From d8dc318495bf11f670994de22894e8f1aa4f804d Mon Sep 17 00:00:00 2001 From: amitgandhinz Date: Tue, 1 Sep 2015 11:26:00 -0400 Subject: [PATCH] Fixed issue where referrer domains were not validated Also related to this fixed the fastly driver to ensure tests pass there. Change-Id: Icdb296ca74b01faf041e16cd6da65775262ee1ad --- poppy/provider/fastly/services.py | 3 +- poppy/transport/validators/helpers.py | 9 +++ run_poppy.sh | 2 +- .../data_create_service_negative.json | 58 ++++++++++++++++++- 4 files changed, 69 insertions(+), 3 deletions(-) diff --git a/poppy/provider/fastly/services.py b/poppy/provider/fastly/services.py index 22d7c06f..d79866f2 100644 --- a/poppy/provider/fastly/services.py +++ b/poppy/provider/fastly/services.py @@ -68,7 +68,8 @@ class ServiceController(base.ServiceBase): referrer_restriction_list = [rule.referrer for restriction in service_obj.restrictions - for rule in restriction.rules] + for rule in restriction.rules + if hasattr(rule, 'referrer')] # if there is a referrer_restricted host/domains at all in # this list. It is equivalent of 'if the list is not empty' and diff --git a/poppy/transport/validators/helpers.py b/poppy/transport/validators/helpers.py index b182e318..09b75a0c 100644 --- a/poppy/transport/validators/helpers.py +++ b/poppy/transport/validators/helpers.py @@ -407,6 +407,15 @@ def is_valid_service_configuration(service, schema): request_url )) + # referrer domains must be valid + for rule in restriction['rules']: + if rule.get("referrer"): + referrer = rule.get("referrer") + if not is_valid_domain_name(referrer): + raise exceptions.ValidationFailed( + u'Referrer {0} is not a valid domain' + .format(referrer)) + return diff --git a/run_poppy.sh b/run_poppy.sh index 35aa53e9..0511fa85 100755 --- a/run_poppy.sh +++ b/run_poppy.sh @@ -1,6 +1,6 @@ #!/bin/bash DAEMONIZED=false -WORKERS = 6 +WORKERS=6 for i in "$@" do diff --git a/tests/api/services/data_create_service_negative.json b/tests/api/services/data_create_service_negative.json index 6c975039..c2faf501 100644 --- a/tests/api/services/data_create_service_negative.json +++ b/tests/api/services/data_create_service_negative.json @@ -393,6 +393,62 @@ "referrer": "www.mywebsite.com"}]} ] }, + "referrer_invalid_domain_with_http": { + "service_name": "referrer_invalid_domain", + "domain_list": [{"domain": "www.mywebsite.com", + "protocol": "http"}, + {"domain": "www.test.website.com", "protocol": "http"}], + "origin_list": [{"origin": "mywebsite1.com", + "port": 80, + "ssl": false}], + "caching_list": [{"name": "default", "ttl": 3600}, + {"name": "home", + "ttl": 1200, + "rules": [{"name" : "index", + "request_url" : "/index.htm"}]}], + "restrictions_list": [ + { + "name": "invalid domain", + "access": "whitelist", + "rules": + [ + { + "name": "only me", + "referrer": "http://www.mywebsite.com", + "request_url": "/*" + } + ] + } + ] + }, + "referrer_invalid_domain_with_bad_format": { + "service_name": "referrer_invalid_domain", + "domain_list": [{"domain": "www.mywebsite.com", + "protocol": "http"}, + {"domain": "www.test.website.com", "protocol": "http"}], + "origin_list": [{"origin": "mywebsite1.com", + "port": 80, + "ssl": false}], + "caching_list": [{"name": "default", "ttl": 3600}, + {"name": "home", + "ttl": 1200, + "rules": [{"name" : "index", + "request_url" : "/index.htm"}]}], + "restrictions_list": [ + { + "name": "invalid domain", + "access": "whitelist", + "rules": + [ + { + "name": "only me", + "referrer": "www.-mywebsite.com", + "request_url": "/*" + } + ] + } + ] + }, "http_domain_with_certificate": { "service_name": "my_service_name", "domain_list": [{"domain": "www.mywebsite.com", @@ -728,7 +784,7 @@ "request_url" : "/index.htm"}]}], "restrictions_list": [] }, - "invalid_domain_name_with_hyphen_at_benginning": { + "invalid_domain_name_with_hyphen_at_beginning": { "service_name": "invalid_domain_name_with_hyphen", "domain_list": [{"domain": "abcd.-mywebsite.com"}], "origin_list": [{"origin": "myorigin.com",