knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pzamp...@apache.org
Subject [2/2] knox git commit: KNOX-1392 - Default whitelist must handle cases when IP address is presented as the host namewq
Date Fri, 20 Jul 2018 04:28:36 GMT
KNOX-1392 - Default whitelist must handle cases when IP address is presented as the host namewq


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/95ac193e
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/95ac193e
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/95ac193e

Branch: refs/heads/master
Commit: 95ac193ed536bb0db0fc09c17d93c66b765b668b
Parents: 4fdefcb
Author: Phil Zampino <pzampino@apache.org>
Authored: Thu Jul 19 20:15:08 2018 -0400
Committer: Phil Zampino <pzampino@apache.org>
Committed: Fri Jul 20 00:28:17 2018 -0400

----------------------------------------------------------------------
 .../org/apache/knox/gateway/util/WhitelistUtils.java | 15 +++++++++------
 .../apache/knox/gateway/util/WhitelistUtilsTest.java | 10 ++++++++++
 2 files changed, 19 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/95ac193e/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java b/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java
index 4f7d34f..4828090 100644
--- a/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java
+++ b/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java
@@ -37,6 +37,8 @@ public class WhitelistUtils {
 
   static final String DEFAULT_DISPATCH_WHITELIST_TEMPLATE = "^/.*$;^https?://%s:[0-9]+/?.*$";
 
+  private static final String IP_ADDRESS_REGEX = "^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$";
+
   private static final SpiGatewayMessages LOG = MessagesFactory.get(SpiGatewayMessages.class);
 
   private static final List<String> DEFAULT_SERVICE_ROLES = Arrays.asList("KNOXSSO");
@@ -99,12 +101,13 @@ public class WhitelistUtils {
 
   private static String deriveDomainBasedWhitelist(String hostname) {
     String whitelist = null;
-    int domainIndex = hostname.indexOf('.');
-    if (domainIndex > 0) {
-      String domain = hostname.substring(hostname.indexOf('.'));
-      String domainPattern = ".+" + domain.replaceAll("\\.", "\\\\.");
-      whitelist =
-              String.format(DEFAULT_DISPATCH_WHITELIST_TEMPLATE, "(" + domainPattern + ")");
+    if (!hostname.matches(IP_ADDRESS_REGEX)) {
+      int domainIndex = hostname.indexOf('.');
+      if (domainIndex > 0) {
+        String domain = hostname.substring(hostname.indexOf('.'));
+        String domainPattern = ".+" + domain.replaceAll("\\.", "\\\\.");
+        whitelist = String.format(DEFAULT_DISPATCH_WHITELIST_TEMPLATE, "(" + domainPattern
+ ")");
+      }
     }
     return whitelist;
   }

http://git-wip-us.apache.org/repos/asf/knox/blob/95ac193e/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java
b/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java
index ddf62f2..f052c48 100644
--- a/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java
+++ b/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java
@@ -135,6 +135,16 @@ public class WhitelistUtilsTest {
   }
 
   @Test
+  public void testLocalhostAddressAsHostName() throws Exception {
+    final String serviceRole = "TEST";
+    // InetAddress#getCanonicalHostName() sometimes returns the IP address as the host name
+    String whitelist = doTestGetDispatchWhitelist(createMockGatewayConfig(Collections.singletonList(serviceRole),
null),
+                                                  "192.168.1.100",
+                                                  serviceRole);
+    assertNull(whitelist);
+  }
+
+  @Test
   public void testExplicitlyConfiguredDefaultWhitelist() throws Exception {
     final String serviceRole = "TEST";
     final String WHITELIST   = "DEFAULT";


Mime
View raw message