We use cookies to ensure you get the best experience on our website
Home Esplora Aiuto
Registrati Accedi
0ct0pu5
/
anubis
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

fix(expression): add validation for empty expression list in CEL (#545)

* fix(expression): add validation for empty ExpressionOrList

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* fix(imports): block empty file imports with improved error checking logic

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* docs(expression): improve validation to error on empty CEL expressions

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

---------

Signed-off-by: Jason Cameron <git@jasoncameron.dev>
Jason Cameron 1 mese fa
parent
51f875ff6f
commit
93e2447ba2
4 ha cambiato i file con 12 aggiunte e 1 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 1 0
      docs/docs/CHANGELOG.md
  2. 1 1
      lib/policy/config/config.go
  3. 3 0
      lib/policy/config/expressionorlist.go
  4. 7 0
      lib/policy/config/expressionorlist_test.go

+ 1 - 0
docs/docs/CHANGELOG.md
Vedi File 

@@ -29,6 +29,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Added Qualys SSL Labs whitelist policy
 
 - Fixed cookie deletion logic ([#520](https://github.com/TecharoHQ/anubis/issues/520), [#522](https://github.com/TecharoHQ/anubis/pull/522))
 
 - Add `--target-sni` flag/envvar to allow changing the value of the TLS handshake hostname in requests forwarded to the target service.
 
+- Fixed CEL expression matching validator to now properly error out when it receives empty expressions 
 
 ## v1.18.0: Varis zos Galvus

+ 1 - 1
lib/policy/config/config.go
Vedi File 

@@ -224,7 +224,7 @@ func (is *ImportStatement) open() (fs.File, error) {
 
 func (is *ImportStatement) load() error {
 
 	fin, err := is.open()
 
 	if err != nil {
 
-		return fmt.Errorf("can't open %s: %w", is.Import, err)
 
+		return fmt.Errorf("%w: %s: %w", ErrInvalidImportStatement, is.Import, err)
 
 	}
 
 	defer fin.Close()

+ 3 - 0
lib/policy/config/expressionorlist.go
Vedi File 

@@ -54,6 +54,9 @@ func (eol *ExpressionOrList) UnmarshalJSON(data []byte) error {
 
 }
 
 
 func (eol *ExpressionOrList) Valid() error {
 
+	if eol.Expression == "" && len(eol.All) == 0 && len(eol.Any) == 0 {
 
+		return ErrExpressionEmpty
 
+	}
 
 	if len(eol.All) != 0 && len(eol.Any) != 0 {
 
 		return ErrExpressionCantHaveBoth
 
 	}

+ 7 - 0
lib/policy/config/expressionorlist_test.go
Vedi File 

@@ -51,6 +51,13 @@ func TestExpressionOrListUnmarshal(t *testing.T) {
 
 			}`,
 
 			validErr: ErrExpressionCantHaveBoth,
 
 		},
 
+		{
 
+			name: "expression-empty",
 
+			inp: `{
 
+			"any": []
 
+			}`,
 
+			validErr: ErrExpressionEmpty,
 
+		},
 
 	} {
 
 		t.Run(tt.name, func(t *testing.T) {
 
 			var eol ExpressionOrList

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5