Fixed issue where referrer domains were not validated
Also related to this fixed the fastly driver to ensure tests pass there. Change-Id: Icdb296ca74b01faf041e16cd6da65775262ee1ad
This commit is contained in:
amitgandhinz
parent
ccc58cfd78
commit
d8dc318495
|
|
@ -68,7 +68,8 @@ class ServiceController(base.ServiceBase):
|
|||
referrer_restriction_list = [rule.referrer
|
||||
for restriction in
|
||||
service_obj.restrictions
|
||||
for rule in restriction.rules]
|
||||
for rule in restriction.rules
|
||||
if hasattr(rule, 'referrer')]
|
||||
|
||||
# if there is a referrer_restricted host/domains at all in
|
||||
# this list. It is equivalent of 'if the list is not empty' and
|
||||
|
|
|
|||
|
|
@ -407,6 +407,15 @@ def is_valid_service_configuration(service, schema):
|
|||
request_url
|
||||
))
|
||||
|
||||
# referrer domains must be valid
|
||||
for rule in restriction['rules']:
|
||||
if rule.get("referrer"):
|
||||
referrer = rule.get("referrer")
|
||||
if not is_valid_domain_name(referrer):
|
||||
raise exceptions.ValidationFailed(
|
||||
u'Referrer {0} is not a valid domain'
|
||||
.format(referrer))
|
||||
|
||||
return
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
DAEMONIZED=false
|
||||
WORKERS = 6
|
||||
WORKERS=6
|
||||
|
||||
for i in "$@"
|
||||
do
|
||||
|
|
|
|||
|
|
@ -393,6 +393,62 @@
|
|||
"referrer": "www.mywebsite.com"}]}
|
||||
]
|
||||
},
|
||||
"referrer_invalid_domain_with_http": {
|
||||
"service_name": "referrer_invalid_domain",
|
||||
"domain_list": [{"domain": "www.mywebsite.com",
|
||||
"protocol": "http"},
|
||||
{"domain": "www.test.website.com", "protocol": "http"}],
|
||||
"origin_list": [{"origin": "mywebsite1.com",
|
||||
"port": 80,
|
||||
"ssl": false}],
|
||||
"caching_list": [{"name": "default", "ttl": 3600},
|
||||
{"name": "home",
|
||||
"ttl": 1200,
|
||||
"rules": [{"name" : "index",
|
||||
"request_url" : "/index.htm"}]}],
|
||||
"restrictions_list": [
|
||||
{
|
||||
"name": "invalid domain",
|
||||
"access": "whitelist",
|
||||
"rules":
|
||||
[
|
||||
{
|
||||
"name": "only me",
|
||||
"referrer": "http://www.mywebsite.com",
|
||||
"request_url": "/*"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"referrer_invalid_domain_with_bad_format": {
|
||||
"service_name": "referrer_invalid_domain",
|
||||
"domain_list": [{"domain": "www.mywebsite.com",
|
||||
"protocol": "http"},
|
||||
{"domain": "www.test.website.com", "protocol": "http"}],
|
||||
"origin_list": [{"origin": "mywebsite1.com",
|
||||
"port": 80,
|
||||
"ssl": false}],
|
||||
"caching_list": [{"name": "default", "ttl": 3600},
|
||||
{"name": "home",
|
||||
"ttl": 1200,
|
||||
"rules": [{"name" : "index",
|
||||
"request_url" : "/index.htm"}]}],
|
||||
"restrictions_list": [
|
||||
{
|
||||
"name": "invalid domain",
|
||||
"access": "whitelist",
|
||||
"rules":
|
||||
[
|
||||
{
|
||||
"name": "only me",
|
||||
"referrer": "www.-mywebsite.com",
|
||||
"request_url": "/*"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"http_domain_with_certificate": {
|
||||
"service_name": "my_service_name",
|
||||
"domain_list": [{"domain": "www.mywebsite.com",
|
||||
|
|
@ -728,7 +784,7 @@
|
|||
"request_url" : "/index.htm"}]}],
|
||||
"restrictions_list": []
|
||||
},
|
||||
"invalid_domain_name_with_hyphen_at_benginning": {
|
||||
"invalid_domain_name_with_hyphen_at_beginning": {
|
||||
"service_name": "invalid_domain_name_with_hyphen",
|
||||
"domain_list": [{"domain": "abcd.-mywebsite.com"}],
|
||||
"origin_list": [{"origin": "myorigin.com",
|
||||
|
|
|
|||
Loading…
Reference in New Issue