.php v1.2b, Date: 03/07/02,
038 * http://javascript.internet.com. However, this validation now bears little resemblance
039 * to the php original.</p>
040 * <pre>
041 * Example of usage:
042 * Construct a UrlValidator with valid schemes of "http", and "https".
043 *
044 * String[] schemes = {"http","https"}.
045 * UrlValidator urlValidator = new UrlValidator(schemes);
046 * if (urlValidator.isValid("ftp://foo.bar.com/")) {
047 * System.out.println("url is valid");
048 * } else {
049 * System.out.println("url is invalid");
050 * }
051 *
052 * prints "url is invalid"
053 * If instead the default constructor is used.
054 *
055 * UrlValidator urlValidator = new UrlValidator();
056 * if (urlValidator.isValid("ftp://foo.bar.com/")) {
057 * System.out.println("url is valid");
058 * } else {
059 * System.out.println("url is invalid");
060 * }
061 *
062 * prints out "url is valid"
063 * </pre>
064 *
065 * @see
066 * <a href='http://www.ietf.org/rfc/rfc2396.txt' >
067 * Uniform Resource Identifiers (URI): Generic Syntax
068 * </a>
069 *
070 * @version $Revision: 595020 $ $Date: 2007-11-14 20:36:45 +0100 (Mi, 14. Nov 2007) $
071 * @since Validator 1.4
072 */
073 public class UrlValidator implements Serializable {
074
075 /**
076 * Allows all validly formatted schemes to pass validation instead of
077 * supplying a set of valid schemes.
078 */
079 public static final long ALLOW_ALL_SCHEMES = 1 << 0;
080
081 /**
082 * Allow two slashes in the path component of the URL.
083 */
084 public static final long ALLOW_2_SLASHES = 1 << 1;
085
086 /**
087 * Enabling this options disallows any URL fragments.
088 */
089 public static final long NO_FRAGMENTS = 1 << 2;
090
091 // Drop numeric, and "+-." for now
092 private static final String AUTHORITY_CHARS_REGEX = "\\p{Alnum}\\-\\.";
093
094 /**
095 * This expression derived/taken from the BNF for URI (RFC2396).
096 */
097 private static final String URL_REGEX =
098 "^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?";
099 // 12 3 4 5 6 7 8 9
100 private static final Pattern URL_PATTERN = Pattern.compile(URL_REGEX);
101
102 /**
103 * Schema/Protocol (ie. http:, ftp:, file:, etc).
104 */
105 private static final int PARSE_URL_SCHEME = 2;
106
107 /**
108 * Includes hostname/ip and port number.
109 */
110 private static final int PARSE_URL_AUTHORITY = 4;
111
112 private static final int PARSE_URL_PATH = 5;
113
114 private static final int PARSE_URL_QUERY = 7;
115
116 private static final int PARSE_URL_FRAGMENT = 9;
117
118 /**
119 * Protocol (ie. http:, ftp:,https:).
120 */
121 private static final String SCHEME_REGEX = "^\\p{Alpha}[\\p{Alnum}\\+\\-\\.]*";
122 private static final Pattern SCHEME_PATTERN = Pattern.compile(SCHEME_REGEX);
123
124 private static final String AUTHORITY_REGEX =
125 "^([" + AUTHORITY_CHARS_REGEX + "]*)(:\\d*)?(.*)?";
126 // 1 2 3 4
127 private static final Pattern AUTHORITY_PATTERN = Pattern.compile(AUTHORITY_REGEX);
128
129 private static final int PARSE_AUTHORITY_HOST_IP = 1;
130
131 private static final int PARSE_AUTHORITY_PORT = 2;
132
133 /**
134 * Should always be empty.
135 */
136 private static final int PARSE_AUTHORITY_EXTRA = 3;
137
138 private static final String PATH_REGEX = "^(/[-\\w:@&?=+,.!/~*'%$_;\\(\\)]*)?$";
139 private static final Pattern PATH_PATTERN = Pattern.compile(PATH_REGEX);
140
141 private static final String QUERY_REGEX = "^(.*)$";
142 private static final Pattern QUERY_PATTERN = Pattern.compile(QUERY_REGEX);
143
144 private static final String LEGAL_ASCII_REGEX = "^\\p{ASCII}+$";
145 private static final Pattern ASCII_PATTERN = Pattern.compile(LEGAL_ASCII_REGEX);
146
147 private static final String PORT_REGEX = "^:(\\d{1,5})$";
148 private static final Pattern PORT_PATTERN = Pattern.compile(PORT_REGEX);
149
150 /**
151 * Holds the set of current validation options.
152 */
153 private final long options;
154
155 /**
156 * The set of schemes that are allowed to be in a URL.
157 */
158 private final Set allowedSchemes;
159
160 /**
161 * Regular expressions used to manually validate authorities if IANA
162 * domain name validation isn't desired.
163 */
164 private final RegexValidator authorityValidator;
165
166 /**
167 * If no schemes are provided, default to this set.
