Skip to content

Normalise incoming paths before checking them against signature #434

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 26, 2024
Merged

Normalise incoming paths before checking them against signature #434

merged 1 commit into from
Sep 26, 2024

Conversation

jackkleeman
Copy link
Contributor

THe runtime does not absolutise its paths against the http url - it just signs something like /invoke/a/b or /discover. We should normalise the paths we receive when checking against the signature.

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 25, 2024
edited
Loading

Test Results

15 files  +10  15 suites  +10   17m 57s ⏱️ + 15m 27s
 6 tests  - 36   6 ✅  - 36  0 💤 ±0  0 ❌ ±0 
18 runs   - 86  18 ✅  - 86  0 💤 ±0  0 ❌ ±0 

Results for commit 83e6100. ± Comparison against base commit 479936f.

This pull request removes 42 and adds 6 tests. Note that renamed tests count towards both. 
dev.restate.sdktesting.tests.AwaitTimeout ‑ timeout(Client)
dev.restate.sdktesting.tests.CallOrdering ‑ ordering(boolean[], Client)[1]
dev.restate.sdktesting.tests.CallOrdering ‑ ordering(boolean[], Client)[2]
dev.restate.sdktesting.tests.CallOrdering ‑ ordering(boolean[], Client)[3]
dev.restate.sdktesting.tests.CancelInvocation ‑ cancelInvocation(BlockingOperation, Client, URL)[1]
dev.restate.sdktesting.tests.CancelInvocation ‑ cancelInvocation(BlockingOperation, Client, URL)[2]
dev.restate.sdktesting.tests.CancelInvocation ‑ cancelInvocation(BlockingOperation, Client, URL)[3]
dev.restate.sdktesting.tests.Ingress ‑ headersPassThrough(Client)
dev.restate.sdktesting.tests.Ingress ‑ idempotentInvokeSend(Client)
dev.restate.sdktesting.tests.Ingress ‑ idempotentInvokeService(Client)
…

dev.restate.e2e.JavaAwakeableTest ‑ generate(Client)
dev.restate.e2e.KtInterpreterTest ‑ simple(int)
dev.restate.e2e.NodeAwakeableTest ‑ generate(Client)
dev.restate.e2e.NodeInterpreterTest ‑ simple(int)
dev.restate.e2e.RetryOnUnknownServiceTest ‑ retryOnUnknownServiceUsingCall(Client, URL)
dev.restate.e2e.RetryOnUnknownServiceTest ‑ retryOnUnknownServiceUsingOneWayCall(Client, URL)

♻️ This comment has been updated with latest results.

igalshilman
igalshilman approved these changes Sep 26, 2024
View reviewed changes
Copy link
Contributor

@igalshilman igalshilman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@jackkleeman
Normalise incoming paths before checking them against signature
83e6100 
THe runtime does not absolutise its paths against the http url - it just
signs something like /invoke/a/b or /discover. We should normalise the
paths we receive when checking against the signature.
@jackkleeman jackkleeman merged commit 9c73979 into main Sep 26, 2024
4 checks passed
@jackkleeman jackkleeman deleted the normalise-paths branch September 26, 2024 12:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@igalshilman igalshilman igalshilman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jackkleeman @igalshilman