build: Introduce GURL with shimmed ICU

.bazelrc

@@ -36,6 +36,9 @@ build --action_env=CXX
 build --action_env=LLVM_CONFIG
 build --action_env=PATH
 
+# Skip system ICU linking.
+build --@com_googlesource_googleurl//build_config:system_icu=0
+
 # Common flags for sanitizers
 build:sanitizer --define tcmalloc=disabled
 build:sanitizer --linkopt -ldl

WORKSPACE

@@ -8,6 +8,10 @@ load("//bazel:api_repositories.bzl", "envoy_api_dependencies")
 
 envoy_api_dependencies()
 
+load("//bazel:icu_binding.bzl", "envoy_icu_binding")
+
+envoy_icu_binding()
+
 load("//bazel:repositories.bzl", "envoy_dependencies")
 
 envoy_dependencies()

bazel/external/googleurl.patch

@@ -0,0 +1,52 @@
+# TODO(dio): Consider to remove this patch when we solely compile the project using clang-cl.
+# Tracked in https://github.com/envoyproxy/envoy/issues/11974.
+
+diff --git a/base/compiler_specific.h b/base/compiler_specific.h
+index 0cd36dc..8c4cbd4 100644
+--- a/base/compiler_specific.h
++++ b/base/compiler_specific.h
+@@ -7,10 +7,6 @@
+
+ #include "build/build_config.h"
+
+-#if defined(COMPILER_MSVC) && !defined(__clang__)
+-#error "Only clang-cl is supported on Windows, see https://crbug.com/988071"
+-#endif
+-
+ // Annotate a variable indicating it's ok if the variable is not used.
+ // (Typically used to silence a compiler warning when the assignment
+ // is important for some other reason.)
+@@ -55,8 +51,12 @@
+ // prevent code folding, see gurl_base::debug::Alias.
+ // Use like:
+ //   void NOT_TAIL_CALLED FooBar();
+-#if defined(__clang__) && __has_attribute(not_tail_called)
++#if defined(__clang__)
++#if defined(__has_attribute)
++#if __has_attribute(not_tail_called)
+ #define NOT_TAIL_CALLED __attribute__((not_tail_called))
++#endif
++#endif
+ #else
+ #define NOT_TAIL_CALLED
+ #endif
+@@ -226,7 +226,9 @@
+ #endif
+ #endif
+
+-#if defined(__clang__) && __has_attribute(uninitialized)
++#if defined(__clang__)
++#if defined(__has_attribute)
++#if __has_attribute(uninitialized)
+ // Attribute "uninitialized" disables -ftrivial-auto-var-init=pattern for
+ // the specified variable.
+ // Library-wide alternative is
+@@ -257,6 +259,8 @@
+ // E.g. platform, bot, benchmark or test name in patch description or next to
+ // the attribute.
+ #define STACK_UNINITIALIZED __attribute__((uninitialized))
++#endif
++#endif
+ #else
+ #define STACK_UNINITIALIZED
+ #endif

bazel/external/icu/BUILD

@@ -0,0 +1,9 @@
+licenses(["notice"])  # Apache 2
+
+test_suite(
+    name = "ci_tests",
+    tests = [
+        "//bazel/external/icu/googleurl:ci_tests",
+        "@org_unicode_icuuc//:ci_tests",
+    ],
+)

