[apisix] branch master updated: feat: strictly validate the input of core resources (#10233)

monkeydluffy Wed, 20 Sep 2023 07:03:58 -0700

This is an automated email from the ASF dual-hosted git repository.

monkeydluffy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git



The following commit(s) were added to refs/heads/master by this push:
     new a98f1ca7a feat: strictly validate the input of core resources (#10233)
a98f1ca7a is described below

commit a98f1ca7a4b368a5270c5cae2a2a526f21ba409a
Author: Sn0rt <[email protected]>
AuthorDate: Wed Sep 20 14:28:41 2023 +0800

    feat: strictly validate the input of core resources (#10233)
---
 apisix/schema_def.lua          | 19 ++++++++++++++++---
 t/admin/upstream-array-nodes.t |  7 ++++---
 t/admin/upstream.t             |  7 ++++---
 t/wasm/global-rule.t           |  7 -------
 4 files changed, 24 insertions(+), 16 deletions(-)

diff --git a/apisix/schema_def.lua b/apisix/schema_def.lua
index 01e0649e0..cec1c53b3 100644
--- a/apisix/schema_def.lua
+++ b/apisix/schema_def.lua
@@ -283,6 +283,7 @@ local health_checker = {
         {required = {"active"}},
         {required = {"active", "passive"}},
     },
+    additionalProperties = false,
 }
 
 
@@ -501,7 +502,8 @@ local upstream_schema = {
     oneOf = {
         {required = {"nodes"}},
         {required = {"service_name", "discovery_type"}},
-    }
+    },
+    additionalProperties = false
 }
 
 -- TODO: add more nginx variable support
@@ -662,6 +664,7 @@ _M.route = {
             {required = {"script", "plugin_config_id"}},
         }
     },
+    additionalProperties = false,
 }
 
 
@@ -689,6 +692,7 @@ _M.service = {
             uniqueItems = true,
         },
     },
+    additionalProperties = false,
 }
 
 
@@ -707,6 +711,7 @@ _M.consumer = {
         desc = desc_def,
     },
     required = {"username"},
+    additionalProperties = false,
 }
 
 
@@ -817,7 +822,8 @@ _M.ssl = {
             {required = {"snis", "key", "cert"}}
         }
     },
-    ["else"] = {required = {"key", "cert"}}
+    ["else"] = {required = {"key", "cert"}},
+    additionalProperties = false,
 }
 
 
@@ -834,6 +840,7 @@ _M.proto = {
         }
     },
     required = {"content"},
+    additionalProperties = false,
 }
 
 
@@ -846,6 +853,7 @@ _M.global_rule = {
         update_time = timestamp_def
     },
     required = {"id", "plugins"},
+    additionalProperties = false,
 }
 
 
@@ -879,6 +887,7 @@ local xrpc_protocol_schema = {
                 dependencies = {
                     name = {"conf"},
                 },
+                additionalProperties = false,
             },
         },
 
@@ -913,7 +922,8 @@ _M.stream_route = {
         upstream_id = id_schema,
         plugins = plugins_schema,
         protocol = xrpc_protocol_schema,
-    }
+    },
+    additionalProperties = false,
 }
 
 
@@ -929,6 +939,7 @@ _M.plugins = {
             stream = {
                 type = "boolean"
             },
+            additionalProperties = false,
         },
         required = {"name"}
     }
@@ -946,6 +957,7 @@ _M.plugin_config = {
         update_time = timestamp_def
     },
     required = {"id", "plugins"},
+    additionalProperties = false,
 }
 
 
@@ -960,6 +972,7 @@ _M.consumer_group = {
         update_time = timestamp_def
     },
     required = {"id", "plugins"},
+    additionalProperties = false,
 }
 
 
diff --git a/t/admin/upstream-array-nodes.t b/t/admin/upstream-array-nodes.t
index 70c7a8ede..b02a75979 100644
--- a/t/admin/upstream-array-nodes.t
+++ b/t/admin/upstream-array-nodes.t
@@ -251,7 +251,7 @@ no valid upstream node
 
 
 
-=== TEST 9: additional properties is valid
+=== TEST 9: additional properties is invalid
 --- config
     location /t {
         content_by_lua_block {
@@ -277,8 +277,9 @@ no valid upstream node
     }
 --- request
 GET /t
---- response_body
-passed
+--- error_code: 400
+--- response_body eval
+qr/\{"error_msg":"invalid configuration: additional properties forbidden, 
found .*"\}/
 
 
 
diff --git a/t/admin/upstream.t b/t/admin/upstream.t
index 7725e32b6..b92a2f403 100644
--- a/t/admin/upstream.t
+++ b/t/admin/upstream.t
@@ -330,7 +330,7 @@ GET /t
 
 
 
-=== TEST 11: additional properties is valid
+=== TEST 11: additional properties is invalid
 --- config
     location /t {
         content_by_lua_block {
@@ -354,8 +354,9 @@ GET /t
     }
 --- request
 GET /t
---- response_body
-passed
+--- error_code: 400
+--- response_body eval
+qr/\{"error_msg":"invalid configuration: additional properties forbidden, 
found .*"\}/
 
 
 
diff --git a/t/wasm/global-rule.t b/t/wasm/global-rule.t
index 05f34e3f5..f9fd322e3 100644
--- a/t/wasm/global-rule.t
+++ b/t/wasm/global-rule.t
@@ -57,13 +57,6 @@ __DATA__
             local code, body = t('/apisix/admin/global_rules/1',
                 ngx.HTTP_PUT,
                 [[{
-                    "uri": "/hello",
-                    "upstream": {
-                        "type": "roundrobin",
-                        "nodes": {
-                            "127.0.0.1:1980": 1
-                        }
-                    },
                     "plugins": {
                         "wasm_log": {
                             "conf": "blahblah"

[apisix] branch master updated: feat: strictly validate the input of core resources (#10233)

Reply via email to