Bug 1693503: Do search if the format inputed is user@host but might be intented as keyword. r=mak

Differential Revision: https://phabricator.services.mozilla.com/D106748
2021-04-02 10:05:37 +00:00 · 2021-04-02 10:05:37 +00:00 · 316a92df5e
--- a/browser/components/urlbar/tests/unit/test_providerHeuristicFallback.js
+++ b/browser/components/urlbar/tests/unit/test_providerHeuristicFallback.js
@ -595,6 +595,84 @@ add_task(async function() {
      });
    }
  }
+
+  info(
+    "Test the format inputed is user@host, and the host is in domainwhitelist"
+  );
+  Services.prefs.setBoolPref("browser.fixup.domainwhitelist.test-host", true);
+  registerCleanupFunction(() => {
+    Services.prefs.clearUserPref("browser.fixup.domainwhitelist.test-host");
+  });
+
+  query = "any@test-host";
+  context = createContext(query, { isPrivate: false });
+  await check_results({
+    context,
+    matches: [
+      makeVisitResult(context, {
+        source: UrlbarUtils.RESULT_SOURCE.OTHER_LOCAL,
+        uri: `http://${query}/`,
+        title: `http://${query}/`,
+        heuristic: true,
+      }),
+      makeSearchResult(context, {
+        engineName: SUGGESTIONS_ENGINE_NAME,
+      }),
+    ],
+  });
+
+  info(
+    "Test the format inputed is user@host, but the host is not in domainwhitelist"
+  );
+  query = "any@not-host";
+  context = createContext(query, { isPrivate: false });
+  await check_results({
+    context,
+    matches: [
+      makeSearchResult(context, {
+        heuristic: true,
+        query,
+        engineName: SUGGESTIONS_ENGINE_NAME,
+      }),
+    ],
+  });
+
+  info(
+    "Test if the format of user:pass@host is handled as visit even if the host is not in domainwhitelist"
+  );
+  query = "user:pass@not-host";
+  context = createContext(query, { isPrivate: false });
+  await check_results({
+    context,
+    matches: [
+      makeVisitResult(context, {
+        source: UrlbarUtils.RESULT_SOURCE.OTHER_LOCAL,
+        uri: "http://user:pass@not-host/",
+        title: "http://user:pass@not-host/",
+        heuristic: true,
+      }),
+    ],
+  });
+
+  info("Test if the format of user@ipaddress is handled as visit");
+  query = "user@192.168.0.1";
+  context = createContext(query, { isPrivate: false });
+  await check_results({
+    context,
+    matches: [
+      makeVisitResult(context, {
+        source: UrlbarUtils.RESULT_SOURCE.OTHER_LOCAL,
+        uri: "http://user@192.168.0.1/",
+        title: "http://user@192.168.0.1/",
+        heuristic: true,
+      }),
+      makeSearchResult(context, {
+        heuristic: false,
+        query,
+        engineName: SUGGESTIONS_ENGINE_NAME,
+      }),
+    ],
+  });
 });

 /**
--- a/docshell/base/URIFixup.jsm
+++ b/docshell/base/URIFixup.jsm
@ -97,7 +97,7 @@ const COMMON_PROTOCOLS = ["http", "https", "ftp", "file"];
 XPCOMUtils.defineLazyGetter(
  this,
  "userPasswordRegex",
-  () => /^([a-z+.-]+:\/{0,3})*[^\/@]+@.+/i
+  () => /^([a-z+.-]+:\/{0,3})*([^\/@]+@).+/i
 );

 // Regex used to identify specific URI characteristics to disallow searching.
@ -883,12 +883,13 @@ function keywordURIFixup(uriString, fixupInfo, isPrivateContext) {
  // "mozilla'.org" - Things that have a quote before the first dot/colon
  // "mozilla/test" - unknown host
  // ".mozilla", "mozilla." - starts or ends with a dot ()
+  // "user@nonQualifiedHost"

  // These other strings should not be searched, because they could be URIs:
  // "www.blah.com" - Domain with a standard or known suffix
  // "knowndomain" - known domain
  // "nonQualifiedHost:8888?something" - has a port
-  // "user@nonQualifiedHost"
+  // "user:pass@nonQualifiedHost"
  // "blah.com."

