3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-04 21:06:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

config: Validate that shared_key does not contain whitespace

Browse source
This commit is contained in:
Travis Groth 2019-12-20 06:20:39 -05:00 committed by GitHub
parent a29ae6428f
commit 1dfcd396fc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
config/options.go
View file

@ -414,6 +414,10 @@ func (o *Options) Validate() error {
return errors.New("config: shared-key cannot be empty") return errors.New("config: shared-key cannot be empty")
} }
if o.SharedKey != strings.TrimSpace(o.SharedKey) {
return errors.New("config: shared-key contains whitespace")
}
if o.AuthenticateURLString != "" { if o.AuthenticateURLString != "" {
u, err := urlutil.ParseAndValidateURL(o.AuthenticateURLString) u, err := urlutil.ParseAndValidateURL(o.AuthenticateURLString)
if err != nil { if err != nil {

1
config/options_test.go
View file

@ -279,6 +279,7 @@ func Test_NewOptionsFromConfigEnvVar(t *testing.T) {
{"bad cert key base64", map[string]string{"CERTIFICATE_KEY": "bad cert", "SHARED_SECRET": "YixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM="}, true}, {"bad cert key base64", map[string]string{"CERTIFICATE_KEY": "bad cert", "SHARED_SECRET": "YixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM="}, true},
{"bad no certs no insecure mode set", map[string]string{"SHARED_SECRET": "YixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM="}, true}, {"bad no certs no insecure mode set", map[string]string{"SHARED_SECRET": "YixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM="}, true},
{"good disable headers ", map[string]string{"HEADERS": "disable:true", "INSECURE_SERVER": "true", "SHARED_SECRET": "YixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM="}, false}, {"good disable headers ", map[string]string{"HEADERS": "disable:true", "INSECURE_SERVER": "true", "SHARED_SECRET": "YixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM="}, false},
{"bad whitespace in secret", map[string]string{"INSECURE_SERVER": "true", "SERVICES": "authenticate", "SHARED_SECRET": "YixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=\n"}, true},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {

1
docs/docs/CHANGELOG.md
View file

@ -9,6 +9,7 @@
- Added yaml tags to all options struct fields - Added yaml tags to all options struct fields
- [GH-394](https://github.com/pomerium/pomerium/pull/394) - [GH-394](https://github.com/pomerium/pomerium/pull/394)
- [GH-397](https://github.com/pomerium/pomerium/pull/397) - [GH-397](https://github.com/pomerium/pomerium/pull/397)
- Improved config validation for `shared_secret` [GH-427](https://github.com/pomerium/pomerium/pull/427)
### Fixed ### Fixed