You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/02/15 14:49:34 UTC
[GitHub] [apisix] nfrankel opened a new issue #6330: bug: Wrong pattern validation in the proxy-mirror plugin
nfrankel opened a new issue #6330:
URL: https://github.com/apache/apisix/issues/6330
### Issue description
The `proxy-mirror` plugin validates the `host` pattern with the following regex: `[[^http(s)?:\/\/[a-zA-Z0-9][-a-zA-Z0-9]{0,62}]] .. [[(\.[a-zA-Z0-9][-a-zA-Z0-9]{0,62})+(:[0-9]{1,5})?$]]`.
In specific scenarios, the pattern is too restrictive. For example, in Docker Compose, the host is a single name with no dot, _e.g._, `backend`.
### Environment
- apisix version (cmd: `apisix version`): `2.12.0`
- OS (cmd: `uname -a`): `Linux 53df324263a6 5.10.76-linuxkit #1 SMP PREEMPT Mon Nov 8 11:22:26 UTC 2021 aarch64 Linux`
- OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`): `nginx version: openresty/1.19.9.1`
- etcd version, if have (cmd: run `curl http://127.0.0.1:9090/v1/server_info` to get the info from server-info API): `404 page not found`
- apisix-dashboard version, if have: -
- the plugin runner version, if the issue is about a plugin runner (cmd: depended on the kind of runner): -
- luarocks version, if the issue is about installation (cmd: `luarocks --version`): -
### Steps to reproduce
1. Start APISIX
2. Enable the `proxy-mirror` plugin
3. Create a route:
curl -v -i http://apisix:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"methods": ["GET"],
"uris": ["/hello"],
"upstream": {
"type": "roundrobin",
"nodes": {
"oldapi:8081": 1
}
}
"plugins": {
"proxy-mirror": {
"host": "http://newapi:8082"
}
}
}'
4. Use the route:
`curl localhost:9080/hello'
### Actual result
```
{"error_msg":"failed to check the configuration of plugin proxy-mirror err: property \"host\" validation failed: failed to match pattern \"^http(s)?:\\\\\/\\\\\/[a-zA-Z0-9][-a-zA-Z0-9]{0,62}(\\\\.[a-zA-Z0-9][-a-zA-Z0-9]{0,62})+(:[0-9]{1,5})?$\" with \"http:\/\/newapi:8082\""}
```
### Error log
There's no error log
### Expected result
Plugin is configured and traffic is mirrored
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #6330: bug: Wrong pattern validation in the proxy-mirror plugin
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #6330:
URL: https://github.com/apache/apisix/issues/6330#issuecomment-1041031105
This is a small difference between the "host" in the proxy-mirror & upstream:
The name "host" in proxy-mirror is incorrect, which is actually `uri`.
Maybe we can depreciate the name (as a refactor for the very old code)?
I have just reviewed the pattern, it seems that it can't handle IPv6 either. What about only validating the scheme part of the URI? (It's error-prone to match IPv6 with regex)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] nfrankel edited a comment on issue #6330: bug: Wrong pattern validation in the proxy-mirror plugin
Posted by GitBox <gi...@apache.org>.
nfrankel edited a comment on issue #6330:
URL: https://github.com/apache/apisix/issues/6330#issuecomment-1041136103
For whoever stumbles upon this later, the workaround is to set up an network alias.
In `docker-compose.yml`:
````yaml
newapi:
build: new-api
ports:
- "8082:8082"
networks:
default:
aliases:
- new.api
````
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] nfrankel commented on issue #6330: bug: Wrong pattern validation in the proxy-mirror plugin
Posted by GitBox <gi...@apache.org>.
nfrankel commented on issue #6330:
URL: https://github.com/apache/apisix/issues/6330#issuecomment-1040373997
We shall first decide what's the expected behavior:
1. No validation. The responsibility falls on the shoulders of the configurer, and it may fais at runtime.
2. Apply the same rule as for an `Upstream`
3. Replace the `host` part with an `upstream`. Also allows an `upstream_id`. This goes beyond bug fixing.
4. Something else?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander closed issue #6330: bug: Wrong pattern validation in the proxy-mirror plugin
Posted by GitBox <gi...@apache.org>.
spacewander closed issue #6330:
URL: https://github.com/apache/apisix/issues/6330
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] nfrankel commented on issue #6330: bug: Wrong pattern validation in the proxy-mirror plugin
Posted by GitBox <gi...@apache.org>.
nfrankel commented on issue #6330:
URL: https://github.com/apache/apisix/issues/6330#issuecomment-1040373997
We shall first decide what's the expected behavior:
1. No validation. The responsibility falls on the shoulders of the configurer, and it may fais at runtime.
2. Apply the same rule as for an `Upstream`
3. Replace the `host` part with an `upstream`. Also allows an `upstream_id`. This goes beyond bug fixing.
4. Something else?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] nfrankel commented on issue #6330: bug: Wrong pattern validation in the proxy-mirror plugin
Posted by GitBox <gi...@apache.org>.
nfrankel commented on issue #6330:
URL: https://github.com/apache/apisix/issues/6330#issuecomment-1041136103
For whoever stumbles upon this later, the workaround is to set up an network alias.
In `docker-compose.yml`:
````yaml
newapi:
build: new-api
ports:
- "8082:8082"
networks:
default:
aliases:
- new.api
````
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org