From 47d901893adeb58e0824816b1c5916eb01ff4161 Mon Sep 17 00:00:00 2001 From: Alan Xu Date: Thu, 18 Jan 2024 22:21:18 +0800 Subject: [PATCH 1/6] feat(authentication): improve Validator improve Validator, if input contains http or https which function will return error. --- authentication/allowed_hosts_validator.go | 41 +++++++++++++++---- .../allowed_hosts_validator_test.go | 10 ++++- .../api_key_authentication_provider.go | 8 +++- 3 files changed, 46 insertions(+), 13 deletions(-) diff --git a/authentication/allowed_hosts_validator.go b/authentication/allowed_hosts_validator.go index c5bc78d..805be5f 100644 --- a/authentication/allowed_hosts_validator.go +++ b/authentication/allowed_hosts_validator.go @@ -1,22 +1,35 @@ package authentication import ( + "errors" u "net/url" "strings" ) -// AllowedHostsValidator Maintains a list of valid hosts and allows authentication providers to check whether a host is valid before authenticating a request +// AllowedHostsValidator maintains a list of valid hosts and allows authentication providers to check whether a host is valid before authenticating a request type AllowedHostsValidator struct { validHosts map[string]bool } -// NewAllowedHostsValidator creates a new AllowedHostsValidator object with provided values. +// ErrInvalidHostPrefix indicates that a host should not contain the http or https prefix. +var ErrInvalidHostPrefix = errors.New("host should not contain http or https prefix") + +// Deprecated: NewAllowedHostsValidator creates a new AllowedHostsValidator object with provided values. func NewAllowedHostsValidator(validHosts []string) AllowedHostsValidator { result := AllowedHostsValidator{} result.SetAllowedHosts(validHosts) return result } +// NewAllowedHostsValidatorErrorCheck creates a new AllowedHostsValidator object with provided values and performs error checking. +func NewAllowedHostsValidatorErrorCheck(validHosts []string) (*AllowedHostsValidator, error) { + result := &AllowedHostsValidator{} + if err := result.SetAllowedHostsErrorCheck(validHosts); err != nil { + return result, err + } + return result, nil +} + // GetAllowedHosts returns the list of valid hosts. func (v *AllowedHostsValidator) GetAllowedHosts() map[string]bool { hosts := make(map[string]bool, len(v.validHosts)) @@ -26,7 +39,7 @@ func (v *AllowedHostsValidator) GetAllowedHosts() map[string]bool { return hosts } -// SetAllowedHosts sets the list of valid hosts. +// Deprecated: SetAllowedHosts sets the list of valid hosts. func (v *AllowedHostsValidator) SetAllowedHosts(hosts []string) { v.validHosts = make(map[string]bool, len(hosts)) if len(hosts) > 0 { @@ -36,14 +49,24 @@ func (v *AllowedHostsValidator) SetAllowedHosts(hosts []string) { } } +// SetAllowedHostsErrorCheck sets the list of valid hosts with error checking. +func (v *AllowedHostsValidator) SetAllowedHostsErrorCheck(hosts []string) error { + v.validHosts = make(map[string]bool, len(hosts)) + if len(hosts) > 0 { + for _, host := range hosts { + if strings.HasPrefix(host, "http") { + return ErrInvalidHostPrefix + } + v.validHosts[strings.ToLower(host)] = true + } + } + return nil +} + // IsValidHost returns true if the host is valid. func (v *AllowedHostsValidator) IsUrlHostValid(uri *u.URL) bool { - if uri == nil { - return false - } - host := uri.Hostname() - if host == "" { + if uri == nil || uri.Hostname() == "" { return false } - return len(v.validHosts) == 0 || v.validHosts[strings.ToLower(host)] + return