  // We do keyword lookups if the input starts with a question mark.
@ -901,12 +902,16 @@ function keywordURIFixup(uriString, fixupInfo, isPrivateContext) {
  }

  // Check for IPs.
-  if (IPv4LikeRegex.test(uriString) || IPv6LikeRegex.test(uriString)) {
+  const userPassword = userPasswordRegex.exec(uriString);
+  const ipString = userPassword
+    ? uriString.replace(userPassword[2], "")
+    : uriString;
+  if (IPv4LikeRegex.test(ipString) || IPv6LikeRegex.test(ipString)) {
    return false;
  }

-  // Avoid lookup if we can identify a host and it's known, or ends with
-  // a dot and has some path.
+  // Avoid keyword lookup if we can identify a host and it's known, or ends
+  // with a dot and has some path.
  // Note that if dnsFirstForSingleWords is true isDomainKnown will always
  // return true, so we can avoid checking dnsFirstForSingleWords after this.
  let asciiHost = fixupInfo.fixedURI?.asciiHost;
@ -919,16 +924,17 @@ function keywordURIFixup(uriString, fixupInfo, isPrivateContext) {
    return false;
  }

-  // Even if the host is invalid, avoid lookup if the string has uri-like
-  // characteristics.
-  // Also avoid lookup if there's a valid userPass. We only check for spaces,
-  // the URI parser has encoded any disallowed chars at this point, but if the
-  // user typed spaces before the first @, it's unlikely a valid userPass, plus
-  // some urlbar features use the @ char and we don't want to break them.
-  let userPass = fixupInfo.fixedURI?.userPass;
+  // Avoid keyword lookup if the url seems to have password.
+  if (fixupInfo.fixedURI?.password) {
+    return false;
+  }
+
+  // Even if the host is unknown, avoid keyword lookup if the string has
+  // uri-like characteristics, unless it looks like "user@unknownHost".
+  // Note we already excluded passwords at this point.
  if (
-    !uriLikeRegex.test(uriString) &&
-    !(userPass && /^[^\s@]+@/.test(uriString))
+    !uriLikeRegex.test(uriString) ||
+    (fixupInfo.fixedURI?.userPass && fixupInfo.fixedURI?.pathQueryRef === "/")
  ) {
    return tryKeywordFixupForURIInfo(
      fixupInfo.originalInput,
--- a/docshell/test/unit/test_URIFixup_info.js
+++ b/docshell/test/unit/test_URIFixup_info.js
@ -664,6 +664,53 @@ var testcases = [
    fixedURI: "http://www.mozilla/",
    protocolChange: true,
  },
+  {
+    input: "user@localhost",
+    fixedURI: "http://user@localhost/",
+    protocolChange: true,
+    shouldRunTest: () => gSingleWordDNSLookup,
+  },
+  {
+    input: "user@localhost",
+    fixedURI: "http://user@localhost/",
+    keywordLookup: true,
+    protocolChange: true,
+    shouldRunTest: () => !gSingleWordDNSLookup,
+  },
+  {
+    input: "user@192.168.0.1",
+    fixedURI: "http://user@192.168.0.1/",
+    protocolChange: true,
+  },
+  {
+    input: "user@dummy-host",
+    fixedURI: "http://user@dummy-host/",
+    protocolChange: true,
+    shouldRunTest: () => gSingleWordDNSLookup,
+  },
+  {
+    input: "user@dummy-host",
+    fixedURI: "http://user@dummy-host/",
+    keywordLookup: true,
+    protocolChange: true,
+    shouldRunTest: () => !gSingleWordDNSLookup,
+  },
+  {
+    input: "user:pass@dummy-host",
+    fixedURI: "http://user:pass@dummy-host/",
+    protocolChange: true,
+  },
+  {
+    input: ":pass@dummy-host",
+    fixedURI: "http://:pass@dummy-host/",
+    protocolChange: true,
+  },
+  {
+    input: "user@dummy-host/path",
+    fixedURI: "http://user@dummy-host/path",
+    protocolChange: true,
+    shouldRunTest: () => gSingleWordDNSLookup,
+  },
 ];

 if (AppConstants.platform == "win") {