x/poppy
Code Issues Proposed changes

Fixed issue where referrer domains were not validated

Browse Source 
Also related to this fixed the fastly driver to ensure tests pass there.

Change-Id: Icdb296ca74b01faf041e16cd6da65775262ee1ad
This commit is contained in:
amitgandhinz 2015-09-01 11:26:00 -04:00
parent ccc58cfd78
commit d8dc318495
4 changed files with 69 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
poppy/provider/fastly/services.py
View File

@ -68,7 +68,8 @@ class ServiceController(base.ServiceBase):
referrer_restriction_list = [rule.referrer
for restriction in
service_obj.restrictions
for rule in restriction.rules]
for rule in restriction.rules
if hasattr(rule, 'referrer')]
# if there is a referrer_restricted host/domains at all in
# this list. It is equivalent of 'if the list is not empty' and

9
poppy/transport/validators/helpers.py
View File

@ -407,6 +407,15 @@ def is_valid_service_configuration(service, schema):
request_url
))
# referrer domains must be valid
for rule in restriction['rules']:
if rule.get("referrer"):
referrer = rule.get("referrer")
if not is_valid_domain_name(referrer):
raise exceptions.ValidationFailed(
u'Referrer {0} is not a valid domain'
.format(referrer))
return

2
run_poppy.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
DAEMONIZED=false
WORKERS = 6
WORKERS=6
for i in "$@"
do

58
tests/api/services/data_create_service_negative.json
View File

@ -393,6 +393,62 @@
"referrer": "www.mywebsite.com"}]}
]
},
"referrer_invalid_domain_with_http": {
"service_name": "referrer_invalid_domain",
"domain_list": [{"domain": "www.mywebsite.com",
"protocol": "http"},
{"domain": "www.test.website.com", "protocol": "http"}],
"origin_list": [{"origin": "mywebsite1.com",
"port": 80,
"ssl": false}],
"caching_list": [{"name": "default", "ttl": 3600},
{"name": "home",
"ttl": 1200,
"rules": [{"name" : "index",
"request_url" : "/index.htm"}]}],
"restrictions_list": [
{
"name": "invalid domain",
"access": "whitelist",
"rules":
[
{
"name": "only me",
"referrer": "http://www.mywebsite.com",
"request_url": "/*"
}
]
}
]
},
"referrer_invalid_domain_with_bad_format": {
"service_name": "referrer_invalid_domain",
"domain_list": [{"domain": "www.mywebsite.com",
"protocol": "http"},
{"domain": "www.test.website.com", "protocol": "http"}],
"origin_list": [{"origin": "mywebsite1.com",
"port": 80,
"ssl": false}],
"caching_list": [{"name": "default", "ttl": 3600},
{"name": "home",
"ttl": 1200,
"rules": [{"name" : "index",
"request_url" : "/index.htm"}]}],
"restrictions_list": [
{
"name": "invalid domain",
"access": "whitelist",
"rules":
[
{
"name": "only me",
"referrer": "www.-mywebsite.com",
"request_url": "/*"
}
]
}
]
},
"http_domain_with_certificate": {
"service_name": "my_service_name",
"domain_list": [{"domain": "www.mywebsite.com",
@ -728,7 +784,7 @@
"request_url" : "/index.htm"}]}],
"restrictions_list": []
},
"invalid_domain_name_with_hyphen_at_benginning": {
"invalid_domain_name_with_hyphen_at_beginning": {
"service_name": "invalid_domain_name_with_hyphen",
"domain_list": [{"domain": "abcd.-mywebsite.com"}],
"origin_list": [{"origin": "myorigin.com",