KNOX-1392 - Default whitelist must handle cases when IP address is presented as the host namewq
Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/95ac193e Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/95ac193e Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/95ac193e Branch: refs/heads/master Commit: 95ac193ed536bb0db0fc09c17d93c66b765b668b Parents: 4fdefcb Author: Phil Zampino <[email protected]> Authored: Thu Jul 19 20:15:08 2018 -0400 Committer: Phil Zampino <[email protected]> Committed: Fri Jul 20 00:28:17 2018 -0400 ---------------------------------------------------------------------- .../org/apache/knox/gateway/util/WhitelistUtils.java | 15 +++++++++------ .../apache/knox/gateway/util/WhitelistUtilsTest.java | 10 ++++++++++ 2 files changed, 19 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/95ac193e/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java b/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java index 4f7d34f..4828090 100644 --- a/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java +++ b/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java @@ -37,6 +37,8 @@ public class WhitelistUtils { static final String DEFAULT_DISPATCH_WHITELIST_TEMPLATE = "^/.*$;^https?://%s:[0-9]+/?.*$"; + private static final String IP_ADDRESS_REGEX = "^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$"; + private static final SpiGatewayMessages LOG = MessagesFactory.get(SpiGatewayMessages.class); private static final List<String> DEFAULT_SERVICE_ROLES = Arrays.asList("KNOXSSO"); @@ -99,12 +101,13 @@ public class WhitelistUtils { private static String deriveDomainBasedWhitelist(String hostname) { String whitelist = null; - int domainIndex = hostname.indexOf('.'); - if (domainIndex > 0) { - String domain = hostname.substring(hostname.indexOf('.')); - String domainPattern = ".+" + domain.replaceAll("\\.", "\\\\."); - whitelist = - String.format(DEFAULT_DISPATCH_WHITELIST_TEMPLATE, "(" + domainPattern + ")"); + if (!hostname.matches(IP_ADDRESS_REGEX)) { + int domainIndex = hostname.indexOf('.'); + if (domainIndex > 0) { + String domain = hostname.substring(hostname.indexOf('.')); + String domainPattern = ".+" + domain.replaceAll("\\.", "\\\\."); + whitelist = String.format(DEFAULT_DISPATCH_WHITELIST_TEMPLATE, "(" + domainPattern + ")"); + } } return whitelist; } http://git-wip-us.apache.org/repos/asf/knox/blob/95ac193e/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java b/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java index ddf62f2..f052c48 100644 --- a/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java +++ b/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java @@ -135,6 +135,16 @@ public class WhitelistUtilsTest { } @Test + public void testLocalhostAddressAsHostName() throws Exception { + final String serviceRole = "TEST"; + // InetAddress#getCanonicalHostName() sometimes returns the IP address as the host name + String whitelist = doTestGetDispatchWhitelist(createMockGatewayConfig(Collections.singletonList(serviceRole), null), + "192.168.1.100", + serviceRole); + assertNull(whitelist); + } + + @Test public void testExplicitlyConfiguredDefaultWhitelist() throws Exception { final String serviceRole = "TEST"; final String WHITELIST = "DEFAULT";
