TUN-6728: Verify http status code ingress rule

This commit is contained in:
Devin Carr 2022-09-01 14:20:22 -07:00
parent 902e5beb4f
commit f7a14d9200
3 changed files with 18 additions and 3 deletions

View File

@ -1,3 +1,7 @@
## 2022.9.0
### New Features
- cloudflared now rejects ingress rules with invalid http status codes for http_status.
## 2022.8.1 ## 2022.8.1
### New Features ### New Features
- cloudflared now remembers if it connected to a certain protocol successfully. If it did, it does not fall back to a lower - cloudflared now remembers if it connected to a certain protocol successfully. If it did, it does not fall back to a lower

View File

@ -182,11 +182,14 @@ func validateIngress(ingress []config.UnvalidatedIngressRule, defaults OriginReq
path := strings.TrimPrefix(r.Service, prefix) path := strings.TrimPrefix(r.Service, prefix)
service = &unixSocketPath{path: path, scheme: "https"} service = &unixSocketPath{path: path, scheme: "https"}
} else if prefix := "http_status:"; strings.HasPrefix(r.Service, prefix) { } else if prefix := "http_status:"; strings.HasPrefix(r.Service, prefix) {
status, err := strconv.Atoi(strings.TrimPrefix(r.Service, prefix)) statusCode, err := strconv.Atoi(strings.TrimPrefix(r.Service, prefix))
if err != nil { if err != nil {
return Ingress{}, errors.Wrap(err, "invalid HTTP status") return Ingress{}, errors.Wrap(err, "invalid HTTP status code")
} }
srv := newStatusCode(status) if statusCode < 100 || statusCode > 999 {
return Ingress{}, fmt.Errorf("invalid HTTP status code: %d", statusCode)
}
srv := newStatusCode(statusCode)
service = &srv service = &srv
} else if r.Service == HelloWorldService || r.Service == "hello-world" || r.Service == "helloworld" { } else if r.Service == HelloWorldService || r.Service == "hello-world" || r.Service == "helloworld" {
service = new(helloWorld) service = new(helloWorld)

View File

@ -208,6 +208,14 @@ ingress:
args: args{rawYAML: ` args: args{rawYAML: `
ingress: ingress:
- service: http_status:asdf - service: http_status:asdf
`},
wantErr: true,
},
{
name: "Invalid HTTP status code",
args: args{rawYAML: `
ingress:
- service: http_status:8080
`}, `},
wantErr: true, wantErr: true,
}, },