From b8ce8774a3861c507f53524ba9bed8d3fddb440a Mon Sep 17 00:00:00 2001
From: yggverse <yggverse@project>
Date: Mon, 24 Feb 2025 06:14:54 +0200
Subject: [PATCH] validate scheme

---
 src/request/gemini.rs     | 8 ++++++--
 src/request/titan/meta.rs | 3 +++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/request/gemini.rs b/src/request/gemini.rs
index 59502e7..a519530 100644
--- a/src/request/gemini.rs
+++ b/src/request/gemini.rs
@@ -1,4 +1,4 @@
-use anyhow::Result;
+use anyhow::{bail, Result};
 use url::Url;
 
 /// [Gemini](https://geminiprotocol.net/docs/protocol-specification.gmi) request
@@ -9,8 +9,12 @@ pub struct Gemini {
 impl Gemini {
     pub fn from_bytes(buffer: &[u8]) -> Result<Self> {
         use crate::tool::Header;
+        let header = buffer.header_bytes()?;
+        if !header.starts_with(b"gemini://") {
+            bail!("Invalid scheme")
+        }
         Ok(Self {
-            url: Url::parse(std::str::from_utf8(buffer.header_bytes()?)?)?,
+            url: Url::parse(std::str::from_utf8(header)?)?,
         })
     }
     pub fn into_bytes(self) -> Vec<u8> {
diff --git a/src/request/titan/meta.rs b/src/request/titan/meta.rs
index 48f4bb6..0abf6fd 100644
--- a/src/request/titan/meta.rs
+++ b/src/request/titan/meta.rs
@@ -11,6 +11,9 @@ impl Meta {
         use crate::tool::Header;
         use regex::Regex;
         let header = from_utf8(buffer.header_bytes()?)?;
+        if !header.starts_with("titan://") {
+            bail!("Invalid scheme")
+        }
         Ok(Self {
             size: match Regex::new(r"size=(\d+)")?.captures(header) {
                 Some(c) => match c.get(1) {