bazel/external/icu/googleurl/BUILD

@@ -0,0 +1,47 @@
+load(
+    "//bazel:envoy_build_system.bzl",
+    "envoy_cc_fuzz_test",
+    "envoy_cc_test",
+    "envoy_package",
+    "envoy_sh_test",
+)
+
+licenses(["notice"])  # Apache 2
+
+envoy_package()
+
+envoy_cc_fuzz_test(
+    name = "googleurl_fuzz_test",
+    srcs = ["googleurl_fuzz_test.cc"],
+    corpus = "googleurl_corpus",
+    external_deps = [
+        "googleurl",
+    ],
+)
+
+envoy_cc_test(
+    name = "googleurl_test",
+    srcs = ["googleurl_test.cc"],
+    external_deps = [
+        "googleurl",
+    ],
+)
+
+envoy_sh_test(
+    name = "system_icu_test",
+    srcs = ["system_icu_test.sh"],
+    coverage = False,
+    data = ["//bazel/external/icu/googleurl:googleurl_test"],
+    tags = [
+        "skip_on_windows",
+    ],
+)
+
+test_suite(
+    name = "ci_tests",
+    tests = [
+        "googleurl_fuzz_test",
+        "googleurl_test",
+        "system_icu_test",
+    ],
+)

bazel/external/icu/googleurl/googleurl_corpus/example

@@ -0,0 +1 @@
+https://\xe5\x85\x89.example/

bazel/external/icu/googleurl/googleurl_fuzz_test.cc

@@ -0,0 +1,24 @@
+#include "test/fuzz/fuzz_runner.h"
+
+#include "url/gurl.h"
+
+namespace Envoy {
+namespace Fuzz {
+namespace {
+
+DEFINE_FUZZER(const uint8_t* buf, size_t len) {
+  const std::string input(reinterpret_cast<const char*>(buf), len);
+
+  GURL url(input);
+  url.is_valid();
+  url.scheme();
+  url.host();
+  url.EffectiveIntPort();
+  url.path();
+  url.query();
+  url.ref();
+}
+
+} // namespace
+} // namespace Fuzz
+} // namespace Envoy

bazel/external/icu/googleurl/googleurl_test.cc

@@ -0,0 +1,47 @@
+#include "gtest/gtest.h"
+#include "url/gurl.h"
+
+namespace Envoy {
+namespace {
+
+void expectInvalidUrl(const std::string& input) {
+  GURL url(input);
+  EXPECT_FALSE(url.is_valid());
+}
+
+} // namespace
+
+// Verifies that valid URLs are parsed correctly.
+TEST(GoogleUrl, ValidUrl) {
+  GURL url("https://example.org/test?foo=bar#section");
+  EXPECT_TRUE(url.is_valid());
+  EXPECT_EQ(url.scheme(), "https");
+  EXPECT_EQ(url.host(), "example.org");
+  EXPECT_EQ(url.EffectiveIntPort(), 443);
+  EXPECT_EQ(url.path(), "/test");
+  EXPECT_EQ(url.query(), "foo=bar");
+  EXPECT_EQ(url.ref(), "section");
+
+  GURL punycode("https://xn--c1yn36f.example");
+  EXPECT_TRUE(punycode.is_valid());
+
+  GURL percent_encoded_valid("https://%20.example");
+  EXPECT_TRUE(percent_encoded_valid.is_valid());
+
+  GURL extra_slashes("https:///host");
+  EXPECT_TRUE(extra_slashes.is_valid());
+  EXPECT_EQ(extra_slashes.host(), "host");
+}
+
+// Verifies that invalid URLs can be handled and ensures that GURL (with shimmed ICU) works properly
+// when parsing URLs with IDN host name.
+TEST(GoogleUrl, InvalidUrl) {
+  // Ensure ICU shim is functioning correctly, i.e. not crashing and resulting invalid parsed URL.
+  expectInvalidUrl("https://\xe5\x85\x89.example/");
+
+  expectInvalidUrl("http://\xef\xb9\xaa.com");
+  expectInvalidUrl("https://%Da%aa.example");
+  expectInvalidUrl("http://[wwww].example");
+  expectInvalidUrl("http://?k=v");
+}
+} // namespace Envoy

bazel/external/icu/googleurl/system_icu_test.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -e
+
+TEST_BIN="${TEST_SRCDIR}/envoy/bazel/external/icu/googleurl/googleurl_test"
+
+if [[ $(uname) == "Darwin" ]]; then
+  echo "Skipping on macOS."
+  exit 0
+fi
+
+if readelf -d "${TEST_BIN}" | grep "NEEDED" | grep "icu"; then
+  echo "${TEST_BIN} is linked to system ICU."
+  exit 1
+fi
+
+echo "${TEST_BIN} is not linked to system ICU."
+exit 0

bazel/external/icu/shim/BUILD

@@ -0,0 +1,29 @@
+load("@rules_cc//cc:defs.bzl", "cc_library", "cc_test")
+
+licenses(["notice"])  # Apache 2
+
+cc_library(
+    name = "common",
+    hdrs = [
+        "common/unicode/uidna.h",
+        "common/unicode/utypes.h",
+    ],
+    includes = ["common"],
+    visibility = ["//visibility:public"],
+)
+
+cc_test(
+    name = "common_test",
+    srcs = ["common_test.cc"],
+    visibility = ["//visibility:public"],
+    deps = [
+        ":common",
+    ],
+)
+
+test_suite(
+    name = "ci_tests",
+    tests = [
+        "common_test",
+    ],
+)

bazel/external/icu/shim/common/unicode/uidna.h

@@ -0,0 +1,45 @@
+// NOLINT(namespace-envoy)
+#pragma once
+
+#include "unicode/utypes.h"
+
+// Initialize UIDNAInfo object with UIDNA_ERROR_DISALLOWED as its errors (any non-zero value should
+// work).
+#define UIDNA_INFO_INITIALIZER                                                                     \
+  { 0x80 }
+
+// This enum is declared to satisfy uidna_openUTS46 when initializing UIDNAWrapper
+// https://quiche.googlesource.com/googleurl/+/ef0d23689e240e6c8de4c3a5296b209128c87373/url/url_idna_icu.cc#50.
+enum { UIDNA_CHECK_BIDI = 4 };
+
+// The fake UIDNA.
+struct UIDNA {};
+
+// The fake UIDNAInfo.
+struct UIDNAInfo {
+  uint32_t errors;
+};
+
+// This is called by IDNToASCII
+// (https://quiche.googlesource.com/googleurl/+/ef0d23689e240e6c8de4c3a5296b209128c87373/url/url_idna_icu.cc#85)
+// which is responsible for converting the Unicode input representing a hostname to ASCII using IDN
+// rules. In this shimmed implementation, we always set the error code to U_ILLEGAL_ARGUMENT_ERROR
+// and info errors to UIDNA_ERROR_DISALLOWED, hence the coversion always fails.
+int32_t uidna_nameToASCII(const UIDNA*, const UChar*, int32_t, UChar*, int32_t, UIDNAInfo* info,
+                          UErrorCode* error_code) {
+  *error_code = U_ILLEGAL_ARGUMENT_ERROR;
+  return 0;
+}
+
+// This is called inside the UIDNAWrapper
+// (https://quiche.googlesource.com/googleurl/+/ef0d23689e240e6c8de4c3a5296b209128c87373/url/url_idna_icu.cc#50)
+// and should be accessed only through GetUIDNA
+// (https://quiche.googlesource.com/googleurl/+/ef0d23689e240e6c8de4c3a5296b209128c87373/url/url_idna_icu.cc#66).
+// This pattern is used inside GURL to initialize a static value at first use. It returns an
+// instance of UIDNA to satisfy the check (GURL_DCHECK(uidna != nullptr);) here:
+// https://quiche.googlesource.com/googleurl/+/ef0d23689e240e6c8de4c3a5296b209128c87373/url/url_idna_icu.cc#89.
+UIDNA* uidna_openUTS46(uint32_t options, UErrorCode* error_code) { return new UIDNA; }
+
+// While this is never be called, it needs to be defined since:
+// https://quiche.googlesource.com/googleurl/+/ef0d23689e240e6c8de4c3a5296b209128c87373/url/url_idna_icu.cc#53.
+const char* u_errorName(UErrorCode) { return "U_ILLEGAL_ARGUMENT_ERROR"; }

