3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-19 01:28:51 +02:00
Code Issues Projects Releases Packages Wiki Activity

config: fix policy matching for regular expressions (#2966)

Browse source 
* config: fix policy matching for regular expressions

* compile regex in validate, add test

* fix test
This commit is contained in:
Caleb Doxsey 2022-01-25 08:48:40 -07:00 committed by GitHub
parent 8e8c9c2f16
commit ace5bbb89a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 66 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

39
config/policy_test.go
View file

@ -6,10 +6,12 @@ import (
"testing"
envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
"github.com/golang/protobuf/proto"
"github.com/google/go-cmp/cmp"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"google.golang.org/protobuf/proto"
"github.com/pomerium/pomerium/internal/urlutil"
)
func Test_PolicyValidate(t *testing.T) {
@ -233,3 +235,38 @@ func TestPolicy_FromToPb(t *testing.T) {
assert.Equal(t, p.Redirect.HTTPSRedirect, policyFromProto.Redirect.HTTPSRedirect)
})
}
func TestPolicy_Matches(t *testing.T) {
t.Run("full", func(t *testing.T) {
p := &Policy{
From: "https://www.example.com",
To: mustParseWeightedURLs(t, "https://localhost"),
Regex: `/foo`,
}
assert.NoError(t, p.Validate())
assert.False(t, p.Matches(urlutil.MustParseAndValidateURL(`https://www.example.com/foo/bar`)),
"regex should only match full string")
})
t.Run("issue2952", func(t *testing.T) {
p := &Policy{
From: "https://www.example.com",
To: mustParseWeightedURLs(t, "https://localhost"),
Regex: `^\/foo\/bar\/[0-9a-f]\/{0,1}$`,
}
assert.NoError(t, p.Validate())
assert.True(t, p.Matches(urlutil.MustParseAndValidateURL(`https://www.example.com/foo/bar/0`)))
})
t.Run("issue2592-test2", func(t *testing.T) {
p := &Policy{
From: "https://www.example.com",
To: mustParseWeightedURLs(t, "https://localhost"),
Regex: `/admin/.*`,
}
assert.NoError(t, p.Validate())
assert.True(t, p.Matches(urlutil.MustParseAndValidateURL(`https://www.example.com/admin/foo`)))
assert.True(t, p.Matches(urlutil.MustParseAndValidateURL(`https://www.example.com/admin/bar`)))
})
}