BUG/MINOR: version: sanitizing user input

haproxytech · Sep 26, 2024 · 542eb91 · 542eb91
1 parent 77a7cef
commit 542eb91
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 1 deletion.
diff --git a/config-parser/parsers/extra/config-version.go b/config-parser/parsers/extra/config-version.go
@@ -57,6 +57,11 @@ func (p *ConfigVersion) Parse(line string, parts []string, comment string) (stri
 		if len(data) < 2 {
 			return "", &errors.ParseError{Parser: "ConfigVersion", Line: line}
 		}
+
+		if p.data != nil {
+			return "", &errors.ParseError{Parser: "ConfigVersion", Line: line}
+		}
+
 		if version, err := strconv.ParseInt(data[1], 10, 64); err == nil {
 			p.data = &types.ConfigVersion{
 				Value: version,

diff --git a/configuration/raw.go b/configuration/raw.go
@@ -180,7 +180,7 @@ func (c *client) PostRawConfiguration(config *string, version int64, skipVersion
 
 	w := bufio.NewWriter(tmp)
 	if !skipVersionCheck {
-		_, _ = w.WriteString(fmt.Sprintf("# _version=%v\n%v", version, *config))
+		_, _ = w.WriteString(fmt.Sprintf("# _version=%v\n%v", version, c.dropVersionFromRaw(*config)))
 	} else {
 		_, _ = w.WriteString(*config)
 	}
@@ -204,6 +204,29 @@ func (c *client) PostRawConfiguration(config *string, version int64, skipVersion
 	return nil
 }
 
+// dropVersionFromRaw is used when force pushing a raw configuration with version check:
+// if the provided user input has already a version metadata it must be withdrawn.
+func (c *client) dropVersionFromRaw(input string) *string {
+	scanner := bufio.NewScanner(strings.NewReader(input))
+
+	var sanitized strings.Builder
+
+	for scanner.Scan() {
+		t := scanner.Bytes()
+
+		if bytes.HasPrefix(t, []byte("# _version=")) {
+			continue
+		}
+
+		sanitized.Write(t)
+		sanitized.WriteByte('\n')
+	}
+
+	str := sanitized.String()
+
+	return &str
+}
+
 func (c *client) validateConfigFile(confFile string) error {
 	// #nosec G204
 	cmd := exec.Command(c.Haproxy)

diff --git a/test/version_test.go b/test/version_test.go
@@ -18,6 +18,9 @@ package test
 import (
 	"io/ioutil"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func generateConfig(config string) (string, error) {
@@ -32,6 +35,34 @@ func generateConfig(config string) (string, error) {
 	return f.Name(), nil
 }
 
+func TestClient_PostRawConfiguration(t *testing.T) {
+	fVersion, err := generateConfig("")
+	require.NoError(t, err, "generateConfig")
+
+	t.Cleanup(func() {
+		assert.NoError(t, deleteTestFile(fVersion), "clean-up")
+	})
+
+	c, err := prepareClient(fVersion)
+	require.NoError(t, err, "prepareClient")
+
+	v, vErr := c.GetVersion("")
+	assert.Equal(t, int64(1), v, "initialized configuration must be 1")
+	// The user is providing a raw configuration with a wrong version such as metadata:
+	// this must be ignored and removed by Client Native
+	configWithVersion := `# _version=123
+global
+	daemon`
+
+	err = c.PostRawConfiguration(&configWithVersion, 1, false)
+	require.NoError(t, err, "PostRawConfiguration")
+
+	v, vErr = c.GetVersion("")
+	require.NoError(t, vErr, "GetVersion")
+
+	assert.Equal(t, int64(2), v, "123 should be dropped, and version bumped")
+}
+
 func TestClient_GetConfigurationVersion(t *testing.T) {
 	configWithVersion := `# _version=10
 global