DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add regex for header value

Browse source
This commit is contained in:
Christian Groschupp 2023-06-14 10:18:20 +02:00
parent 3673b3668b
commit 6836b7103d
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
internal/ingress/annotations/customheaders/main.go
View file

@ -37,7 +37,7 @@ type Config struct {
var ( var (
headerRegexp = regexp.MustCompile(`^[a-zA-Z\d\-_]+$`) headerRegexp = regexp.MustCompile(`^[a-zA-Z\d\-_]+$`)
valueRegexp = regexp.MustCompile(`^[a-zA-Z\d\_ :;.,\/"'?!(){}[]@<>=-\+\*#$&<|~^%]+$`) valueRegexp = regexp.MustCompile(`^[a-zA-Z\d_ :;.,\\/"'?!(){}\[\]@<>=\-+*#$&\x60|~^%]+$`)
) )
// ValidHeader checks is the provided string satisfies the header's name regex // ValidHeader checks is the provided string satisfies the header's name regex
@ -78,10 +78,10 @@ func (a customHeaders) Parse(ing *networking.Ingress) (interface{}, error) {
for header, value := range clientHeadersMapContents.Data { for header, value := range clientHeadersMapContents.Data {
if !ValidHeader(header) { if !ValidHeader(header) {
return nil, ing_errors.NewLocationDenied("invalid client-headers in configmap") return nil, ing_errors.NewLocationDenied("invalid header name in configmap")
} }
if !ValidValue(value) { if !ValidValue(value) {
return nil, ing_errors.NewLocationDenied("invalid client-headers in configmap") return nil, ing_errors.NewLocationDenied("invalid header value in configmap")
} }
if !slices.Contains(defBackend.AllowedResponseHeaders, header) { if !slices.Contains(defBackend.AllowedResponseHeaders, header) {
return nil, ing_errors.NewLocationDenied(fmt.Sprintf("header %s is not allowed, defined allowed headers inside global-allowed-response-headers %v", header, defBackend.AllowedResponseHeaders)) return nil, ing_errors.NewLocationDenied(fmt.Sprintf("header %s is not allowed, defined allowed headers inside global-allowed-response-headers %v", header, defBackend.AllowedResponseHeaders))