Hi there! I gonna use libcurl's URL API as the URL parser for a web security fuzzer program.
Curl has a nice feature to disable URL path normalization while sending HTTP requests (--path-as-is CLI argumet): https://curl.se/libcurl/c/CURLOPT_PATH_AS_IS.html Unfortunately, the URL API does not have such a thing to disable path normalization while parsing the URLs: https://curl.se/libcurl/c/curl_url_get.html https://curl.se/libcurl/c/curl_url_set.html Defining a new flag to disable the default path normalization behaviour may help. Regards. Proof of the concept: #include "stdio.h" #include "curl/curl.h" int main() { CURLU *url_handle = curl_url(); curl_url_set(url_handle, CURLUPART_URL, " http://www.example.com/../../path";, 0); char *full_url; curl_url_get(url_handle,CURLUPART_URL,&full_url,0); puts(full_url); // Output: http://www.example.com/path ("../" characters were removed) curl_free(full_url); curl_url_cleanup(url_handle); return 0; }
------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
