From e3d35570e6e5132650f4bb899f2fde57ab90ff49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Oliveirinha?= Date: Fri, 25 Nov 2022 16:29:34 +0000 Subject: [PATCH] CUSTESC-23757: Fix a bug where a wildcard ingress rule would match an host without starting with a dot --- ingress/ingress.go | 2 +- ingress/rule_test.go | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/ingress/ingress.go b/ingress/ingress.go index 8905fb6d..0d989110 100644 --- a/ingress/ingress.go +++ b/ingress/ingress.go @@ -58,7 +58,7 @@ func matchHost(ruleHost, reqHost string) bool { // Validate hostnames that use wildcards at the start if strings.HasPrefix(ruleHost, "*.") { - toMatch := strings.TrimPrefix(ruleHost, "*.") + toMatch := strings.TrimPrefix(ruleHost, "*") return strings.HasSuffix(reqHost, toMatch) } return false diff --git a/ingress/rule_test.go b/ingress/rule_test.go index 1c051137..1a46f155 100644 --- a/ingress/rule_test.go +++ b/ingress/rule_test.go @@ -148,6 +148,16 @@ func Test_rule_matches(t *testing.T) { }, want: true, }, + { + name: "Hostname with wildcard should not match if no dot present", + rule: Rule{ + Hostname: "*.api.abc.cloud", + }, + args: args{ + requestURL: MustParseURL(t, "https://testing-api.abc.cloud"), + }, + want: false, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) {