Skip to content

Commit

Permalink
Use cleanhttp.PrintablePathCheckHandler to handle non-printable chara… (
Browse files Browse the repository at this point in the history
  • Loading branch information
calvn authored and jefferai committed Dec 16, 2017
1 parent 098c66a commit d4f17b8
Show file tree
Hide file tree
Showing 5 changed files with 72 additions and 4 deletions.
7 changes: 6 additions & 1 deletion http/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"time"

"github.com/hashicorp/errwrap"
cleanhttp "github.com/hashicorp/go-cleanhttp"
"github.com/hashicorp/vault/helper/consts"
"github.com/hashicorp/vault/helper/jsonutil"
"github.com/hashicorp/vault/helper/parseutil"
Expand Down Expand Up @@ -90,7 +91,11 @@ func Handler(core *vault.Core) http.Handler {
// handler
genericWrappedHandler := wrapGenericHandler(corsWrappedHandler)

return genericWrappedHandler
// Wrap the handler with PrintablePathCheckHandler to check for non-printable
// characters in the request path.
printablePathCheckHandler := cleanhttp.PrintablePathCheckHandler(genericWrappedHandler, nil)

return printablePathCheckHandler
}

// wrapGenericHandler wraps the handler with an extra layer of handler where
Expand Down
19 changes: 19 additions & 0 deletions http/handler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -378,5 +378,24 @@ func TestHandler_error(t *testing.T) {
if w3.Code != 503 {
t.Fatalf("expected 503, got %d", w3.Code)
}
}

func TestHandler_nonPrintableChars(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()

req, err := http.NewRequest("GET", addr+"/v1/sys/mounts\n", nil)
if err != nil {
t.Fatalf("err: %s", err)
}
req.Header.Set(AuthHeaderName, token)

client := cleanhttp.DefaultClient()
resp, err := client.Do(req)
if err != nil {
t.Fatalf("err: %s", err)
}

testResponseStatus(t, resp, 400)
}
1 change: 1 addition & 0 deletions vendor/github.com/hashicorp/go-cleanhttp/cleanhttp.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

43 changes: 43 additions & 0 deletions vendor/github.com/hashicorp/go-cleanhttp/handlers.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions vendor/vendor.json
Original file line number Diff line number Diff line change
Expand Up @@ -985,10 +985,10 @@
"revisionTime": "2014-10-28T05:47:10Z"
},
{
"checksumSHA1": "b8F628srIitj5p7Y130xc9k0QWs=",
"checksumSHA1": "b3Y4wgMvMco62K4DfX0Sdoug4+k=",
"path": "github.com/hashicorp/go-cleanhttp",
"revision": "3573b8b52aa7b37b9358d966a898feb387f62437",
"revisionTime": "2017-02-11T01:34:15Z"
"revision": "33f138d01ac027decb9a5bd76ad6e7c7c701b0c4",
"revisionTime": "2017-12-16T01:18:02Z"
},
{
"checksumSHA1": "AA0aYmdg4pb5gPCUSXg8iPzxLag=",
Expand Down

0 comments on commit d4f17b8

Please sign in to comment.