This is an automated email from the ASF dual-hosted git repository.
amagyar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 693455fc9 KNOX-2827 - isDispatchAllowed should cut off path segments
from the URL (#650)
693455fc9 is described below
commit 693455fc9ba6da6f7a01cb9cca90d2005634d586
Author: Attila Magyar <[email protected]>
AuthorDate: Wed Oct 26 14:28:12 2022 +0200
KNOX-2827 - isDispatchAllowed should cut off path segments from the URL
(#650)
---
.../apache/knox/gateway/dispatch/GatewayDispatchFilter.java | 13 +++++++++++--
.../knox/gateway/dispatch/GatewayDispatchFilterTest.java | 9 +++++++++
2 files changed, 20 insertions(+), 2 deletions(-)
diff --git
a/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/GatewayDispatchFilter.java
b/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/GatewayDispatchFilter.java
index 044c32cfa..f54c63902 100644
---
a/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/GatewayDispatchFilter.java
+++
b/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/GatewayDispatchFilter.java
@@ -33,7 +33,9 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
+import java.net.MalformedURLException;
import java.net.URISyntaxException;
+import java.net.URL;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
@@ -145,14 +147,21 @@ public class GatewayDispatchFilter extends
AbstractGatewayFilter {
if (whitelist != null) {
String requestURI = request.getRequestURI();
- String decodedURL = null;
+ String decodedURL = requestURI;
try {
decodedURL = URLDecoder.decode(requestURI,
StandardCharsets.UTF_8.name());
} catch (UnsupportedEncodingException e) {
//
}
+ String baseUrl;
+ try {
+ URL url = new URL(decodedURL);
+ baseUrl = new URL(url.getProtocol(), url.getHost(), url.getPort(),
"").toString();
+ } catch (MalformedURLException e) {
+ throw new RuntimeException(e);
+ }
- isAllowed = RegExUtils.checkWhitelist(whitelist, (decodedURL != null ?
decodedURL : requestURI));
+ isAllowed = RegExUtils.checkWhitelist(whitelist, baseUrl);
if (!isAllowed) {
LOG.dispatchDisallowed(requestURI);
diff --git
a/gateway-spi/src/test/java/org/apache/knox/gateway/dispatch/GatewayDispatchFilterTest.java
b/gateway-spi/src/test/java/org/apache/knox/gateway/dispatch/GatewayDispatchFilterTest.java
index 8fc518374..ea1b7ce4a 100644
---
a/gateway-spi/src/test/java/org/apache/knox/gateway/dispatch/GatewayDispatchFilterTest.java
+++
b/gateway-spi/src/test/java/org/apache/knox/gateway/dispatch/GatewayDispatchFilterTest.java
@@ -229,6 +229,15 @@ public class GatewayDispatchFilterTest {
true);
}
+ @Test
+ public void testIgnorePathSegmentsAndQueryParams() throws Exception {
+ final String serviceRole = "TESTROLE";
+ doTestServiceDispatchWhitelist(Collections.singletonList(serviceRole),
+ "^https://localhost:[0-9]+/?$";,
+ serviceRole,
+ "https://localhost:1234/any/path?any=query";,
+ true);
+ }
private void doTestServiceDispatchWhitelist(List<String> whitelistedServices,
String whitelist,
