Commit e9641c5c authored by Matthew Fay's avatar Matthew Fay Committed by Matt Holt

proxy: Re-add pre-existing trailing slashes in AllowedPath (#2151)

* proxy.AllowedPath: Re-append trailing slashes to excepted path comparisons

* Substitute HasSuffix for manual check; check slash was actually removed
parent 495656f7
...@@ -665,7 +665,17 @@ func (u *staticUpstream) Select(r *http.Request) *UpstreamHost { ...@@ -665,7 +665,17 @@ func (u *staticUpstream) Select(r *http.Request) *UpstreamHost {
func (u *staticUpstream) AllowedPath(requestPath string) bool { func (u *staticUpstream) AllowedPath(requestPath string) bool {
for _, ignoredSubPath := range u.IgnoredSubPaths { for _, ignoredSubPath := range u.IgnoredSubPaths {
if httpserver.Path(path.Clean(requestPath)).Matches(path.Join(u.From(), ignoredSubPath)) { p := path.Clean(requestPath)
e := path.Join(u.From(), ignoredSubPath)
// Re-add a trailing slashes if the original
// paths had one and the cleaned paths don't
if strings.HasSuffix(requestPath, "/") && !strings.HasSuffix(p, "/") {
p = p + "/"
}
if strings.HasSuffix(ignoredSubPath, "/") && !strings.HasSuffix(e, "/") {
e = e + "/"
}
if httpserver.Path(p).Matches(e) {
return false return false
} }
} }
......
...@@ -136,7 +136,7 @@ func TestRegisterPolicy(t *testing.T) { ...@@ -136,7 +136,7 @@ func TestRegisterPolicy(t *testing.T) {
func TestAllowedPaths(t *testing.T) { func TestAllowedPaths(t *testing.T) {
upstream := &staticUpstream{ upstream := &staticUpstream{
from: "/proxy", from: "/proxy",
IgnoredSubPaths: []string{"/download", "/static"}, IgnoredSubPaths: []string{"/download", "/static", "/trailingslash/"},
} }
tests := []struct { tests := []struct {
url string url string
...@@ -153,6 +153,8 @@ func TestAllowedPaths(t *testing.T) { ...@@ -153,6 +153,8 @@ func TestAllowedPaths(t *testing.T) {
{"/proxy//static", false}, {"/proxy//static", false},
{"/proxy//static//download", false}, {"/proxy//static//download", false},
{"/proxy//download", false}, {"/proxy//download", false},
{"/proxy/trailingslash", true},
{"/proxy/trailingslash/", false},
} }
for i, test := range tests { for i, test := range tests {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment