fix: handle invalid CONNECT path

package.json

@@ -1,6 +1,6 @@
 {
   "name": "proxy-chain",
-  "version": "2.0.4",
+  "version": "2.0.5",
   "description": "Node.js implementation of a proxy server (think Squid) with support for SSL, authentication, upstream proxy chaining, and protocol tunneling.",
   "main": "dist/index.js",
   "keywords": [

src/server.ts

@@ -306,7 +306,11 @@ export class Server extends EventEmitter {
 
         if (request.method === 'CONNECT') {
             // CONNECT server.example.com:80 HTTP/1.1
-            handlerOpts.trgParsed = new URL(`connect://${request.url}`);
+            try {
+                handlerOpts.trgParsed = new URL(`connect://${request.url}`);
+            } catch {
+                throw new RequestError(`Target "${request.url}" could not be parsed`, 400);
+            }
 
             if (!handlerOpts.trgParsed.hostname || !handlerOpts.trgParsed.port) {
                 throw new RequestError(`Target "${request.url}" could not be parsed`, 400);

test/server.js

@@ -915,6 +915,24 @@ const createTestSuite = ({
                 });
             }
 
+            it('handles invalid CONNECT path', (done) => {
+                const req = http.request(mainProxyUrl, {
+                    method: 'CONNECT',
+                    path: ':443',
+                    headers: {
+                        host: ':443',
+                    },
+                });
+                req.once('connect', (response, socket, head) => {
+                    expect(response.statusCode).to.equal(400);
+
+                    socket.destroy();
+                    done();
+                });
+
+                req.end();
+            });
+
             _it('returns 404 for non-existent hostname', () => {
                 const opts = getRequestOpts(`http://${NON_EXISTENT_HOSTNAME}`);
                 return requestPromised(opts)