Rework UrlUtil handle to avoid crashes while converting URI to URL (#6031)

Author: TimoPtr

common/src/main/kotlin/io/homeassistant/companion/android/util/UrlUtil.kt

@@ -44,34 +44,53 @@ object UrlUtil {
             .toString()
     }
 
+    /**
+     * Resolves a URL input string against a base URL.
+     *
+     * @param base The base URL to resolve relative URLs against. Can be null if input is absolute.
+     * @param input The URL string to resolve. Supported formats:
+     *   - Absolute URL (http://... or https://...)
+     *   - Relative path to be resolved against base
+     *   - Deep link URL with homeassistant://navigate/ prefix
+     * @return The resolved URL, the base URL if input is invalid, or null if resolution fails
+     */
     fun handle(base: URL?, input: String): URL? {
-        val asURI = try {
-            URI(input.removePrefix("homeassistant://navigate/"))
+        val normalizedInput = input.removePrefix("homeassistant://navigate/")
+
+        val uri = try {
+            URI(normalizedInput)
         } catch (e: Exception) {
-            Timber.w("Invalid input, returning base only")
-            null
+            Timber.w(e, "Invalid URI input: $normalizedInput")
+            return base
         }
-        return when {
-            asURI == null -> {
-                base
-            }
 
+        return when {
             isAbsoluteUrl(input) -> {
-                asURI.toURL()
+                uri.runCatching { toURL() }
+                    .onFailure { Timber.w(it, "Failed to convert URI to URL: $normalizedInput") }
+                    .getOrNull()
             }
 
-            else -> { // Input is relative to base URL
-                val builder = base
-                    ?.toHttpUrlOrNull()
-                    ?.newBuilder()
-                if (!asURI.path.isNullOrBlank()) builder?.addPathSegments(asURI.path.trim().removePrefix("/"))
-                if (!asURI.query.isNullOrBlank()) builder?.query(asURI.query.trim())
-                if (!asURI.fragment.isNullOrBlank()) builder?.fragment(asURI.fragment.trim())
-                builder?.build()?.toUrl()
-            }
+            else -> buildRelativeUrl(base, uri)
         }
     }
 
+    private fun buildRelativeUrl(base: URL?, uri: URI): URL? {
+        val builder = base?.toHttpUrlOrNull()?.newBuilder() ?: return null
+
+        return builder.apply {
+            uri.path?.takeIf { it.isNotBlank() }?.let {
+                addPathSegments(it.trim().removePrefix("/"))
+            }
+            uri.query?.takeIf { it.isNotBlank() }?.let {
+                query(it.trim())
+            }
+            uri.fragment?.takeIf { it.isNotBlank() }?.let {
+                fragment(it.trim())
+            }
+        }.build().toUrl()
+    }
+
     fun isAbsoluteUrl(it: String?): Boolean {
         return Regex("^https?://").containsMatchIn(it.toString())
     }

common/src/test/kotlin/io/homeassistant/companion/android/util/UrlUtilTest.kt

@@ -2,14 +2,130 @@ package io.homeassistant.companion.android.util
 
 import java.net.URL
 import kotlinx.coroutines.test.runTest
+import org.junit.jupiter.api.Assertions.assertEquals
 import org.junit.jupiter.api.Assertions.assertFalse
+import org.junit.jupiter.api.Assertions.assertNotNull
+import org.junit.jupiter.api.Assertions.assertNull
 import org.junit.jupiter.api.Assertions.assertTrue
+import org.junit.jupiter.api.BeforeEach
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.params.ParameterizedTest
+import org.junit.jupiter.params.provider.CsvSource
 import org.junit.jupiter.params.provider.ValueSource
 
 class UrlUtilTest {
 
+    private lateinit var baseUrl: URL
+
+    @BeforeEach
+    fun setUp() {
+        baseUrl = URL("https://example.com:8123/")
+    }
+
+    @ParameterizedTest
+    @CsvSource(
+        value = [
+            "http://another.com/test,http://another.com/test",
+            "https://secure.com/path,https://secure.com/path",
+            "http://another.com:9000/path,http://another.com:9000/path",
+        ],
+    )
+    fun `Given absolute URL when calling handle then returns parsed URL`(input: String, expected: String) {
+        val result = UrlUtil.handle(baseUrl, input)
+
+        assertNotNull(result)
+        assertEquals(expected, result.toString())
+    }
+
+    @ParameterizedTest
+    @CsvSource(
+        value = [
+            "lovelace/default,https://example.com:8123/lovelace/default",
+            "/lovelace/default,https://example.com:8123/lovelace/default",
+            "lovelace/default?edit=1,https://example.com:8123/lovelace/default?edit=1",
+            "lovelace/default#section,https://example.com:8123/lovelace/default#section",
+            "lovelace/default?edit=1#section,https://example.com:8123/lovelace/default?edit=1#section",
+            "api/states/light.living_room,https://example.com:8123/api/states/light.living_room",
+            "lovelace?key=value&other=test,https://example.com:8123/lovelace?key=value&other=test",
+            "path/with%20encoded%20spaces,https://example.com:8123/path/with%20encoded%20spaces",
+        ],
+    )
+    fun `Given relative path when calling handle then returns URL resolved against base`(input: String, expected: String) {
+        val result = UrlUtil.handle(baseUrl, input)
+
+        assertNotNull(result)
+        assertEquals(expected, result.toString())
+    }
+
+    @Test
+    fun `Given input with homeassistant navigate prefix and absolute URL when calling handle then treats as relative path without taking care of second host and protocol`() {
+        val input = "homeassistant://navigate/https://example2.com/path/subpath"
+
+        val result = UrlUtil.handle(baseUrl, input)
+
+        assertNotNull(result)
+        assertEquals("https://example.com:8123/path/subpath", result.toString())
+    }
+
+    @Test
+    fun `Given input with homeassistant navigate prefix and relative path when calling handle then returns resolved URL`() {
+        val input = "homeassistant://navigate/lovelace/default"
+
+        val result = UrlUtil.handle(baseUrl, input)
+
+        assertNotNull(result)
+        assertEquals("https://example.com:8123/lovelace/default", result.toString())
+    }
+
+    @ParameterizedTest
+    @ValueSource(
+        strings = [
+            "",
+            "   ",
+        ],
+    )
+    fun `Given empty or whitespace input when calling handle then returns base URL`(input: String) {
+        val result = UrlUtil.handle(baseUrl, input)
+
+        assertNotNull(result)
+        assertEquals("https://example.com:8123/", result.toString())
+    }
+
+    @Test
+    fun `Given invalid URI input when calling handle then returns base URL`() {
+        val input = "not a valid uri with spaces and bad chars <>"
+
+        val result = UrlUtil.handle(baseUrl, input)
+
+        assertEquals(baseUrl, result)
+    }
+
+    @Test
+    fun `Given null base and relative path when calling handle then returns null`() {
+        val input = "lovelace/default"
+
+        val result = UrlUtil.handle(null, input)
+
+        assertNull(result)
+    }
+
+    @Test
+    fun `Given valid base url and invalid input URI that cannot be parsed into URL when calling handle then returns null`() {
+        val input = "http://h:8123None"
+
+        assertNull(UrlUtil.handle(baseUrl, input))
+    }
+
+    @Test
+    fun `Given null base and absolute URL when calling handle then returns parsed URL`() {
+        val input = "https://example.com/test"
+
+        val result = UrlUtil.handle(null, input)
+
+        assertNotNull(result)
+        assertEquals("https://example.com/test", result.toString())
+    }
+
     @ParameterizedTest
     @ValueSource(
         strings = [