You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by sp...@apache.org on 2020/12/01 07:46:41 UTC
[apisix] branch master updated: fix: reject "" for route's
remote_addrs (#2907)
This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new ddfeb5d fix: reject "" for route's remote_addrs (#2907)
ddfeb5d is described below
commit ddfeb5de1de629ca2263f58371d624281f6451ff
Author: 罗泽轩 <sp...@gmail.com>
AuthorDate: Tue Dec 1 15:44:50 2020 +0800
fix: reject "" for route's remote_addrs (#2907)
This change imroves the IP schema validation.
---
apisix/schema_def.lua | 8 ++--
t/admin/routes.t | 106 ++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 111 insertions(+), 3 deletions(-)
diff --git a/apisix/schema_def.lua b/apisix/schema_def.lua
index 5e5bbdd..9dc420f 100644
--- a/apisix/schema_def.lua
+++ b/apisix/schema_def.lua
@@ -44,12 +44,14 @@ _M.host_def = host_def
local ipv4_def = "[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}"
-local ipv6_def = "([a-fA-F0-9]{0,4}:){0,8}(:[a-fA-F0-9]{0,4}){0,8}"
+-- There is false negative for ipv6/cidr. For instance, `:/8` will be valid.
+-- It is fine as the correct regex will be too complex.
+local ipv6_def = "([a-fA-F0-9]{0,4}:){1,8}(:[a-fA-F0-9]{0,4}){0,8}"
.. "([a-fA-F0-9]{0,4})?"
local ip_def = {
- {title = "IPv4", type = "string", pattern = "^" .. ipv4_def .. "$"},
+ {title = "IPv4", type = "string", format = "ipv4"},
{title = "IPv4/CIDR", type = "string", pattern = "^" .. ipv4_def .. "/[0-9]{1,2}$"},
- {title = "IPv6", type = "string", pattern = "^" .. ipv6_def .. "$"},
+ {title = "IPv6", type = "string", format = "ipv6"},
{title = "IPv6/CIDR", type = "string", pattern = "^" .. ipv6_def .. "/[0-9]{1,3}$"},
}
_M.ip_def = ip_def
diff --git a/t/admin/routes.t b/t/admin/routes.t
index 202545f..5341289 100644
--- a/t/admin/routes.t
+++ b/t/admin/routes.t
@@ -2428,3 +2428,109 @@ GET /t
[delete] code: 200 message: passed
--- no_error_log
[error]
+
+
+
+=== TEST 65: invalid route: bad remote_addrs
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "methods": ["GET"],
+ "remote_addrs": [""],
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:8080": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new route",
+ "uri": "/index.html"
+ }]]
+ )
+
+ ngx.status = code
+ ngx.print(body)
+ }
+ }
+--- request
+GET /t
+--- error_code: 400
+--- response_body_like eval
+qr/property \\"remote_addrs\\" validation failed:/
+--- no_error_log
+[error]
+
+
+
+=== TEST 66: invalid route: bad remote_addrs cidr
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "methods": ["GET"],
+ "remote_addrs": ["/16"],
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:8080": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new route",
+ "uri": "/index.html"
+ }]]
+ )
+
+ ngx.status = code
+ ngx.print(body)
+ }
+ }
+--- request
+GET /t
+--- error_code: 400
+--- response_body_like eval
+qr/property \\"remote_addrs\\" validation failed:/
+--- no_error_log
+[error]
+
+
+
+=== TEST 67: valid route with remote_addrs
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "methods": ["GET"],
+ "remote_addrs": ["::1/16", "::1", "::", "1.1.1.1", "1.1.1.1/32"],
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:8080": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new route",
+ "uri": "/index.html"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]