Merge branch 'master' into master

DavidPetkovsek · web-flow · commit 4d8467fd645f · 2026-03-03T10:39:13.000-05:00
diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml
@@ -137,8 +137,8 @@ jobs:
       shell: bash
 
     - name: Save report
-      uses: actions/upload-artifact@v6
-      if: matrix.os == 'ubuntu-latest' && matrix.compiler == 'gcc' && matrix.cxx_stdlib == 'libstdc++' && matrix.asio_type == 'boost' && !startsWith(github.ref, 'refs/heads/v')
+      uses: actions/upload-artifact@v7
+      if: matrix.os == 'ubuntu-latest' && matrix.compiler == 'gcc' && matrix.cxx_stdlib == 'libstdc++' && matrix.asio_type == 'boost' && !startsWith(github.ref, 'refs/tags/v')
       with:
         name: coveralls.json
         path: coveralls.json
@@ -158,9 +158,8 @@ jobs:
         ls
       shell: bash
 
-    - name: Upload Linux packages
-      uses: actions/upload-artifact@v6
-      if: matrix.os == 'ubuntu-latest' && matrix.compiler == 'gcc' && matrix.cxx_stdlib == 'libstdc++' && matrix.asio_type == 'boost' && startsWith(github.ref, 'refs/heads/v')
+    - uses: actions/upload-artifact@v7
+      if: matrix.os == 'ubuntu-latest' && matrix.compiler == 'gcc' && matrix.cxx_stdlib == 'libstdc++' && matrix.asio_type == 'boost' && startsWith(github.ref, 'refs/tags/v')
       with:
         name: packages
         overwrite: true
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
@@ -25,7 +25,7 @@ jobs:
         fuzz-seconds: 800
         output-sarif: true
     - name: Upload Crash
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@v7
       if: failure() && steps.build.outcome == 'success'
       with:
         name: artifacts
diff --git a/.github/workflows/submit_coverage.yml b/.github/workflows/submit_coverage.yml
@@ -16,7 +16,7 @@ jobs:
     if: github.event.workflow_run.conclusion == 'success'
     steps:
       - name: Download artifact
-        uses: dawidd6/action-download-artifact@v14
+        uses: dawidd6/action-download-artifact@v16
         with:
           workflow: ${{ github.event.workflow_run.workflow_id }}
           workflow_conclusion: success
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -114,7 +114,9 @@ if(CROW_USE_BOOST)
 	if(Boost_VERSION VERSION_LESS 1.89)
 		find_package(Boost 1.64 COMPONENTS system REQUIRED)
 	else()
-		add_library(Boost::system ALIAS Boost::headers)
+		if(NOT TARGET Boost::system)
+			add_library(Boost::system ALIAS Boost::headers)
+		endif()
 	endif()
 	target_link_libraries(Crow
 		INTERFACE
diff --git a/include/crow/json.h b/include/crow/json.h
@@ -1740,6 +1740,26 @@ namespace crow // NOTE: Already documented in "crow/app.h"
                 return const_cast<wvalue*>(this)->operator[](index);
             }
 
+            /// Check if the object contains the given key.
+            bool has(const char* key) const
+            {
+                return has(std::string(key));
+            }
+
+            /// Check if the object contains the given key.
+            bool has(const std::string& key) const
+            {
+                if (t_ != type::Object)
+                    return false;
+                if (!o)
+                    return false;
+#if (__cplusplus>=202002L)
+                return o->contains(key);
+#else
+                return o->count(key)>0;
+#endif
+            }
+
             int count(const std::string& str) const
             {
                 if (t_ != type::Object)
@@ -2042,6 +2062,12 @@ namespace crow // NOTE: Already documented in "crow/app.h"
 
                 return dump(DontIndent);
             }
+
+            /// Return json string.
+            explicit operator std::string() const
+            {
+                return dump();
+            }
         };
 
