http: fix ssl_redirect on external#8664
Conversation
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
source/common/router/config_impl.cc
Outdated
| } else if (ssl_requirements_ == SslRequirements::EXTERNAL_ONLY && | ||
| forwarded_proto_header->value() != "https" && !headers.EnvoyInternalRequest()) { | ||
| forwarded_proto_header->value() != "https" && | ||
| not Http::HeaderUtility::isEnvoyInternalRequest(headers)) { |
There was a problem hiding this comment.
This is the core fix
There was a problem hiding this comment.
LGTM. Nit: please use standard predicate syntax ! instead of this new-fangled one that is pretty confusing to most C/C++ folks.
|
/assign @htuch |
|
ping @htuch |
htuch
left a comment
There was a problem hiding this comment.
Thanks, this looks like the right fix. Can you add a regression test and then we can ship?
/wait
| ->asString(); | ||
| ConnectionManagerUtility::mutateTracingRequestHeader(headers, runtime_, config_, &route_); | ||
| ret.internal_ = headers.EnvoyInternalRequest() != nullptr; | ||
| ret.internal_ = HeaderUtility::isEnvoyInternalRequest(headers); |
There was a problem hiding this comment.
Is there a test that covers the actual regression being fixed?
There was a problem hiding this comment.
Probably not. This is test.cc. I guess we don't need another test for test.cc :)
Here is the no brain fix.
I add a test case in router/config_impl_test.cc to cover the core change.
source/common/router/config_impl.cc
Outdated
| } else if (ssl_requirements_ == SslRequirements::EXTERNAL_ONLY && | ||
| forwarded_proto_header->value() != "https" && !headers.EnvoyInternalRequest()) { | ||
| forwarded_proto_header->value() != "https" && | ||
| not Http::HeaderUtility::isEnvoyInternalRequest(headers)) { |
There was a problem hiding this comment.
LGTM. Nit: please use standard predicate syntax ! instead of this new-fangled one that is pretty confusing to most C/C++ folks.
|
Thanks! Will add integration test and fix the nits |
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
lambdai
left a comment
There was a problem hiding this comment.
Add the test case to cover the product code change.
| ->asString(); | ||
| ConnectionManagerUtility::mutateTracingRequestHeader(headers, runtime_, config_, &route_); | ||
| ret.internal_ = headers.EnvoyInternalRequest() != nullptr; | ||
| ret.internal_ = HeaderUtility::isEnvoyInternalRequest(headers); |
There was a problem hiding this comment.
Probably not. This is test.cc. I guess we don't need another test for test.cc :)
Here is the no brain fix.
I add a test case in router/config_impl_test.cc to cover the core change.
| EXPECT_EQ("https://api.lyft.com/foo", | ||
| config.route(headers, 0)->directResponseEntry()->newPath(headers)); | ||
| } | ||
| { |
There was a problem hiding this comment.
The test case to cover the core 1 line change
|
@lambdai thanks this is a nice cleanup. I just want to clarify for my own understanding though that I don't think there was any actual bug here? The internal header was always sanitized and the only value it was ever filled with was true, so I don't think there should be any actual user behavior change here unless some trusted intermediary was actually changing the value to something else, correct? |
* master: (54 commits) Update dependencies - Go, Bazel toos, xxHash, nanopb, rules_go, curl, protobuf, Jinja, yaml-cpp, re2 (envoyproxy#8728) test: increase coverage of listener_manager_impl.cc (envoyproxy#8737) test: modify some macros to reduce number of uncovered lines reported (envoyproxy#8725) build: add a script to setup clang (envoyproxy#8682) http: fix ssl_redirect on external (envoyproxy#8664) docs: update fedora build requirements (envoyproxy#8641) fix draining listener removal logs (envoyproxy#8733) dubbo: fix router doc (envoyproxy#8734) server: provide server health status when stats disabled (envoyproxy#8482) router: adding a knob to configure a cap on buffering for shadowing/retries (envoyproxy#8574) tcp proxy: add default 1 hour idle timeout (envoyproxy#8705) thrift: fix filter names in docs (envoyproxy#8726) Quiche changes to avoid gcc flags on Windows (envoyproxy#8514) test: increase test coverage in Router::HeaderParser (envoyproxy#8721) admin: add drain listeners endpoint (envoyproxy#8415) buffer filter: add content-length when ending stream with trailers (envoyproxy#8609) clarify draining option docs (envoyproxy#8712) build: ignore go-control-plane mirror git commit error code (envoyproxy#8703) api: remove API type database from checked in artifacts. (envoyproxy#8716) admin: correct help strings (envoyproxy#8710) ... Signed-off-by: Spencer Lewis <slewis@squareup.com>
ssl_redirect on external only is not doing as declared The reason is that it doesn't determines whether the request is internal in the common approach. Expect: check the header exists and the value is "true" as everywhere else in the code base. Risk Level: HIGH, maybe. Since require_tls: EXTERNAL_ONLY user may see different(but correct!) behavior. Testing: Unit test added. Signed-off-by: Yuchen Dai <silentdai@gmail.com>
|
@mattklein123 Thanks!
That's a good point. No other components should set "X-envoy-internal" to false. We should assume the assert since |
Description: ssl_redirect on external only is not doing as declared
The reason is that it doesn't determines whether the request is internal in the common approach.
Expect: check the header exists and the value is "true" as everywhere else in the code base.
Risk Level: HIGH, maybe. Since
require_tls: EXTERNAL_ONLYuser may see different(but correct!) behavior.Testing:
Docs Changes:
Signed-off-by: Yuchen Dai silentdai@gmail.com