From: "jeremyevans0 (Jeremy Evans) via ruby-core" <ruby-core@...>
Date: 2024-08-19T20:04:48+00:00
Subject: [ruby-core:118895] [Ruby master Bug#20686] URI::HTTPS can build URI with blank, invalid host

Issue #20686 has been updated by jeremyevans0 (Jeremy Evans).


ronricardo (Roniece Ricardo) wrote:
> In Ruby 3.4.0+, calling `URI::HTTPS.build(host: "")` does not raise `URI::InvalidComponentError` as expected. Instead, it returns `#<URI::HTTPS https://>` 
> 
> I think this was introduced in [this PR](https://github.com/ruby/uri/pull/90).

That PR only affects `#to_s`, not `.build`, and is unrelated.  This was caused by the RFC 2396 -> RFC 3986 parser change:

```ruby
URI::HTTPS.new(nil, nil, "", nil, nil, nil, nil, nil, nil, URI::RFC3986_PARSER, true) 
# => #<URI::HTTPS //>

URI::HTTPS.new(nil, nil, "", nil, nil, nil, nil, nil, nil, URI::RFC2396_PARSER, true)
# /home/jeremy/tmp/uri/lib/uri/generic.rb:601:in `check_host': bad component(expected host component):  (URI::InvalidComponentError)
```

It appears RFC 3986 allows empty hosts (https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2: `reg-name    = *( unreserved / pct-encoded / sub-delims )`), so I think this is not a bug, but an expected behavior change.

----------------------------------------
Bug #20686: URI::HTTPS can build URI with blank, invalid host
https://bugs.ruby-lang.org/issues/20686#change-109464

* Author: ronricardo (Roniece Ricardo)
* Status: Open
* ruby -v: 3.4.0+
* Backport: 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN
----------------------------------------
In Ruby 3.4.0+, calling `URI::HTTPS.build(host: "")` does not raise `URI::InvalidComponentError` as expected. Instead, it returns `#<URI::HTTPS https://>` 

I think this was introduced in [this PR](https://github.com/ruby/uri/pull/90).

## Steps to Reproduce

### 1. Environment:
- **Ruby Version:** 3.4.0+

### 2. Steps:
- Open an IRB session.
- Run:

  ```ruby
  URI::HTTPS.build(host: "")
  ```

### 3. Expected Behavior:
- `URI::InvalidComponentError` should be raised due to the invalid empty `host` component.

### 4. Actual Behavior:
- Returns `#<URI::HTTPS https://>` without raising an error.


### Ruby 3.1.4:
```ruby
irb(main):008:0> RUBY_VERSION
=> "3.1.4"
irb(main):009:0> URI::HTTPS.build(host:"")
/home/vscode/.rbenv/versions/3.1.4/lib/ruby/3.1.0/uri/generic.rb:601:in `check_host': bad component(expected host component):  (URI::InvalidComponentError)
```

### Ruby 3.4.0:
```ruby
irb(���):015> RUBY_VERSION
=> "3.4.0"
irb(...):016> URI::HTTPS.build(host:"")
=> #<URI::HTTPS https://>
```



-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/