You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by pz...@apache.org on 2018/07/20 00:16:41 UTC
knox git commit: KNOX-1392 - Default whitelist must handle cases when
IP address is presented as the host namewq
Repository: knox
Updated Branches:
refs/heads/v1.1.0 036569f30 -> 43ed3213a
KNOX-1392 - Default whitelist must handle cases when IP address is presented as the host namewq
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/43ed3213
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/43ed3213
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/43ed3213
Branch: refs/heads/v1.1.0
Commit: 43ed3213a400446db3eb9117948324729f5aa18f
Parents: 036569f
Author: Phil Zampino <pz...@apache.org>
Authored: Thu Jul 19 20:15:08 2018 -0400
Committer: Phil Zampino <pz...@apache.org>
Committed: Thu Jul 19 20:15:08 2018 -0400
----------------------------------------------------------------------
.../org/apache/knox/gateway/util/WhitelistUtils.java | 15 +++++++++------
.../apache/knox/gateway/util/WhitelistUtilsTest.java | 10 ++++++++++
2 files changed, 19 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/43ed3213/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java b/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java
index 4f7d34f..4828090 100644
--- a/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java
+++ b/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java
@@ -37,6 +37,8 @@ public class WhitelistUtils {
static final String DEFAULT_DISPATCH_WHITELIST_TEMPLATE = "^/.*$;^https?://%s:[0-9]+/?.*$";
+ private static final String IP_ADDRESS_REGEX = "^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$";
+
private static final SpiGatewayMessages LOG = MessagesFactory.get(SpiGatewayMessages.class);
private static final List<String> DEFAULT_SERVICE_ROLES = Arrays.asList("KNOXSSO");
@@ -99,12 +101,13 @@ public class WhitelistUtils {
private static String deriveDomainBasedWhitelist(String hostname) {
String whitelist = null;
- int domainIndex = hostname.indexOf('.');
- if (domainIndex > 0) {
- String domain = hostname.substring(hostname.indexOf('.'));
- String domainPattern = ".+" + domain.replaceAll("\\.", "\\\\.");
- whitelist =
- String.format(DEFAULT_DISPATCH_WHITELIST_TEMPLATE, "(" + domainPattern + ")");
+ if (!hostname.matches(IP_ADDRESS_REGEX)) {
+ int domainIndex = hostname.indexOf('.');
+ if (domainIndex > 0) {
+ String domain = hostname.substring(hostname.indexOf('.'));
+ String domainPattern = ".+" + domain.replaceAll("\\.", "\\\\.");
+ whitelist = String.format(DEFAULT_DISPATCH_WHITELIST_TEMPLATE, "(" + domainPattern + ")");
+ }
}
return whitelist;
}
http://git-wip-us.apache.org/repos/asf/knox/blob/43ed3213/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java b/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java
index ddf62f2..f052c48 100644
--- a/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java
+++ b/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java
@@ -135,6 +135,16 @@ public class WhitelistUtilsTest {
}
@Test
+ public void testLocalhostAddressAsHostName() throws Exception {
+ final String serviceRole = "TEST";
+ // InetAddress#getCanonicalHostName() sometimes returns the IP address as the host name
+ String whitelist = doTestGetDispatchWhitelist(createMockGatewayConfig(Collections.singletonList(serviceRole), null),
+ "192.168.1.100",
+ serviceRole);
+ assertNull(whitelist);
+ }
+
+ @Test
public void testExplicitlyConfiguredDefaultWhitelist() throws Exception {
final String serviceRole = "TEST";
final String WHITELIST = "DEFAULT";