len(v.validHosts) == 0 || v.validHosts[strings.ToLower(uri.Hostname())] } diff --git a/authentication/allowed_hosts_validator_test.go b/authentication/allowed_hosts_validator_test.go index f6e1ef2..4a94bfd 100644 --- a/authentication/allowed_hosts_validator_test.go +++ b/authentication/allowed_hosts_validator_test.go @@ -1,14 +1,20 @@ package authentication import ( - assert "github.com/stretchr/testify/assert" u "net/url" "testing" + + assert "github.com/stretchr/testify/assert" ) -func TestItValidatesHosts(t *testing.T) { +func TestItValidatesHostsUseNewAllowedHostsValidator(t *testing.T) { validator := NewAllowedHostsValidator([]string{"graph.microsoft.com"}) url, err := u.Parse("https://graph.microsoft.com/v1.0/me") assert.Nil(t, err) assert.True(t, validator.IsUrlHostValid(url)) } + +func TestItValidatesHostsUseNewAllowedHostsValidatorErrorCheck(t *testing.T) { + _, err := NewAllowedHostsValidatorErrorCheck([]string{"http://graph.microsoft.com"}) + assert.EqualValues(t, ErrInvalidHostPrefix, err) +} diff --git a/authentication/api_key_authentication_provider.go b/authentication/api_key_authentication_provider.go index fb2be2c..82b18fd 100644 --- a/authentication/api_key_authentication_provider.go +++ b/authentication/api_key_authentication_provider.go @@ -41,12 +41,16 @@ func NewApiKeyAuthenticationProviderWithValidHosts(apiKey string, parameterName if len(parameterName) == 0 { return nil, errors.New("parameterName cannot be empty") } - validator := NewAllowedHostsValidator(validHosts) + + validator, err := NewAllowedHostsValidatorErrorCheck(validHosts) + if err != nil { + return nil, err + } return &ApiKeyAuthenticationProvider{ apiKey: apiKey, parameterName: parameterName, keyLocation: keyLocation, - validator: &validator, + validator: validator, }, nil } From a32f7e568e0aa503f6bd5cf6a0c9b1e19e642ff8 Mon Sep 17 00:00:00 2001 From: Alan Xu Date: Thu, 18 Jan 2024 22:25:27 +0800 Subject: [PATCH 2/6] test(allowed_hosts_validator_test.go): add test case add test case --- authentication/allowed_hosts_validator.go | 2 +- authentication/allowed_hosts_validator_test.go | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/authentication/allowed_hosts_validator.go b/authentication/allowed_hosts_validator.go index 805be5f..3556526 100644 --- a/authentication/allowed_hosts_validator.go +++ b/authentication/allowed_hosts_validator.go @@ -25,7 +25,7 @@ func NewAllowedHostsValidator(validHosts []string) AllowedHostsValidator { func NewAllowedHostsValidatorErrorCheck(validHosts []string) (*AllowedHostsValidator, error) { result := &AllowedHostsValidator{} if err := result.SetAllowedHostsErrorCheck(validHosts); err != nil { - return result, err + return nil, err } return result, nil } diff --git a/authentication/allowed_hosts_validator_test.go b/authentication/allowed_hosts_validator_test.go index 4a94bfd..312f387 100644 --- a/authentication/allowed_hosts_validator_test.go +++ b/authentication/allowed_hosts_validator_test.go @@ -15,6 +15,7 @@ func TestItValidatesHostsUseNewAllowedHostsValidator(t *testing.T) { } func TestItValidatesHostsUseNewAllowedHostsValidatorErrorCheck(t *testing.T) { - _, err := NewAllowedHostsValidatorErrorCheck([]string{"http://graph.microsoft.com"}) + validator, err := NewAllowedHostsValidatorErrorCheck([]string{"http://graph.microsoft.com"}) assert.EqualValues(t, ErrInvalidHostPrefix, err) + assert.Nil(t, validator) } From 490f44d1a2e0072b03ce80db5b78278cf091aa86 Mon Sep 17 00:00:00 2001 