Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
slapos
Commits
c6fbeaeb
Commit
c6fbeaeb
authored
Jul 14, 2020
by
Łukasz Nowak
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
caddy-frontend: Validate backend url stricter
parent
b81ed2ea
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
23 additions
and
5 deletions
+23
-5
software/caddy-frontend/buildout.hash.cfg
software/caddy-frontend/buildout.hash.cfg
+1
-1
software/caddy-frontend/instance-apache-replicate.cfg.in
software/caddy-frontend/instance-apache-replicate.cfg.in
+2
-2
software/caddy-frontend/test/test.py
software/caddy-frontend/test/test.py
+20
-2
No files found.
software/caddy-frontend/buildout.hash.cfg
View file @
c6fbeaeb
...
@@ -26,7 +26,7 @@ md5sum = 23237969bbd9e974ac674b2052e8d67c
...
@@ -26,7 +26,7 @@ md5sum = 23237969bbd9e974ac674b2052e8d67c
[template-caddy-replicate]
[template-caddy-replicate]
filename = instance-apache-replicate.cfg.in
filename = instance-apache-replicate.cfg.in
md5sum =
5dabdbf51d20bf9e9e277e5b84d58b7e
md5sum =
dac4ed5b4c95b6905f48bab8769ca236
[template-slave-list]
[template-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
...
...
software/caddy-frontend/instance-apache-replicate.cfg.in
View file @
c6fbeaeb
...
@@ -138,12 +138,12 @@ context =
...
@@ -138,12 +138,12 @@ context =
{% do slave.__setitem__('server-alias', ' '.join(slave_server_alias_unclashed)) %}
{% do slave.__setitem__('server-alias', ' '.join(slave_server_alias_unclashed)) %}
{% endif %}
{% endif %}
{% if slave.get('url') %}
{% if slave.get('url') %}
{% if subprocess_module.call([caddy_backend_url_validator, '' ~ slave['url']]) == 1 %}
{% if subprocess_module.call([caddy_backend_url_validator, '' ~ slave['url']]) == 1
or not validators.url('' ~ slave['url'])
%}
{% do slave_error_list.append('slave url %r invalid' % (slave['url'],)) %}
{% do slave_error_list.append('slave url %r invalid' % (slave['url'],)) %}
{% endif %}
{% endif %}
{% endif %}
{% endif %}
{% if slave.get('https-url') %}
{% if slave.get('https-url') %}
{% if subprocess_module.call([caddy_backend_url_validator, '' ~ slave['https-url']]) == 1 %}
{% if subprocess_module.call([caddy_backend_url_validator, '' ~ slave['https-url']]) == 1
or not validators.url('' ~ slave['https-url'])
%}
{% do slave_error_list.append('slave https-url %r invalid' % (slave['https-url'],)) %}
{% do slave_error_list.append('slave https-url %r invalid' % (slave['https-url'],)) %}
{% endif %}
{% endif %}
{% endif %}
{% endif %}
...
...
software/caddy-frontend/test/test.py
View file @
c6fbeaeb
...
@@ -6065,6 +6065,10 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
...
@@ -6065,6 +6065,10 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'
ssl
-
proxy
-
verify
': True,
'
ssl
-
proxy
-
verify
': True,
'
ssl_proxy_ca_crt
': '
damaged
',
'
ssl_proxy_ca_crt
': '
damaged
',
},
},
'
bad
-
backend
': {
'
url
': '
http
:
//
1
:
2
:
3
:
4
',
'
https
-
url
': '
http
:
//
host
.
domain
:
badport
',
},
'
custom_domain
-
unsafe
': {
'
custom_domain
-
unsafe
': {
'
custom_domain
': '
$
{
section
:
option
}
afterspace
\
nafternewline
',
'
custom_domain
': '
$
{
section
:
option
}
afterspace
\
nafternewline
',
},
},
...
@@ -6133,8 +6137,8 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
...
@@ -6133,8 +6137,8 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'domain': 'example.com',
'domain': 'example.com',
'accepted-slave-amount': '7',
'accepted-slave-amount': '7',
'rejected-slave-amount': '1
1
',
'rejected-slave-amount': '1
2
',
'slave-amount': '1
8
',
'slave-amount': '1
9
',
'rejected-slave-dict': {
'rejected-slave-dict': {
'_https-url': ['slave https-url "
https
:
//
[
fd46
::
c2ae
]:
!
py
!
u
\
'123123
\
'
"'
'_https-url': ['slave https-url "
https
:
//
[
fd46
::
c2ae
]:
!
py
!
u
\
'123123
\
'
"'
' invalid'
],
' invalid'
],
...
@@ -6160,6 +6164,9 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
...
@@ -6160,6 +6164,9 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
"ssl_ca_crt is present, so ssl_crt and ssl_key are required"
],
"ssl_ca_crt is present, so ssl_crt and ssl_key are required"
],
'_ssl_key-ssl_crt-unsafe'
:
[
'_ssl_key-ssl_crt-unsafe'
:
[
"slave ssl_key and ssl_crt does not match"
],
"slave ssl_key and ssl_crt does not match"
],
'_bad-backend'
:
[
"slave url 'http://1:2:3:4' invalid"
,
"slave https-url 'http://host.domain:badport' invalid"
],
},
},
'warning-slave-dict'
:
{
'warning-slave-dict'
:
{
'_ssl_ca_crt_only'
:
[
'_ssl_ca_crt_only'
:
[
...
@@ -6511,3 +6518,14 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
...
@@ -6511,3 +6518,14 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
},
},
parameter_dict
parameter_dict
)
)
def
test_bad_backend
(
self
):
parameter_dict
=
self
.
parseSlaveParameterDict
(
'bad-backend'
)
self
.
assertEqual
(
{
'request-error-list'
:
[
"slave url 'http://1:2:3:4' invalid"
,
"slave https-url 'http://host.domain:badport' invalid"
],
},
parameter_dict
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment