validate invalid/unsupported schemes

Author: tarunKoyalwar

url/parsers.go

@@ -146,7 +146,10 @@ func absoluteURLParser(u *URL) (*URL, error) {
 		FTP + SchemeSeparator,
 		"//",
 	}
-	if stringsutil.HasPrefixAny(u.Original, allowedSchemes...) {
+	if strings.Contains(u.Original, SchemeSeparator) || strings.HasPrefix(u.Original, "//") {
+		if !strings.HasPrefix(u.Original, "//") && !stringsutil.HasPrefixAny(u.Original, allowedSchemes...) {
+			return nil, errorutil.NewWithTag("urlutil", "failed to parse url got invalid scheme input=%v", u.Original)
+		}
 		u.IsRelative = false
 		urlparse, parseErr := url.Parse(u.Original)
 		if parseErr != nil {

url/url_test.go

@@ -204,3 +204,23 @@ func TestUnicodeEscapeWithUnsafe(t *testing.T) {
 		require.Equal(t, v.expected, urlx.String())
 	}
 }
+
+func TestInvalidScheme(t *testing.T) {
+	testcases := []struct {
+		input       string
+		expectedErr bool
+	}{
+		{"//:foo", true},
+		{"://foo", true},
+	}
+	for _, v := range testcases {
+		urlx, err := ParseAbsoluteURL(v.input, true)
+		if v.expectedErr {
+			require.NotNil(t, err)
+			require.Nil(t, urlx)
+		} else {
+			require.Nil(t, err)
+			require.NotNil(t, urlx)
+		}
+	}
+}