168 */
169 private static final String[] DEFAULT_SCHEMES = {"http", "https", "ftp"};
170
171 /**
172 * Singleton instance of this class with default schemes and options.
173 */
174 private static final UrlValidator DEFAULT_URL_VALIDATOR = new UrlValidator();
175
176 /**
177 * Returns the singleton instance of this class with default schemes and options.
178 * @return singleton instance with default schemes and options
179 */
180 public static UrlValidator getInstance() {
181 return DEFAULT_URL_VALIDATOR;
182 }
183
184 /**
185 * Create a UrlValidator with default properties.
186 */
187 public UrlValidator() {
188 this(null);
189 }
190
191 /**
192 * Behavior of validation is modified by passing in several strings options:
193 * @param schemes Pass in one or more url schemes to consider valid, passing in
194 * a null will default to "http,https,ftp" being valid.
195 * If a non-null schemes is specified then all valid schemes must
196 * be specified. Setting the ALLOW_ALL_SCHEMES option will
197 * ignore the contents of schemes.
198 */
199 public UrlValidator(String[] schemes) {
200 this(schemes, (long)0);
201 }
202
203 /**
204 * Initialize a UrlValidator with the given validation options.
205 * @param options The options should be set using the public constants declared in
206 * this class. To set multiple options you simply add them together. For example,
207 * ALLOW_2_SLASHES + NO_FRAGMENTS enables both of those options.
208 */
209 public UrlValidator(long options) {
210 this(null, null, options);
211 }
212
213 /**
214 * Behavior of validation is modified by passing in options:
215 * @param schemes The set of valid schemes.
216 * @param options The options should be set using the public constants declared in
217 * this class. To set multiple options you simply add them together. For example,
218 * ALLOW_2_SLASHES + NO_FRAGMENTS enables both of those options.
219 */
220 public UrlValidator(String[] schemes, long options) {
221 this(schemes, null, options);
222 }
223
224 /**
225 * Initialize a UrlValidator with the given validation options.
226 * @param authorityValidator Regular expression validator used to validate the authority part
227 * @param options Validation options. Set using the public constants of this class.
228 * To set multiple options, simply add them together:
229 * <p><code>ALLOW_2_SLASHES + NO_FRAGMENTS</code></p>
230 * enables both of those options.
231 */
232 public UrlValidator(RegexValidator authorityValidator, long options) {
233 this(null, authorityValidator, options);
234 }
235
236 /**
237 * Customizable constructor. Validation behavior is modifed by passing in options.
238 * @param schemes the set of valid schemes
239 * @param authorityValidator Regular expression validator used to validate the authority part
240 * @param options Validation options. Set using the public constants of this class.
241 * To set multiple options, simply add them together:
242 * <p><code>ALLOW_2_SLASHES + NO_FRAGMENTS</code></p>
243 * enables both of those options.
244 */
245 public UrlValidator(String[] schemes, RegexValidator authorityValidator, long options) {
246 this.options = options;
247
248 if (isOn(ALLOW_ALL_SCHEMES)) {
249 this.allowedSchemes = Collections.EMPTY_SET;
250 } else {
251 if (schemes == null) {
252 schemes = DEFAULT_SCHEMES;
253 }
254 this.allowedSchemes = new HashSet();
255 this.allowedSchemes.addAll(Arrays.asList(schemes));
256 }
257
258 this.authorityValidator = authorityValidator;
259
260 }
261
262 /**
263 * <p>Checks if a field has a valid url address.</p>
264 *
265 * @param value The value validation is being performed on. A <code>null</code>
266 * value is considered invalid.
267 * @return true if the url is valid.
268 */
269 public boolean isValid(String value) {
270 if (value == null) {
271 return false;
272 }
273
274 if (!ASCII_PATTERN.matcher(value).matches()) {
275 return false;
276 }
277
278 // Check the whole url address structure
279 Matcher urlMatcher = URL_PATTERN.matcher(value);
280 if (!urlMatcher.matches()) {
281 return false;
282 }
283
284 if (!isValidScheme(urlMatcher.group(PARSE_URL_SCHEME))) {
285 return false;
286 }
287
288 if (!isValidAuthority(urlMatcher.group(PARSE_URL_AUTHORITY))) {
289 return false;
290 }
291
292 if (!isValidPath(urlMatcher.group(PARSE_URL_PATH))) {
293 return false;
294 }
295
296 if (!isValidQuery(urlMatcher.group(PARSE_URL_QUERY))) {
297 return false;
298 }
299
300 if (!isValidFragment(urlMatcher.group(PARSE_URL_FRAGMENT))) {
301 return false;
302 }
303
304 return true;
305 }
306
307 /**
308 * Validate scheme. If schemes[] was initialized to a non null,
309 * then only those scheme's are allowed. Note this is slightly different
310 * than for the constructor.
311 * @param scheme The scheme to validate. A <code>null</code> value is considered
312 * invalid.
