From: "jhawthorn (John Hawthorn) via ruby-core" <ruby-core@...>
Date: 2024-08-19T22:59:23+00:00
Subject: [ruby-core:118900] [Ruby master Bug#20686] URI::HTTPS can build URI with blank, invalid host

Issue #20686 has been updated by jhawthorn (John Hawthorn).


Interestingly RFC2396_PARSER seems to allow nil for a host but not empty string, so the newer behaviour is at least more consistent. It does seem like we are missing some expected validation here though.

```
> URI::HTTPS.new(nil, nil, "", nil, nil, nil, nil, nil, nil, URI::RFC2396_Parser.new, true)
/Users/jhawthorn/.rubies/ruby-3.3.2/lib/ruby/3.3.0/uri/generic.rb:601:in `check_host': bad component(expected host component):  (URI::InvalidComponentError)
        from /Users/jhawthorn/.rubies/ruby-3.3.2/lib/ruby/3.3.0/uri/generic.rb:640:in `host='
        ...
>> URI::HTTPS.new(nil, nil, nil, nil, nil, nil, nil, nil, nil, URI::RFC2396_Parser.new, true)
=> #<URI::HTTPS >
```

----------------------------------------
Bug #20686: URI::HTTPS can build URI with blank, invalid host
https://bugs.ruby-lang.org/issues/20686#change-109469

* Author: ronricardo (Roniece Ricardo)
* Status: Open
* ruby -v: 3.4.0+
* Backport: 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN
----------------------------------------
In Ruby 3.4.0+, calling `URI::HTTPS.build(host: "")` does not raise `URI::InvalidComponentError` as expected. Instead, it returns `#<URI::HTTPS https://>` 

I think this was introduced in [this PR](https://github.com/ruby/uri/pull/90).

## Steps to Reproduce

### 1. Environment:
- **Ruby Version:** 3.4.0+

### 2. Steps:
- Open an IRB session.
- Run:

  ```ruby
  URI::HTTPS.build(host: "")
  ```

### 3. Expected Behavior:
- `URI::InvalidComponentError` should be raised due to the invalid empty `host` component.

### 4. Actual Behavior:
- Returns `#<URI::HTTPS https://>` without raising an error.


### Ruby 3.1.4:
```ruby
irb(main):008:0> RUBY_VERSION
=> "3.1.4"
irb(main):009:0> URI::HTTPS.build(host:"")
/home/vscode/.rbenv/versions/3.1.4/lib/ruby/3.1.0/uri/generic.rb:601:in `check_host': bad component(expected host component):  (URI::InvalidComponentError)
```

### Ruby 3.4.0:
```ruby
irb(���):015> RUBY_VERSION
=> "3.4.0"
irb(...):016> URI::HTTPS.build(host:"")
=> #<URI::HTTPS https://>
```



-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/