From b7f9218623fff037eca7434d3b5608d87d17b159 Mon Sep 17 00:00:00 2001
From: Anil Mahtani <929854+Anilm3@users.noreply.github.com>
Date: Thu, 29 Feb 2024 17:30:41 +0000
Subject: [PATCH] More test cases

---
 src/uri_utils.cpp            | 17 +++++++++++------
 tests/ssrf_detector_test.cpp | 11 +++--------
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/uri_utils.cpp b/src/uri_utils.cpp
index 6004ec28d..90fe87bab 100644
--- a/src/uri_utils.cpp
+++ b/src/uri_utils.cpp
@@ -156,15 +156,20 @@ std::optional<uri_decomposed> uri_parse(std::string_view uri)
 
         // Identify the (optional) port
         // https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.3
-        auto port_begin = ++i; // Skip ':'
-        for (; i < uri.size(); ++i) {
-            if (!ddwaf::isdigit(uri[i])) {
+        if (uri[i] == ':') {
+            auto port_begin = ++i; // Skip ':'
+            for (; i < uri.size(); ++i) {
+                if (!ddwaf::isdigit(uri[i])) {
+                    return std::nullopt;
+                }
+            }
+            if (port_begin < uri.size()) {
+                decomposed.authority.port = uri.substr(port_begin);
+            } else {
+                // Empty port?
                 return std::nullopt;
             }
         }
-        if (port_begin < uri.size()) {
-            decomposed.authority.port = uri.substr(port_begin);
-        }
     }
 
     // Identify the path, fragment and query.
diff --git a/tests/ssrf_detector_test.cpp b/tests/ssrf_detector_test.cpp
index fa1486d7e..21733939b 100644
--- a/tests/ssrf_detector_test.cpp
+++ b/tests/ssrf_detector_test.cpp
@@ -201,14 +201,9 @@ TEST(TestSSRFDetector, NoMatchPotentialFalsePositives)
             {"tax.internal.patreon.com/services/tax/1.0/quote/batch",
                 {.yaml = R"({query: {utm_campaign: ["patreon"]}})"}},
             {"http://bla.patreon.com/batch", {.yaml = R"({query: {param: "patreon.com/"}})"}},
-            {"file/blabla/metadata", {.yaml = R"({query: {param: "blabla"}})"}}
-
-            // {"http://127.0.0.1:4000/batch",
-            // {.yaml = R"({headers: {host: "127.0.0.1"}})"}},
-
-            // TODO: fix this case? The concatenated URL isn't even valid...
-            //{"http://scrapper-proxy.awsregion.bla.iohttps//images.bla.com/whatever", {.yaml =
-            // R"({url: "https//images.bla.com/whatever"})"}},
+            {"file/blabla/metadata", {.yaml = R"({query: {param: "blabla"}})"}},
+            {"http://scrapper-proxy.awsregion.bla.iohttps://images.bla.com/whatever",
+                {.yaml = R"({url: "https://images.bla.com/whatever"})"}},
         },
         false);
 }