Merge pull request #1236 from diazjf/client-buffer-body-validation

Add Validation for Client Body Buffer Size
2017-08-24 06:37:54 -04:00 · 2017-08-24 06:37:54 -04:00 · 02e20eb81a
commit 02e20eb81a
parent 338df027e8 86357332e3
3 changed files with 78 additions and 3 deletions
--- a/controllers/nginx/pkg/template/template.go
+++ b/controllers/nginx/pkg/template/template.go
@ -25,6 +25,7 @@ import (
 	"net/url"
 	"os"
 	"os/exec"
+	"strconv"
 	"strings"
 	text_template "text/template"

@ -152,7 +153,8 @@ var (
 		"serverConfig": func(all config.TemplateConfig, server *ingress.Server) interface{} {
 			return struct{ First, Second interface{} }{all, server}
 		},
-		"buildAuthSignURL": buildAuthSignURL,
+		"buildAuthSignURL":            buildAuthSignURL,
+		"isValidClientBodyBufferSize": isValidClientBodyBufferSize,
 	}
 )

@ -552,3 +554,37 @@ func buildRandomUUID() string {
 	s := uuid.New()
 	return strings.Replace(s, "-", "", -1)
 }
+
+func isValidClientBodyBufferSize(input interface{}) bool {
+	s, ok := input.(string)
+	if !ok {
+		glog.Errorf("expected an string type but %T was returned", input)
+		return false
+	}
+
+	if s == "" {
+		return false
+	}
+
+	_, err := strconv.Atoi(s)
+	if err != nil {
+		sLowercase := strings.ToLower(s)
+
+		kCheck := strings.TrimSuffix(sLowercase, "k")
+		_, err := strconv.Atoi(kCheck)
+		if err == nil {
+			return true
+		}
+
+		mCheck := strings.TrimSuffix(sLowercase, "m")
+		_, err = strconv.Atoi(mCheck)
+		if err == nil {
+			return true
+		}
+
+		glog.Errorf("client-body-buffer-size '%v' was provided in an incorrect format, hence it will not be set.", s)
+		return false
+	}
+
+	return true
+}
--- a/controllers/nginx/pkg/template/template_test.go
+++ b/controllers/nginx/pkg/template/template_test.go
@ -232,3 +232,42 @@ func TestBuildDenyVariable(t *testing.T) {
 		t.Errorf("Expected '%v' but returned '%v'", a, b)
 	}
 }
+
+func TestBuildClientBodyBufferSize(t *testing.T) {
+	a := isValidClientBodyBufferSize("1000")
+	if a != true {
+		t.Errorf("Expected '%v' but returned '%v'", true, a)
+	}
+	b := isValidClientBodyBufferSize("1000k")
+	if b != true {
+		t.Errorf("Expected '%v' but returned '%v'", true, b)
+	}
+	c := isValidClientBodyBufferSize("1000m")
+	if c != true {
+		t.Errorf("Expected '%v' but returned '%v'", true, c)
+	}
+	d := isValidClientBodyBufferSize("1000km")
+	if d != false {
+		t.Errorf("Expected '%v' but returned '%v'", false, d)
+	}
+	e := isValidClientBodyBufferSize("1000mk")
+	if e != false {
+		t.Errorf("Expected '%v' but returned '%v'", false, e)
+	}
+	f := isValidClientBodyBufferSize("1000kk")
+	if f != false {
+		t.Errorf("Expected '%v' but returned '%v'", false, f)
+	}
+	g := isValidClientBodyBufferSize("1000mm")
+	if g != false {
+		t.Errorf("Expected '%v' but returned '%v'", false, g)
+	}
+	h := isValidClientBodyBufferSize(nil)
+	if h != false {
+		t.Errorf("Expected '%v' but returned '%v'", false, h)
+	}
+	i := isValidClientBodyBufferSize("")
+	if i != false {
+		t.Errorf("Expected '%v' but returned '%v'", false, i)
+	}
+}
--- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
+++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
@ -571,7 +571,7 @@ stream {
        proxy_ssl_server_name       on;

        client_max_body_size        "{{ $location.Proxy.BodySize }}";
-        {{ if $location.ClientBodyBufferSize }}
+        {{ if isValidClientBodyBufferSize $location.ClientBodyBufferSize }}
        client_body_buffer_size     {{ $location.ClientBodyBufferSize }};
        {{ end }}

@ -640,7 +640,7 @@ stream {
        {{ end }}

        client_max_body_size                    "{{ $location.Proxy.BodySize }}";
-        {{ if $location.ClientBodyBufferSize }}
+        {{ if isValidClientBodyBufferSize $location.ClientBodyBufferSize }}
        client_body_buffer_size                 {{ $location.ClientBodyBufferSize }};
        {{ end }}