Skip to content

Commit

Permalink
BUG/MINOR: version: sanitizing user input
Browse files Browse the repository at this point in the history
Signed-off-by: Dario Tranchitella <[email protected]>
  • Loading branch information
prometherion committed Sep 24, 2024
1 parent 9333f13 commit 064b254
Show file tree
Hide file tree
Showing 4 changed files with 59 additions and 4 deletions.
25 changes: 24 additions & 1 deletion configuration/raw.go
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ func (c *client) PostRawConfiguration(config *string, version int64, skipVersion

w := bufio.NewWriter(tmp)
if !skipVersionCheck {
_, _ = w.WriteString(fmt.Sprintf("# _version=%v\n%v", version, *config))
_, _ = w.WriteString(fmt.Sprintf("# _version=%v\n%v", version, c.dropVersionFromRaw(*config)))
} else {
_, _ = w.WriteString(*config)
}
Expand All @@ -204,6 +204,29 @@ func (c *client) PostRawConfiguration(config *string, version int64, skipVersion
return nil
}

// dropVersionFromRaw is used when force pushing a raw configuration with version check:
// if the provided user input has already a version metadata it must be withdrawn.
func (c *client) dropVersionFromRaw(input string) *string {
scanner := bufio.NewScanner(strings.NewReader(input))

var sanitized strings.Builder

for scanner.Scan() {
t := scanner.Bytes()

if bytes.HasPrefix(t, []byte("# _version=")) {
continue
}

sanitized.Write(t)
sanitized.WriteByte('\n')
}

str := sanitized.String()

return &str
}

func (c *client) validateConfigFile(confFile string) error {
// #nosec G204
cmd := exec.Command(c.Haproxy)
Expand Down
32 changes: 32 additions & 0 deletions configuration/version_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@ package configuration
import (
"io/ioutil"
"testing"

"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)

func generateConfig(config string) (string, error) {
Expand All @@ -32,6 +35,35 @@ func generateConfig(config string) (string, error) {
return f.Name(), nil
}

func TestClient_PostRawConfiguration(t *testing.T) {
fVersion, err := generateConfig("")
require.NoError(t, err, "generateConfig")

t.Cleanup(func() {
assert.NoError(t, deleteTestFile(fVersion), "clean-up")
})

c, err := prepareClient(fVersion)
require.NoError(t, err, "prepareClient")

v, vErr := c.GetVersion("")
assert.Equal(t, int64(1), v, "initialized configuration must be 1")
// The user is providing a raw configuration with a wrong version such as metadata:
// this must be ignored and removed by Client Native
configWithVersion := `
# _version=123
global
daemon`

err = c.PostRawConfiguration(&configWithVersion, 1, false)
require.NoError(t, err, "PostRawConfiguration")

v, vErr = c.GetVersion("")
require.NoError(t, vErr, "GetVersion")

assert.Equal(t, int64(2), v, "123 should be dropped, and version bumped")
}

func TestClient_GetConfigurationVersion(t *testing.T) {
configWithVersion := `# _version=10
global
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ require (
github.com/google/go-cmp v0.6.0
github.com/google/renameio v1.0.1
github.com/google/uuid v1.6.0
github.com/haproxytech/config-parser/v5 v5.1.5
github.com/haproxytech/config-parser/v5 v5.1.6
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
github.com/mitchellh/mapstructure v1.5.0
github.com/pkg/errors v0.9.1
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@ github.com/google/renameio v1.0.1 h1:Lh/jXZmvZxb0BBeSY5VKEfidcbcbenKjZFzM/q0fSeU
github.com/google/renameio v1.0.1/go.mod h1:t/HQoYBZSsWSNK35C6CO/TpPLDVWvxOHboWUAweKUpk=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/haproxytech/config-parser/v5 v5.1.5 h1:wZZ7z62Q5xbRQCoyEejli3unj0/Eo+ixJrwe9ZBdzvI=
github.com/haproxytech/config-parser/v5 v5.1.5/go.mod h1:16+1AbS+AvMZkDScIhergz2dqecQuEmjwV4Xt5ncS9s=
github.com/haproxytech/config-parser/v5 v5.1.6 h1:64KHffpOGoyjFuMmq9dLOvcRCEzg/2GAnPwhmue1uVY=
github.com/haproxytech/config-parser/v5 v5.1.6/go.mod h1:16+1AbS+AvMZkDScIhergz2dqecQuEmjwV4Xt5ncS9s=
github.com/haproxytech/go-logger v1.1.0 h1:HgGtYaI1ApkvbQdsm7f9AzQQoxTB7w37criTflh7IQE=
github.com/haproxytech/go-logger v1.1.0/go.mod h1:OekUd8HCb7ubxMplzHUPBTHNxZmddOWfOjWclZsqIeM=
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
Expand Down

0 comments on commit 064b254

Please sign in to comment.