From 755f2dc35a19e6806de3ecbf836fa06ad875c67a Mon Sep 17 00:00:00 2001
From: Carl Johnson <me@carlmjohnson.net>
Date: Fri, 4 Mar 2022 14:49:52 +0000
Subject: [PATCH 1/4] net/url: add JoinPath, URL.JoinPath

Builds on CL 332209.

Fixes #47005

Change-Id: I82708dede05d79a196ca63f5a4e7cb5ac9a041ea
GitHub-Last-Rev: 51b735066eef74f5e67c3e8899c58f44c0383c61
GitHub-Pull-Request: golang/go#50383
Reviewed-on: https://go-review.googlesource.com/c/go/+/374654
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Russ Cox <rsc@golang.org>
Trust: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>

Upstream-Status: Backport [https://github.com/golang/go/commit/604140d93111f89911e17cb147dcf6a02d2700d0]
CVE: CVE-2022-32190
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
---
 src/net/url/url.go | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/src/net/url/url.go b/src/net/url/url.go
index 2880e82..dea8bfe 100644
--- a/src/net/url/url.go
+++ b/src/net/url/url.go
@@ -13,6 +13,7 @@ package url
 import (
	"errors"
	"fmt"
+	"path"
	"sort"
	"strconv"
	"strings"
@@ -1104,6 +1105,17 @@ func (u *URL) UnmarshalBinary(text []byte) error {
	return nil
 }

+// JoinPath returns a new URL with the provided path elements joined to
+// any existing path and the resulting path cleaned of any ./ or ../ elements.
+func (u *URL) JoinPath(elem ...string) *URL {
+	url := *u
+	if len(elem) > 0 {
+		elem = append([]string{u.Path}, elem...)
+		url.setPath(path.Join(elem...))
+	}
+	return &url
+}
+
 // validUserinfo reports whether s is a valid userinfo string per RFC 3986
 // Section 3.2.1:
 //     userinfo    = *( unreserved / pct-encoded / sub-delims / ":" )
@@ -1144,3 +1156,14 @@ func stringContainsCTLByte(s string) bool {
	}
	return false
 }
+
+// JoinPath returns a URL string with the provided path elements joined to
+// the existing path of base and the resulting path cleaned of any ./ or ../ elements.
+func JoinPath(base string, elem ...string) (result string, err error) {
+	url, err := Parse(base)
+	if err != nil {
+		return
+	}
+	result = url.JoinPath(elem...).String()
+	return
+}
--
2.7.4