313 * @return true if valid.
314 */
315 protected boolean isValidScheme(String scheme) {
316 if (scheme == null) {
317 return false;
318 }
319
320 if (!SCHEME_PATTERN.matcher(scheme).matches()) {
321 return false;
322 }
323
324 if (isOff(ALLOW_ALL_SCHEMES)) {
325
326 if (!this.allowedSchemes.contains(scheme)) {
327 return false;
328 }
329 }
330
331 return true;
332 }
333
334 /**
335 * Returns true if the authority is properly formatted. An authority is the combination
336 * of hostname and port. A <code>null</code> authority value is considered invalid.
337 * @param authority Authority value to validate.
338 * @return true if authority (hostname and port) is valid.
339 */
340 protected boolean isValidAuthority(String authority) {
341 if (authority == null) {
342 return false;
343 }
344
345 // check manual authority validation if specified
346 if (authorityValidator != null) {
347 if (authorityValidator.isValid(authority)) {
348 return true;
349 }
350 }
351
352 Matcher authorityMatcher = AUTHORITY_PATTERN.matcher(authority);
353 if (!authorityMatcher.matches()) {
354 return false;
355 }
356
357 String hostLocation = authorityMatcher.group(PARSE_AUTHORITY_HOST_IP);
358 // check if authority is hostname or IP address:
359 // try a hostname first since that's much more likely
360 DomainValidator domainValidator = DomainValidator.getInstance();
361 if (!domainValidator.isValid(hostLocation)) {
362 // try an IP address
363 InetAddressValidator inetAddressValidator =
364 InetAddressValidator.getInstance();
365 if (!inetAddressValidator.isValid(hostLocation)) {
366 // isn't either one, so the URL is invalid
367 return false;
368 }
369 }
370
371 String port = authorityMatcher.group(PARSE_AUTHORITY_PORT);
372 if (port != null) {
373 if (!PORT_PATTERN.matcher(port).matches()) {
374 return false;
375 }
376 }
377
378 String extra = authorityMatcher.group(PARSE_AUTHORITY_EXTRA);
379 if (extra != null && extra.trim().length() > 0){
380 return false;
381 }
382
383 return true;
384 }
385
386 /**
387 * Returns true if the path is valid. A <code>null</code> value is considered invalid.
388 * @param path Path value to validate.
389 * @return true if path is valid.
390 */
391 protected boolean isValidPath(String path) {
392 if (path == null) {
393 return false;
394 }
395
396 if (!PATH_PATTERN.matcher(path).matches()) {
397 return false;
398 }
399
400 int slash2Count = countToken("//", path);
401 if (isOff(ALLOW_2_SLASHES) && (slash2Count > 0)) {
402 return false;
403 }
404
405 int slashCount = countToken("/", path);
406 int dot2Count = countToken("..", path);
407 if (dot2Count > 0) {
408 if ((slashCount - slash2Count - 1) <= dot2Count) {
409 return false;
410 }
411 }
412
413 return true;
414 }
415
416 /**
417 * Returns true if the query is null or it's a properly formatted query string.
418 * @param query Query value to validate.
419 * @return true if query is valid.
420 */
421 protected boolean isValidQuery(String query) {
422 if (query == null) {
423 return true;
424 }
425
426 return QUERY_PATTERN.matcher(query).matches();
427 }
428
429 /**
430 * Returns true if the given fragment is null or fragments are allowed.
431 * @param fragment Fragment value to validate.
432 * @return true if fragment is valid.
433 */
434 protected boolean isValidFragment(String fragment) {
435 if (fragment == null) {
436 return true;
437 }
438
439 return isOff(NO_FRAGMENTS);
440 }
441
442 /**
443 * Returns the number of times the token appears in the target.
444 * @param token Token value to be counted.
445 * @param target Target value to count tokens in.
446 * @return the number of tokens.
447 */
448 protected int countToken(String token, String target) {
449 int tokenIndex = 0;
450 int count = 0;
451 while (tokenIndex != -1) {
452 tokenIndex = target.indexOf(token, tokenIndex);
453 if (tokenIndex > -1) {
454 tokenIndex++;
455 count++;
456 }
457 }
458 return count;
459 }
460
461 /**
462 * Tests whether the given flag is on. If the flag is not a power of 2
463 * (ie. 3) this tests whether the combination of flags is on.
464 *
465 * @param flag Flag value to check.
466 *
467 * @return whether the specified flag value is on.
468 */
469 private boolean isOn(long flag) {
470 return (this.options & flag) > 0;
471 }
472
473 /**
474 * Tests whether the given flag is off. If the flag is not a power of 2
475 * (ie. 3) this tests whether the combination of flags is off.
476 *
477 * @param flag Flag value to check.
478 *
479 * @return whether the specified flag value is off.
480 */
481 private boolean isOff(long flag) {
482 return (this.options & flag) == 0;
483 }
484 }