bzp2010 commented on code in PR #11403:
URL: https://github.com/apache/apisix/pull/11403#discussion_r1678157416
##########
apisix/plugins/elasticsearch-logger.lua:
##########
@@ -124,6 +124,8 @@ function _M.check_schema(conf, schema_type)
if schema_type == core.schema.TYPE_METADATA then
return core.schema.check(metadata_schema, conf)
end
+ local check = {"endpoint_addrs"}
Review Comment:
Also check `ssl_verify`.
##########
apisix/plugins/forward-auth.lua:
##########
@@ -78,6 +78,8 @@ local _M = {
function _M.check_schema(conf)
+ local check = {"uri"}
Review Comment:
The `ssl_verify` should also be checked, TLS without server certificate
validation is meaningless.
##########
apisix/plugins/cas-auth.lua:
##########
@@ -49,6 +49,8 @@ local _M = {
}
function _M.check_schema(conf)
+ local check = {"idp_uri"}
Review Comment:
Should `cas_callback_uri` and `logout_uri` be listed as checks? Similar
fields in `authz-casdoor` and `authz-keycloak` are listed as checks.
##########
apisix/plugins/clickhouse-logger.lua:
##########
@@ -89,6 +89,8 @@ function _M.check_schema(conf, schema_type)
if schema_type == core.schema.TYPE_METADATA then
return core.schema.check(metadata_schema, conf)
end
+ local check = {"endpoint_addrs"}
Review Comment:
Also check `ssl_verify`.
##########
apisix/plugins/authz-keycloak.lua:
##########
@@ -114,6 +114,9 @@ local _M = {
function _M.check_schema(conf)
+ local check = {"discovery", "token_endpoint",
"resource_registration_endpoint",
Review Comment:
Also check `ssl_verify`.
##########
apisix/plugins/ldap-auth.lua:
##########
@@ -59,6 +59,9 @@ function _M.check_schema(conf, schema_type)
if schema_type == core.schema.TYPE_CONSUMER then
ok, err = core.schema.check(consumer_schema, conf)
else
+ if not conf.use_tls then
Review Comment:
Also check `tls_verify`.
##########
apisix/plugins/loki-logger.lua:
##########
@@ -125,6 +125,8 @@ function _M.check_schema(conf, schema_type)
return core.schema.check(metadata_schema, conf)
end
+ local check = {"endpoint_addrs"}
Review Comment:
Also check `ssl_verify`.
##########
apisix/plugins/openwhisk.lua:
##########
@@ -63,6 +63,9 @@ local _M = {
function _M.check_schema(conf)
+ local check = {"api_host"}
Review Comment:
Also check `ssl_verify`.
##########
apisix/plugins/loki-logger.lua:
##########
@@ -125,6 +125,8 @@ function _M.check_schema(conf, schema_type)
return core.schema.check(metadata_schema, conf)
end
+ local check = {"endpoint_addrs"}
Review Comment:
Also check `ssl_verify`.
##########
apisix/plugins/opa.lua:
##########
@@ -65,6 +65,8 @@ local _M = {
function _M.check_schema(conf)
+ local check = {"host"}
Review Comment:
Also check `ssl_verify`.
##########
t/plugin/authz-casdoor.t:
##########
@@ -105,10 +105,43 @@ __DATA__
}
--- response_body
done
+--- error_log
Review Comment:
Should tests about these warnings use a sperate test file instead of putting
them in each plugin's own tests.
i.e. create a new test file that specifically tests for security risk
warnings.
##########
apisix/plugins/http-logger.lua:
##########
@@ -82,6 +82,8 @@ function _M.check_schema(conf, schema_type)
return core.schema.check(metadata_schema, conf)
end
+ local check = {"uri"}
Review Comment:
Also check `ssl_verify`.
##########
apisix/plugins/openid-connect.lua:
##########
@@ -305,6 +305,10 @@ function _M.check_schema(conf)
}
end
+ local check = {"discovery", "introspection_endpoint", "redirect_uri",
+ "post_logout_redirect_uri", "proxy_opts.http_proxy"}
Review Comment:
Also check `ssl_verify` and `proxy_opts.https_proxy`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
