From d979ab1c76648502fa15a84b864202eb3786ef88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20R=C3=B6hrich?= Date: Thu, 23 Nov 2023 10:16:11 +0100 Subject: [PATCH 1/2] fix: ui path validation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix validation of the UI application path. Signed-off-by: Moritz Röhrich --- Makefile | 3 +-- src/backend/config.py | 2 +- src/backend/tests/unit/test_config.py | 5 +++++ 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index a83af73a..bb1bcf33 100644 --- a/Makefile +++ b/Makefile @@ -10,6 +10,7 @@ # limitations under the License. .PHONY: check-ui-backend-env +.DEFAULT_GOAL:=image-build-ui ######################################################################## # Testing cluster @@ -103,5 +104,3 @@ check-ui-backend-env: ifndef S3GW_SERVICE_URL $(error S3GW_SERVICE_URL must be set.) endif - - diff --git a/src/backend/config.py b/src/backend/config.py index 334253fe..eed3e4b0 100644 --- a/src/backend/config.py +++ b/src/backend/config.py @@ -120,7 +120,7 @@ def get_ui_path() -> str: def post_process(key: str, value: str | None) -> str: if value is None or value == "/": return "/" - match = re.fullmatch(r"/?[\w./-]+(?:[\w]+)/?", value) + match = re.fullmatch(r"[\w/-]+[\w/]+", value) if match is None: logger.error( f"The value of the environment variable {key} is malformed: {value}" # noqa: E501 diff --git a/src/backend/tests/unit/test_config.py b/src/backend/tests/unit/test_config.py index 451feb55..f55c5d14 100644 --- a/src/backend/tests/unit/test_config.py +++ b/src/backend/tests/unit/test_config.py @@ -131,6 +131,11 @@ def test_good_ui_path_3() -> None: assert "/foo-bar/baz/" == get_ui_path() +def test_good_ui_path_4() -> None: + os.environ["S3GW_UI_PATH"] = "/foo-bar/foo-bar/" + assert "/foo-bar/foo-bar/" == get_ui_path() + + def test_no_ui_path() -> None: os.environ.pop("S3GW_UI_PATH") try: From 2217c950e717b7b81714fdcff93fd4ecb3786b89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20R=C3=B6hrich?= Date: Thu, 23 Nov 2023 12:03:26 +0100 Subject: [PATCH 2/2] config: disable UI path validation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Disable UI path validation completely. Signed-off-by: Moritz Röhrich --- src/backend/config.py | 3 ++- src/backend/tests/unit/test_config.py | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/backend/config.py b/src/backend/config.py index eed3e4b0..1e164fa6 100644 --- a/src/backend/config.py +++ b/src/backend/config.py @@ -120,7 +120,8 @@ def get_ui_path() -> str: def post_process(key: str, value: str | None) -> str: if value is None or value == "/": return "/" - match = re.fullmatch(r"[\w/-]+[\w/]+", value) + # TODO: The path should be validated here + match = re.fullmatch(r".*", value) if match is None: logger.error( f"The value of the environment variable {key} is malformed: {value}" # noqa: E501 diff --git a/src/backend/tests/unit/test_config.py b/src/backend/tests/unit/test_config.py index f55c5d14..9654c153 100644 --- a/src/backend/tests/unit/test_config.py +++ b/src/backend/tests/unit/test_config.py @@ -95,6 +95,7 @@ def test_s3gw_endpoint() -> None: assert config.s3gw_addr == addr +@pytest.mark.skip(reason="UI paths are currently not validated") def test_malformed_ui_path() -> None: bad_paths = [ "", @@ -110,6 +111,7 @@ def test_malformed_ui_path() -> None: ) +@pytest.mark.skip(reason="UI paths are currently not validated") def test_malformed_ui_path_2() -> None: os.environ["S3GW_UI_PATH"] = "/foo-bar/baz?aaa" with pytest.raises(EnvironMalformedError):