Fixed issue where referrer domains were not validated
Also related to this fixed the fastly driver to ensure tests pass there. Change-Id: Icdb296ca74b01faf041e16cd6da65775262ee1ad
This commit is contained in:
parent
ccc58cfd78
commit
d8dc318495
|
@ -68,7 +68,8 @@ class ServiceController(base.ServiceBase):
|
||||||
referrer_restriction_list = [rule.referrer
|
referrer_restriction_list = [rule.referrer
|
||||||
for restriction in
|
for restriction in
|
||||||
service_obj.restrictions
|
service_obj.restrictions
|
||||||
for rule in restriction.rules]
|
for rule in restriction.rules
|
||||||
|
if hasattr(rule, 'referrer')]
|
||||||
|
|
||||||
# if there is a referrer_restricted host/domains at all in
|
# if there is a referrer_restricted host/domains at all in
|
||||||
# this list. It is equivalent of 'if the list is not empty' and
|
# this list. It is equivalent of 'if the list is not empty' and
|
||||||
|
|
|
@ -407,6 +407,15 @@ def is_valid_service_configuration(service, schema):
|
||||||
request_url
|
request_url
|
||||||
))
|
))
|
||||||
|
|
||||||
|
# referrer domains must be valid
|
||||||
|
for rule in restriction['rules']:
|
||||||
|
if rule.get("referrer"):
|
||||||
|
referrer = rule.get("referrer")
|
||||||
|
if not is_valid_domain_name(referrer):
|
||||||
|
raise exceptions.ValidationFailed(
|
||||||
|
u'Referrer {0} is not a valid domain'
|
||||||
|
.format(referrer))
|
||||||
|
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
DAEMONIZED=false
|
DAEMONIZED=false
|
||||||
WORKERS = 6
|
WORKERS=6
|
||||||
|
|
||||||
for i in "$@"
|
for i in "$@"
|
||||||
do
|
do
|
||||||
|
|
|
@ -393,6 +393,62 @@
|
||||||
"referrer": "www.mywebsite.com"}]}
|
"referrer": "www.mywebsite.com"}]}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"referrer_invalid_domain_with_http": {
|
||||||
|
"service_name": "referrer_invalid_domain",
|
||||||
|
"domain_list": [{"domain": "www.mywebsite.com",
|
||||||
|
"protocol": "http"},
|
||||||
|
{"domain": "www.test.website.com", "protocol": "http"}],
|
||||||
|
"origin_list": [{"origin": "mywebsite1.com",
|
||||||
|
"port": 80,
|
||||||
|
"ssl": false}],
|
||||||
|
"caching_list": [{"name": "default", "ttl": 3600},
|
||||||
|
{"name": "home",
|
||||||
|
"ttl": 1200,
|
||||||
|
"rules": [{"name" : "index",
|
||||||
|
"request_url" : "/index.htm"}]}],
|
||||||
|
"restrictions_list": [
|
||||||
|
{
|
||||||
|
"name": "invalid domain",
|
||||||
|
"access": "whitelist",
|
||||||
|
"rules":
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name": "only me",
|
||||||
|
"referrer": "http://www.mywebsite.com",
|
||||||
|
"request_url": "/*"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"referrer_invalid_domain_with_bad_format": {
|
||||||
|
"service_name": "referrer_invalid_domain",
|
||||||
|
"domain_list": [{"domain": "www.mywebsite.com",
|
||||||
|
"protocol": "http"},
|
||||||
|
{"domain": "www.test.website.com", "protocol": "http"}],
|
||||||
|
"origin_list": [{"origin": "mywebsite1.com",
|
||||||
|
"port": 80,
|
||||||
|
"ssl": false}],
|
||||||
|
"caching_list": [{"name": "default", "ttl": 3600},
|
||||||
|
{"name": "home",
|
||||||
|
"ttl": 1200,
|
||||||
|
"rules": [{"name" : "index",
|
||||||
|
"request_url" : "/index.htm"}]}],
|
||||||
|
"restrictions_list": [
|
||||||
|
{
|
||||||
|
"name": "invalid domain",
|
||||||
|
"access": "whitelist",
|
||||||
|
"rules":
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name": "only me",
|
||||||
|
"referrer": "www.-mywebsite.com",
|
||||||
|
"request_url": "/*"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
"http_domain_with_certificate": {
|
"http_domain_with_certificate": {
|
||||||
"service_name": "my_service_name",
|
"service_name": "my_service_name",
|
||||||
"domain_list": [{"domain": "www.mywebsite.com",
|
"domain_list": [{"domain": "www.mywebsite.com",
|
||||||
|
@ -728,7 +784,7 @@
|
||||||
"request_url" : "/index.htm"}]}],
|
"request_url" : "/index.htm"}]}],
|
||||||
"restrictions_list": []
|
"restrictions_list": []
|
||||||
},
|
},
|
||||||
"invalid_domain_name_with_hyphen_at_benginning": {
|
"invalid_domain_name_with_hyphen_at_beginning": {
|
||||||
"service_name": "invalid_domain_name_with_hyphen",
|
"service_name": "invalid_domain_name_with_hyphen",
|
||||||
"domain_list": [{"domain": "abcd.-mywebsite.com"}],
|
"domain_list": [{"domain": "abcd.-mywebsite.com"}],
|
||||||
"origin_list": [{"origin": "myorigin.com",
|
"origin_list": [{"origin": "myorigin.com",
|
||||||
|
|
Loading…
Reference in New Issue