From: Alan Xu Date: Thu, 18 Jan 2024 22:30:47 +0800 Subject: [PATCH 3/6] docs(changelog.md): add changlog add changelog --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4d7322e..53722fa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed +## [1.5.6] - 2024-01-18 + +### Changed + +- The input contains http or https which function will return an error. [#130](https://github.com/microsoft/kiota-abstractions-go/issues/130) + ## [1.5.5] - 2024-01-17 ### Changed From bdc0b56fe0d2aa9825b21bc4983d37d2b7b1ee8d Mon Sep 17 00:00:00 2001 From: Alan Xu Date: Fri, 19 Jan 2024 15:37:08 +0800 Subject: [PATCH 4/6] fix(allowed_host_validator.go): fix http prifix fix http prifix --- authentication/allowed_hosts_validator.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authentication/allowed_hosts_validator.go b/authentication/allowed_hosts_validator.go index 3556526..56492b2 100644 --- a/authentication/allowed_hosts_validator.go +++ b/authentication/allowed_hosts_validator.go @@ -54,7 +54,7 @@ func (v *AllowedHostsValidator) SetAllowedHostsErrorCheck(hosts []string) error v.validHosts = make(map[string]bool, len(hosts)) if len(hosts) > 0 { for _, host := range hosts { - if strings.HasPrefix(host, "http") { + if strings.HasPrefix(host, "http://") || strings.HasPrefix(host, "https://") { return ErrInvalidHostPrefix } v.validHosts[strings.ToLower(host)] = true From bd6b781158d8b34b21c5c2374a3ac9b2fbda13f2 Mon Sep 17 00:00:00 2001 From: Alan Xu Date: Fri, 19 Jan 2024 22:11:21 +0800 Subject: [PATCH 5/6] fix(lower alpha): fix lower host fix lower host --- authentication/allowed_hosts_validator.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/authentication/allowed_hosts_validator.go b/authentication/allowed_hosts_validator.go index 56492b2..833f862 100644 --- a/authentication/allowed_hosts_validator.go +++ b/authentication/allowed_hosts_validator.go @@ -54,10 +54,11 @@ func (v *AllowedHostsValidator) SetAllowedHostsErrorCheck(hosts []string) error v.validHosts = make(map[string]bool, len(hosts)) if len(hosts) > 0 { for _, host := range hosts { - if strings.HasPrefix(host, "http://") || strings.HasPrefix(host, "https://") { + lowerHost := strings.ToLower(host) + if strings.HasPrefix(lowerHost, "http://") || strings.HasPrefix(lowerHost, "https://") { return ErrInvalidHostPrefix } - v.validHosts[strings.ToLower(host)] = true + v.validHosts[lowerHost] = true } } return nil From 0e3d91ff74a9987f075d0d943b0194cc85ea38fa Mon Sep 17 00:00:00 2001 From: Alan Xu Date: Fri, 19 Jan 2024 22:22:37 +0800 Subject: [PATCH 6/6] revert(allowed_host_validator.go): revert function IsUrlHostValid revert function IsUrlHostValid --- authentication/allowed_hosts_validator.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/authentication/allowed_hosts_validator.go b/authentication/allowed_hosts_validator.go index 833f862..052882d 100644 --- a/authentication/allowed_hosts_validator.go +++ b/authentication/allowed_hosts_validator.go @@ -66,8 +66,12 @@ func (v *AllowedHostsValidator) SetAllowedHostsErrorCheck(hosts []string) error // IsValidHost returns true if the host is valid. func (v *AllowedHostsValidator) IsUrlHostValid(uri *u.URL) bool { - if uri == nil || uri.Hostname() == "" { + if uri == nil { return false } - return len(v.validHosts) == 0 || v.validHosts[strings.ToLower(uri.Hostname())] + host := uri.Hostname() + if host == "" { + return false + } + return len(v.validHosts) == 0 || v.validHosts[strings.ToLower(host)] }