You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by we...@apache.org on 2020/11/15 09:22:35 UTC
[apisix] branch master updated: fix(http-logger): validate uri (#2708)

This is an automated email from the ASF dual-hosted git repository.

wenming pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git


The following commit(s) were added to refs/heads/master by this push:
     new 58cba26  fix(http-logger): validate uri (#2708)
58cba26 is described below

commit 58cba26e5199799f76ea1601440af0e757237c3f
Author: 罗泽轩 <sp...@gmail.com>
AuthorDate: Sun Nov 15 17:22:25 2020 +0800

    fix(http-logger): validate uri (#2708)
---
 apisix/plugins/http-logger.lua   |  2 +-
 apisix/schema_def.lua            |  4 ++++
 doc/plugins/http-logger.md       |  2 +-
 doc/zh-cn/plugins/http-logger.md |  2 +-
 t/plugin/http-logger.t           | 46 ++++++++++++++++++++++++++++++++++++++--
 5 files changed, 51 insertions(+), 5 deletions(-)

diff --git a/apisix/plugins/http-logger.lua b/apisix/plugins/http-logger.lua
index b18efba..7378fec 100644
--- a/apisix/plugins/http-logger.lua
+++ b/apisix/plugins/http-logger.lua
@@ -38,7 +38,7 @@ local lru_log_format = core.lrucache.new({
 local schema = {
     type = "object",
     properties = {
-        uri = {type = "string"},
+        uri = core.schema.uri_def,
         auth_header = {type = "string", default = ""},
         timeout = {type = "integer", minimum = 1, default = 3},
         name = {type = "string", default = "http logger"},
diff --git a/apisix/schema_def.lua b/apisix/schema_def.lua
index 104857f..c904ac5 100644
--- a/apisix/schema_def.lua
+++ b/apisix/schema_def.lua
@@ -54,6 +54,10 @@ local ip_def = {
 }
 _M.ip_def = ip_def
 
+
+_M.uri_def = {type = "string", pattern = [=[^[^\/]+:\/\/([\da-zA-Z.-]+|\[[\da-fA-F:]+\])(:\d+)?]=]}
+
+
 local timestamp_def = {
     type = "integer",
 }
diff --git a/doc/plugins/http-logger.md b/doc/plugins/http-logger.md
index 8c4f20b..ade3db1 100644
--- a/doc/plugins/http-logger.md
+++ b/doc/plugins/http-logger.md
@@ -60,7 +60,7 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
 {
       "plugins": {
             "http-logger": {
-                "uri": "127.0.0.1:80/postendpoint?param=1",
+                "uri": "http://127.0.0.1:80/postendpoint?param=1",
             }
        },
       "upstream": {
diff --git a/doc/zh-cn/plugins/http-logger.md b/doc/zh-cn/plugins/http-logger.md
index b45947e..c52b07e 100644
--- a/doc/zh-cn/plugins/http-logger.md
+++ b/doc/zh-cn/plugins/http-logger.md
@@ -59,7 +59,7 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
 {
       "plugins": {
             "http-logger": {
-                "uri": "127.0.0.1:80/postendpoint?param=1"
+                "uri": "http://127.0.0.1:80/postendpoint?param=1"
             }
        },
       "upstream": {
diff --git a/t/plugin/http-logger.t b/t/plugin/http-logger.t
index 029a85e..0b5619f 100644
--- a/t/plugin/http-logger.t
+++ b/t/plugin/http-logger.t
@@ -29,7 +29,7 @@ __DATA__
     location /t {
         content_by_lua_block {
             local plugin = require("apisix.plugins.http-logger")
-            local ok, err = plugin.check_schema({uri = "127.0.0.1"})
+            local ok, err = plugin.check_schema({uri = "http://127.0.0.1"})
             if not ok then
                 ngx.say(err)
             end
@@ -51,7 +51,7 @@ done
     location /t {
         content_by_lua_block {
             local plugin = require("apisix.plugins.http-logger")
-            local ok, err = plugin.check_schema({uri = "127.0.0.1",
+            local ok, err = plugin.check_schema({uri = "http://127.0.0.1",
                                                  auth_header = "Basic 123",
                                                  timeout = 3,
                                                  name = "http-logger",
@@ -595,3 +595,45 @@ hello1 world
 --- error_log
 Batch Processor[http logger] failed to process entries: failed to connect to host[127.0.0.1] port[9991] connection refused
 --- wait: 1.5
+
+
+
+=== TEST 16: check uri
+--- config
+    location /t {
+        content_by_lua_block {
+            local plugin = require("apisix.plugins.http-logger")
+            local bad_uris = {
+               "127.0.0.1", 
+               "127.0.0.1:1024", 
+            }
+            for _, bad_uri in ipairs(bad_uris) do
+                local ok, err = plugin.check_schema({uri = bad_uri})
+                if ok then
+                    ngx.say("mismatched ", bad)
+                end
+            end
+
+            local good_uris = {
+               "http://127.0.0.1:1024/x?aa=b", 
+               "http://127.0.0.1:1024?aa=b", 
+               "http://127.0.0.1:1024", 
+               "http://x.con", 
+               "https://x.con", 
+            }
+            for _, good_uri in ipairs(good_uris) do
+                local ok, err = plugin.check_schema({uri = good_uri})
+                if not ok then
+                    ngx.say("mismatched ", good)
+                end
+            end
+
+            ngx.say("done")
+        }
+    }
+--- request
+GET /t
+--- response_body
+done
+--- no_error_log
+[error]