         // Used for accessing the internals of a wvalue
diff --git a/include/crow/query_string.h b/include/crow/query_string.h
@@ -64,23 +64,33 @@ inline int qs_strncmp(const char * s, const char * qs, size_t n)
         if ( u1 == '+' ) {  u1 = ' ';  }
         if ( u1 == '%' ) // easier/safer than scanf
         {
-            unyb = static_cast<unsigned char>(*s++);
-            lnyb = static_cast<unsigned char>(*s++);
-            if ( CROW_QS_ISHEX(unyb) && CROW_QS_ISHEX(lnyb) )
+            // Check that next two chars exist and are valid hex before reading
+            if ( CROW_QS_ISHEX(s[0]) && CROW_QS_ISHEX(s[1]) )
+            {
+                unyb = static_cast<unsigned char>(*s++);
+                lnyb = static_cast<unsigned char>(*s++);
                 u1 = (CROW_QS_HEX2DEC(unyb) * 16) + CROW_QS_HEX2DEC(lnyb);
+            }
             else
+            {
                 u1 = '\0';
+            }
         }
 
         if ( u2 == '+' ) {  u2 = ' ';  }
         if ( u2 == '%' ) // easier/safer than scanf
         {
-            unyb = static_cast<unsigned char>(*qs++);
-            lnyb = static_cast<unsigned char>(*qs++);
-            if ( CROW_QS_ISHEX(unyb) && CROW_QS_ISHEX(lnyb) )
+            // Check that next two chars exist and are valid hex before reading
+            if ( CROW_QS_ISHEX(qs[0]) && CROW_QS_ISHEX(qs[1]) )
+            {
+                unyb = static_cast<unsigned char>(*qs++);
+                lnyb = static_cast<unsigned char>(*qs++);
                 u2 = (CROW_QS_HEX2DEC(unyb) * 16) + CROW_QS_HEX2DEC(lnyb);
+            }
             else
+            {
                 u2 = '\0';
+            }
         }
 
         if ( u1 != u2 )
@@ -150,7 +160,9 @@ inline int qs_decode(char * qs)
         if ( qs[j] == '+' ) {  qs[i] = ' ';  }
         else if ( qs[j] == '%' ) // easier/safer than scanf
         {
-            if ( ! CROW_QS_ISHEX(qs[j+1]) || ! CROW_QS_ISHEX(qs[j+2]) )
+            // Check bounds before reading: ensure j+1 and j+2 are within string
+            if ( qs[j+1] == '\0' || qs[j+2] == '\0' ||
+                 ! CROW_QS_ISHEX(qs[j+1]) || ! CROW_QS_ISHEX(qs[j+2]) )
             {
                 qs[i] = '\0';
                 return i;
diff --git a/tests/query_string_tests.cpp b/tests/query_string_tests.cpp
@@ -42,4 +42,37 @@ TEST_CASE( "query string keys" )
             return key == entry.first;});
         REQUIRE(exist == true);
     }
+}
+
+TEST_CASE( "malformed percent encoding - trailing percent" )
+{
+    // URL ending with '%' should not cause heap overflow (Issue #1126)
+    crow::query_string qs1("https://example.com/asdf?%");
+    auto keys1 = qs1.keys();
+    // Should handle gracefully without crashing
+    if (!keys1.empty()) {
+        (void)qs1.get(keys1[0]);
+    }
+
+    // URL with single hex digit after %
+    crow::query_string qs2("https://example.com/?key=%2");
+    auto keys2 = qs2.keys();
+    if (!keys2.empty()) {
+        (void)qs2.get(keys2[0]);
+    }
+
+    // URL with % followed by non-hex characters
+    crow::query_string qs3("https://example.com/?key=%GG");
+    auto keys3 = qs3.keys();
+    if (!keys3.empty()) {
+        (void)qs3.get(keys3[0]);
+    }
+
+    // Valid percent encoding should still work
+    crow::query_string qs4("https://example.com/?key=%20value");
+    auto val = qs4.get("key");
+    REQUIRE(val != nullptr);
+    REQUIRE(std::string(val) == " value");
+
+    REQUIRE(true); // Test passes if no crash/sanitizer error
 }