bazel/external/icu/shim/common/unicode/utypes.h

@@ -0,0 +1,33 @@
+// NOLINT(namespace-envoy)
+#pragma once
+
+#include <cstdint>
+
+using UBool = bool;
+using UChar = uint16_t;
+
+enum UErrorCode {
+  // This value is used for initializing error code in this line:
+  // https://quiche.googlesource.com/googleurl/+/ef0d23689e240e6c8de4c3a5296b209128c87373/url/url_idna_icu.cc#91.
+  U_ZERO_ERROR = 0,
+
+  // This makes info.errors in this line:
+  // https://quiche.googlesource.com/googleurl/+/ef0d23689e240e6c8de4c3a5296b209128c87373/url/url_idna_icu.cc#102
+  // to be non-zero.
+  U_ILLEGAL_ARGUMENT_ERROR = 1,
+
+  // Required in this line:
+  // https://quiche.googlesource.com/googleurl/+/ef0d23689e240e6c8de4c3a5296b209128c87373/url/url_idna_icu.cc#102.
+  U_BUFFER_OVERFLOW_ERROR = 15
+};
+
+// This is called inside IDNToASCII
+// (https://quiche.googlesource.com/googleurl/+/ef0d23689e240e6c8de4c3a5296b209128c87373/url/url_idna_icu.cc#95),
+// this should always return false.
+static inline UBool U_SUCCESS(UErrorCode) { return false; }
+
+// This is called by UIDNAWrapper constructor
+// (https://quiche.googlesource.com/googleurl/+/ef0d23689e240e6c8de4c3a5296b209128c87373/url/url_idna_icu.cc#51).
+// This should always return false, since the initialization of UIDNAWrapper should always be
+// successful.
+static inline UBool U_FAILURE(UErrorCode) { return false; }

bazel/external/icu/shim/common_test.cc

@@ -0,0 +1,48 @@
+// NOLINT(namespace-envoy)
+// Basic smoke test to ensure that ICU shim works properly.
+#include <iostream>
+
+#include "unicode/uidna.h"
+
+#define ASSERT_EQ(v1, v2)                                                                          \
+  if ((v1) != (v2)) {                                                                              \
+    std::cerr << "Expected equality of" << std::endl                                               \
+              << "  " << #v1 << " (equal to " << (v1) << ")" << std::endl                          \
+              << "and" << std::endl                                                                \
+              << "  " << #v2 << " (equal to " << (v2) << ")" << std::endl;                         \
+    return 1;                                                                                      \
+  }
+
+int main(int argc, char** argv) {
+  {
+    UErrorCode err = U_ZERO_ERROR;
+    auto uidna = uidna_openUTS46(0, &err);
+
+    ASSERT_EQ(uidna != nullptr, true);
+    ASSERT_EQ(err, U_ZERO_ERROR);
+
+    delete uidna;
+  }
+
+  {
+    UErrorCode err = U_ZERO_ERROR;
+    UIDNAInfo info = UIDNA_INFO_INITIALIZER;
+    uidna_nameToASCII(nullptr, nullptr, 0, nullptr, 0, &info, &err);
+
+    ASSERT_EQ(info.errors, 0x80);
+    ASSERT_EQ(err, U_ILLEGAL_ARGUMENT_ERROR);
+  }
+
+  {
+    UErrorCode err = U_ZERO_ERROR;
+    UIDNAInfo info = UIDNA_INFO_INITIALIZER;
+    UChar data[] = {'1', '2', '3'};
+    UChar* src = &data[0];
+    uidna_nameToASCII(nullptr, src, 0, nullptr, *src, &info, &err);
+
+    ASSERT_EQ(info.errors, 0x80);
+    ASSERT_EQ(err, U_ILLEGAL_ARGUMENT_ERROR);
+  }
+
+  return 0;
+}