Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(bk-auth-verify): add app_code/app_secret length check #70

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions src/apisix/plugins/bk-auth-verify/app-account-verifier.lua
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ local app_account_utils = require("apisix.plugins.bk-auth-verify.app-account-uti
local bk_app_define = require("apisix.plugins.bk-define.app")
local bk_cache = require("apisix.plugins.bk-cache.init")
local setmetatable = setmetatable
local string = string

local _M = {}

Expand All @@ -46,6 +47,14 @@ function _M.verify_app(self)
end

if not pl_types.is_empty(self.app_secret) then
-- check the length before call bkauth apis
if string.len(self.app_code) > 32 then
return bk_app_define.new_anonymous_app("app code cannot be longer than 32 characters")
end
if string.len(self.app_secret) > 128 then
return bk_app_define.new_anonymous_app("app secret cannot be longer than 128 characters")
end

return self:verify_by_app_secret()
end

Expand Down
30 changes: 30 additions & 0 deletions src/apisix/tests/bk-auth-verify/test-app-account-verifier.lua
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,36 @@ describe(
end
)

it(
"app_code length is greather 32", function()
local auth_params = auth_params_mod.new({
bk_app_code = "123456789012345678901234567890123",
bk_app_secret = "world",
})
local verifier = app_account_verifier_mod.new(auth_params)

local app = verifier:verify_app()
assert.is_equal(app.app_code, "")
assert.is_false(app.verified)
assert.is_equal(app.valid_error_message, "app code cannot be longer than 32 characters")
end
)

it(
"app_secret length is greather 128", function()
local auth_params = auth_params_mod.new({
bk_app_code = "hello",
bk_app_secret = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
})
local verifier = app_account_verifier_mod.new(auth_params)

local app = verifier:verify_app()
assert.is_equal(app.app_code, "")
assert.is_false(app.verified)
assert.is_equal(app.valid_error_message, "app secret cannot be longer than 128 characters")
end
)

it(
"app secret is not empty", function()
auth_params = auth_params_mod.new(
Expand Down
14 changes: 14 additions & 0 deletions src/build/patches/006_use_encoded_uri_for_radixtree_match.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
diff --git a/apisix/http/route.lua b/apisix/http/route.lua
index d475646b..bc97ef82 100644
--- a/apisix/http/route.lua
+++ b/apisix/http/route.lua
@@ -111,7 +111,8 @@ function _M.match_uri(uri_router, match_opts, api_ctx)
match_opts.vars = api_ctx.var
match_opts.matched = core.tablepool.fetch("matched_route_record", 0, 4)

- local ok = uri_router:dispatch(api_ctx.var.uri, match_opts, api_ctx, match_opts)
+ local encoded_uri = core.utils.uri_safe_encode(api_ctx.var.uri)
+ local ok = uri_router:dispatch(encoded_uri, match_opts, api_ctx, match_opts)
return ok
end