From 844e38f1093fc2711b96ebd1e8876bd6131d9e88 Mon Sep 17 00:00:00 2001 From: Patrick Jones Date: Tue, 10 Aug 2021 15:28:07 -0700 Subject: [PATCH] tweak regex filters --- .../externalaccount/basecredentials.go | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/google/internal/externalaccount/basecredentials.go b/google/internal/externalaccount/basecredentials.go index 426f4d6..f2f2dfe 100644 --- a/google/internal/externalaccount/basecredentials.go +++ b/google/internal/externalaccount/basecredentials.go @@ -58,16 +58,18 @@ type Config struct { var ( validTokenURLPatterns = []*regexp.Regexp{ - regexp.MustCompile("https://[^\\.]+\\.sts\\.googleapis\\.com"), - regexp.MustCompile("https://sts\\.googleapis\\.com"), - regexp.MustCompile("https://sts\\.[^\\.]+\\.googleapis\\.com"), - regexp.MustCompile("https://[^\\.]+-sts\\.googleapis\\.com"), + // The complicated part in the middle matches any number of characters that + // aren't period, spaces, or slashes. + regexp.MustCompile("^https://[^\\.\\s\\/\\\\]+\\.sts\\.googleapis\\.com"), + regexp.MustCompile("^https://sts\\.googleapis\\.com"), + regexp.MustCompile("^https://sts\\.[^\\.\\s\\/\\\\]+\\.googleapis\\.com"), + regexp.MustCompile("^https://[^\\.\\s\\/\\\\]+-sts\\.googleapis\\.com"), } validImpersonateURLPatterns = []*regexp.Regexp{ - regexp.MustCompile("https://[^\\.]+\\.iamcredentials\\.googleapis\\.com"), - regexp.MustCompile("https://iamcredentials\\.googleapis\\.com"), - regexp.MustCompile("https://iamcredentials\\.[^\\.]+\\.googleapis\\.com"), - regexp.MustCompile("https://[^\\.]+-iamcredentials\\.googleapis\\.com"), + regexp.MustCompile("^https://[^\\.\\s\\/\\\\]+\\.iamcredentials\\.googleapis\\.com"), + regexp.MustCompile("^https://iamcredentials\\.googleapis\\.com"), + regexp.MustCompile("^https://iamcredentials\\.[^\\.\\s\\/\\\\]+\\.googleapis\\.com"), + regexp.MustCompile("^https://[^\\.\\s\\/\\\\]+-iamcredentials\\.googleapis\\.com"), } )