Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better RegEx pattern complication handling in httpchallenge #5515

Closed
edwbuck opened this issue Sep 23, 2024 · 0 comments · Fixed by #5537
Closed

Better RegEx pattern complication handling in httpchallenge #5515

edwbuck opened this issue Sep 23, 2024 · 0 comments · Fixed by #5537
Labels
help wanted Issues with this label are ready to start work but are in need of someone to do it priority/backlog Issue is approved and in the backlog

Comments

@edwbuck
Copy link
Contributor

edwbuck commented Sep 23, 2024

In pkg/server/plugin/nodeattestor/httpchallenge/httpchallenge.go, near line 67 the following code exists

re := regex.MustCompile(r)

which will cause a runtime panic on a poorly written hclConfig.AllowedDNSPatterns, which comes from the httpchallenge user-edited config file.

We need better error handling in this area, to prevent the httpchallenge plugin from runtime panicing.

Discovered during #5303 but not changed within that PR as it is out of scope of adding a Validate gRPC call.
@azdagron azdagron added help wanted Issues with this label are ready to start work but are in need of someone to do it priority/backlog Issue is approved and in the backlog labels Sep 24, 2024
edwbuck added a commit to edwbuck/spire that referenced this issue Oct 4, 2024
@edwbuck
Fix undesirable regex pattern compliation approach.
2335bb1 
closes spiffe#5515

Signed-off-by: Edwin Buck <[email protected]>
@edwbuck edwbuck mentioned this issue Oct 4, 2024
Merged
azdagron pushed a commit that referenced this issue Oct 5, 2024
@edwbuck
Fix undesirable regex pattern compliation approach. (#5537)
500e291 
closes #5515

Signed-off-by: Edwin Buck <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Issues with this label are ready to start work but are in need of someone to do it priority/backlog Issue is approved and in the backlog
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix undesirable regex pattern compilation approach. edwbuck/spire
2 participants
@edwbuck @azdagron