You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by pz...@apache.org on 2018/07/20 00:16:41 UTC

knox git commit: KNOX-1392 - Default whitelist must handle cases when IP address is presented as the host namewq

Repository: knox
Updated Branches:
  refs/heads/v1.1.0 036569f30 -> 43ed3213a


KNOX-1392 - Default whitelist must handle cases when IP address is presented as the host namewq


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/43ed3213
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/43ed3213
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/43ed3213

Branch: refs/heads/v1.1.0
Commit: 43ed3213a400446db3eb9117948324729f5aa18f
Parents: 036569f
Author: Phil Zampino <pz...@apache.org>
Authored: Thu Jul 19 20:15:08 2018 -0400
Committer: Phil Zampino <pz...@apache.org>
Committed: Thu Jul 19 20:15:08 2018 -0400

----------------------------------------------------------------------
 .../org/apache/knox/gateway/util/WhitelistUtils.java | 15 +++++++++------
 .../apache/knox/gateway/util/WhitelistUtilsTest.java | 10 ++++++++++
 2 files changed, 19 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/43ed3213/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java b/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java
index 4f7d34f..4828090 100644
--- a/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java
+++ b/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java
@@ -37,6 +37,8 @@ public class WhitelistUtils {
 
   static final String DEFAULT_DISPATCH_WHITELIST_TEMPLATE = "^/.*$;^https?://%s:[0-9]+/?.*$";
 
+  private static final String IP_ADDRESS_REGEX = "^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$";
+
   private static final SpiGatewayMessages LOG = MessagesFactory.get(SpiGatewayMessages.class);
 
   private static final List<String> DEFAULT_SERVICE_ROLES = Arrays.asList("KNOXSSO");
@@ -99,12 +101,13 @@ public class WhitelistUtils {
 
   private static String deriveDomainBasedWhitelist(String hostname) {
     String whitelist = null;
-    int domainIndex = hostname.indexOf('.');
-    if (domainIndex > 0) {
-      String domain = hostname.substring(hostname.indexOf('.'));
-      String domainPattern = ".+" + domain.replaceAll("\\.", "\\\\.");
-      whitelist =
-              String.format(DEFAULT_DISPATCH_WHITELIST_TEMPLATE, "(" + domainPattern + ")");
+    if (!hostname.matches(IP_ADDRESS_REGEX)) {
+      int domainIndex = hostname.indexOf('.');
+      if (domainIndex > 0) {
+        String domain = hostname.substring(hostname.indexOf('.'));
+        String domainPattern = ".+" + domain.replaceAll("\\.", "\\\\.");
+        whitelist = String.format(DEFAULT_DISPATCH_WHITELIST_TEMPLATE, "(" + domainPattern + ")");
+      }
     }
     return whitelist;
   }

http://git-wip-us.apache.org/repos/asf/knox/blob/43ed3213/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java b/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java
index ddf62f2..f052c48 100644
--- a/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java
+++ b/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java
@@ -135,6 +135,16 @@ public class WhitelistUtilsTest {
   }
 
   @Test
+  public void testLocalhostAddressAsHostName() throws Exception {
+    final String serviceRole = "TEST";
+    // InetAddress#getCanonicalHostName() sometimes returns the IP address as the host name
+    String whitelist = doTestGetDispatchWhitelist(createMockGatewayConfig(Collections.singletonList(serviceRole), null),
+                                                  "192.168.1.100",
+                                                  serviceRole);
+    assertNull(whitelist);
+  }
+
+  @Test
   public void testExplicitlyConfiguredDefaultWhitelist() throws Exception {
     final String serviceRole = "TEST";
     final String WHITELIST   = "DEFAULT";