From 77586dd83b52abd31678c419ed291f577446add1 Mon Sep 17 00:00:00 2001 From: Manuel Alejandro de Brito Fontes Date: Tue, 11 Feb 2020 10:30:14 -0300 Subject: [PATCH] Validation of header in authreq should be done only in the key (#5053) --- internal/ingress/annotations/authreq/main.go | 4 ++-- internal/ingress/annotations/authreq/main_test.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/ingress/annotations/authreq/main.go b/internal/ingress/annotations/authreq/main.go index 12d232b27..48f3a81e9 100644 --- a/internal/ingress/annotations/authreq/main.go +++ b/internal/ingress/annotations/authreq/main.go @@ -218,8 +218,8 @@ func (a authReq) Parse(ing *networking.Ingress) (interface{}, error) { return nil, ing_errors.NewLocationDenied(fmt.Sprintf("unable to find configMap %q", proxySetHeaderMap)) } - for header, value := range proxySetHeadersMapContents.Data { - if !ValidHeader(header) || !ValidHeader(value) { + for header := range proxySetHeadersMapContents.Data { + if !ValidHeader(header) { return nil, ing_errors.NewLocationDenied("invalid proxy-set-headers in configmap") } } diff --git a/internal/ingress/annotations/authreq/main_test.go b/internal/ingress/annotations/authreq/main_test.go index c57344e19..914b6882a 100644 --- a/internal/ingress/annotations/authreq/main_test.go +++ b/internal/ingress/annotations/authreq/main_test.go @@ -276,8 +276,8 @@ func TestProxySetHeaders(t *testing.T) { }{ {"single header", "http://goog.url", map[string]string{"header": "h1"}, false}, {"no header map", "http://goog.url", nil, true}, - {"header with spaces", "http://goog.url", map[string]string{"header": "bad value"}, true}, - {"header with other bad symbols", "http://goog.url", map[string]string{"header": "bad+value"}, true}, + {"header with spaces", "http://goog.url", map[string]string{"header": "bad value"}, false}, + {"header with other bad symbols", "http://goog.url", map[string]string{"header": "bad+value"}, false}, } for _, test := range tests {