CUSTESC-23757: Fix a bug where a wildcard ingress rule would match an host without starting with a dot

This commit is contained in:
João Oliveirinha 2022-11-25 16:29:34 +00:00
parent b0663dce33
commit e3d35570e6
2 changed files with 11 additions and 1 deletions

View File

@ -58,7 +58,7 @@ func matchHost(ruleHost, reqHost string) bool {
// Validate hostnames that use wildcards at the start // Validate hostnames that use wildcards at the start
if strings.HasPrefix(ruleHost, "*.") { if strings.HasPrefix(ruleHost, "*.") {
toMatch := strings.TrimPrefix(ruleHost, "*.") toMatch := strings.TrimPrefix(ruleHost, "*")
return strings.HasSuffix(reqHost, toMatch) return strings.HasSuffix(reqHost, toMatch)
} }
return false return false

View File

@ -148,6 +148,16 @@ func Test_rule_matches(t *testing.T) {
}, },
want: true, want: true,
}, },
{
name: "Hostname with wildcard should not match if no dot present",
rule: Rule{
Hostname: "*.api.abc.cloud",
},
args: args{
requestURL: MustParseURL(t, "https://testing-api.abc.cloud"),
},
want: false,
},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {