Willy,
Christopher,
most of the patch is moving around the config parser to support ingesting the
new argument.
Best regards
Tim Düsterhus
Apply with `git am --scissors` to automatically cut the commit message.
-- >8 --
This adds an option to supress `../` at the start of the resulting path.
---
doc/configuration.txt | 11 ++++++++++
include/haproxy/action-t.h | 1 +
include/haproxy/uri_normalizer.h | 2 +-
reg-tests/http-rules/normalize_uri.vtc | 16 ++++++++++++++
src/http_act.c | 29 +++++++++++++++++++-------
src/uri_normalizer.c | 22 ++++++++++++-------
6 files changed, 65 insertions(+), 16 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index eacd8ff26..3422d3aa6 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -6012,6 +6012,9 @@ http-request early-hint <name> <fmt> [ { if | unless }
<condition> ]
See RFC 8297 for more information.
http-request normalize-uri <normalizer> [ { if | unless } <condition> ]
+http-request normalize-uri dotdot [ full ] [ { if | unless } <condition> ]
+http-request normalize-uri merge-slashes [ { if | unless } <condition> ]
+http-request normalize-uri sort-query [ { if | unless } <condition> ]
Performs normalization of the request's URI. The following normalizers are
available:
@@ -6026,8 +6029,16 @@ http-request normalize-uri <normalizer> [ { if | unless
} <condition> ]
- /foo/../bar/ -> /bar/
- /foo/bar/../ -> /foo/
- /../bar/ -> /../bar/
+ - /bar/../../ -> /../
- /foo//../ -> /foo/
+ If the "full" option is specified then `../` at the beginning will be
+ removed as well:
+
+ Example:
+ - /../bar/ -> /bar/
+ - /bar/../../ -> /
+
- merge-slashes: Merges adjacent slashes within the "path" component into a
single slash.
diff --git a/include/haproxy/action-t.h b/include/haproxy/action-t.h
index 332be513f..ae43a936d 100644
--- a/include/haproxy/action-t.h
+++ b/include/haproxy/action-t.h
@@ -104,6 +104,7 @@ enum act_timeout_name {
enum act_normalize_uri {
ACT_NORMALIZE_URI_MERGE_SLASHES,
ACT_NORMALIZE_URI_DOTDOT,
+ ACT_NORMALIZE_URI_DOTDOT_FULL,
ACT_NORMALIZE_URI_SORT_QUERY,
};
diff --git a/include/haproxy/uri_normalizer.h b/include/haproxy/uri_normalizer.h
index 5884e5ab9..52bb004db 100644
--- a/include/haproxy/uri_normalizer.h
+++ b/include/haproxy/uri_normalizer.h
@@ -16,7 +16,7 @@
#include <import/ist.h>
-struct ist uri_normalizer_path_dotdot(const struct ist path, char *trash,
size_t len);
+struct ist uri_normalizer_path_dotdot(const struct ist path, int full, char
*trash, size_t len);
struct ist uri_normalizer_path_merge_slashes(const struct ist path, char
*trash, size_t len);
struct ist uri_normalizer_query_sort(const struct ist query, const char delim,
char *trash, size_t len);
diff --git a/reg-tests/http-rules/normalize_uri.vtc
b/reg-tests/http-rules/normalize_uri.vtc
index 8be81c574..cb3fa2f63 100644
--- a/reg-tests/http-rules/normalize_uri.vtc
+++ b/reg-tests/http-rules/normalize_uri.vtc
@@ -36,8 +36,13 @@ haproxy h1 -conf {
http-request normalize-uri dotdot
http-request set-var(txn.after) url
+ http-request set-uri %[var(txn.before)]
+ http-request normalize-uri dotdot full
+ http-request set-var(txn.after_full) url
+
http-response add-header before %[var(txn.before)]
http-response add-header after %[var(txn.after)]
+ http-response add-header after-full %[var(txn.after_full)]
default_backend be
@@ -115,56 +120,67 @@ client c2 -connect ${h1_fe_dotdot_sock} {
rxresp
expect resp.http.before == "/foo/bar"
expect resp.http.after == "/foo/bar"
+ expect resp.http.after-full == "/foo/bar"
txreq -url "/foo/.."
rxresp
expect resp.http.before == "/foo/.."
expect resp.http.after == "/"
+ expect resp.http.after-full == "/"
txreq -url "/foo/../"
rxresp
expect resp.http.before == "/foo/../"
expect resp.http.after == "/"
+ expect resp.http.after-full == "/"
txreq -url "/foo/bar/../"
rxresp
expect resp.http.before == "/foo/bar/../"
expect resp.http.after == "/foo/"
+ expect resp.http.after-full == "/foo/"
txreq -url "/foo/../bar"
rxresp
expect resp.http.before == "/foo/../bar"
expect resp.http.after == "/bar"
+ expect resp.http.after-full == "/bar"
txreq -url "/foo/../bar/"
rxresp
expect resp.http.before == "/foo/../bar/"
expect resp.http.after == "/bar/"
+ expect resp.http.after-full == "/bar/"
txreq -url "/foo/../../bar/"
rxresp
expect resp.http.before == "/foo/../../bar/"
expect resp.http.after == "/../bar/"
+ expect resp.http.after-full == "/bar/"
txreq -url "/foo//../../bar/"
rxresp
expect resp.http.before == "/foo//../../bar/"
expect resp.http.after == "/bar/"
+ expect resp.http.after-full == "/bar/"
txreq -url "/foo/?bar=/foo/../"
rxresp
expect resp.http.before == "/foo/?bar=/foo/../"
expect resp.http.after == "/foo/?bar=/foo/../"
+ expect resp.http.after-full == "/foo/?bar=/foo/../"
txreq -url "/foo/../?bar=/foo/../"
rxresp
expect resp.http.before == "/foo/../?bar=/foo/../"
expect resp.http.after == "/?bar=/foo/../"
+ expect resp.http.after-full == "/?bar=/foo/../"
txreq -req OPTIONS -url "*"
rxresp
expect resp.http.before == "*"
expect resp.http.after == "*"
+ expect resp.http.after-full == "*"
} -run
client c3 -connect ${h1_fe_sort_query_sock} {
diff --git a/src/http_act.c b/src/http_act.c
index de68ffd34..2fa11dbdf 100644
--- a/src/http_act.c
+++ b/src/http_act.c
@@ -233,7 +233,8 @@ static enum act_return http_action_normalize_uri(struct
act_rule *rule, struct p
break;
}
- case ACT_NORMALIZE_URI_DOTDOT: {
+ case ACT_NORMALIZE_URI_DOTDOT:
+ case ACT_NORMALIZE_URI_DOTDOT_FULL: {
struct ist path = http_get_path(uri);
struct ist newpath;
@@ -242,7 +243,7 @@ static enum act_return http_action_normalize_uri(struct
act_rule *rule, struct p
path = iststop(path, '?');
- newpath = uri_normalizer_path_dotdot(path,
replace->area, replace->size);
+ newpath = uri_normalizer_path_dotdot(path, rule->action
== ACT_NORMALIZE_URI_DOTDOT_FULL, replace->area, replace->size);
if (!isttest(newpath))
goto fail_rewrite;
@@ -314,26 +315,40 @@ static enum act_parse_ret parse_http_normalize_uri(const
char **args, int *orig_
rule->action_ptr = http_action_normalize_uri;
rule->release_ptr = NULL;
- if (!*args[cur_arg] ||
- (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 &&
strcmp(args[cur_arg + 1], "unless") != 0)) {
- memprintf(err, "expects exactly 1 argument <normalizer>");
+ if (!*args[cur_arg]) {
+ memprintf(err, "missing argument <normalizer>");
return ACT_RET_PRS_ERR;
}
if (strcmp(args[cur_arg], "merge-slashes") == 0) {
+ cur_arg++;
+
rule->action = ACT_NORMALIZE_URI_MERGE_SLASHES;
}
else if (strcmp(args[cur_arg], "dotdot") == 0) {
- rule->action = ACT_NORMALIZE_URI_DOTDOT;
+ cur_arg++;
+
+ if (strcmp(args[cur_arg], "full") == 0) {
+ cur_arg++;
+ rule->action = ACT_NORMALIZE_URI_DOTDOT_FULL;
+ }
+ else if (!*args[cur_arg]) {
+ rule->action = ACT_NORMALIZE_URI_DOTDOT;
+ }
+ else if (strcmp(args[cur_arg], "if") != 0 &&
strcmp(args[cur_arg], "unless") != 0) {
+ memprintf(err, "unknown argument '%s' for 'dotdot'
normalizer", args[cur_arg]);
+ return ACT_RET_PRS_ERR;
+ }
}
else if (strcmp(args[cur_arg], "sort-query") == 0) {
+ cur_arg++;
+
rule->action = ACT_NORMALIZE_URI_SORT_QUERY;
}
else {
memprintf(err, "unknown normalizer '%s'", args[cur_arg]);
return ACT_RET_PRS_ERR;
}
- cur_arg++;
*orig_arg = cur_arg;
return ACT_RET_PRS_OK;
diff --git a/src/uri_normalizer.c b/src/uri_normalizer.c
index 8dc74788e..7482a3c97 100644
--- a/src/uri_normalizer.c
+++ b/src/uri_normalizer.c
@@ -18,8 +18,12 @@
/* Merges `/../` with preceding path segments. Returns an ist containing the
new path
* and backed by `trash` or IST_NULL if the `len` not sufficiently large to
store
* the resulting path.
+ *
+ * If `full` is set to `0` then `/../` will be printed at the start of the
resulting
+ * path if the number of `/../` exceeds the number of other segments. If
`full` is
+ * set to `1` these will not be printed.
*/
-struct ist uri_normalizer_path_dotdot(const struct ist path, char *trash,
size_t len)
+struct ist uri_normalizer_path_dotdot(const struct ist path, int full, char
*trash, size_t len)
{
ssize_t offset = istlen(path) - 1;
char *tail = trash + len;
@@ -74,13 +78,15 @@ struct ist uri_normalizer_path_dotdot(const struct ist
path, char *trash, size_t
/* Prepend a trailing slash. */
*(--head) = '/';
- /* Prepend unconsumed `/..`. */
- do {
- *(--head) = '.';
- *(--head) = '.';
- *(--head) = '/';
- up--;
- } while (up > 0);
+ if (!full) {
+ /* Prepend unconsumed `/..`. */
+ do {
+ *(--head) = '.';
+ *(--head) = '.';
+ *(--head) = '/';
+ up--;
+ } while (up > 0);
+ }
}
return ist2(head, tail - head);
--
2.31.1
