forked from Mirrors/oauth2
fix nits
This commit is contained in:
Patrick Jones
parent
b46ea24969
commit
e8d4c9f583
|
|
@ -62,16 +62,16 @@ var (
|
|||
validTokenURLPatterns = []*regexp.Regexp{
|
||||
// The complicated part in the middle matches any number of characters that
|
||||
// aren't period, spaces, or slashes.
|
||||
regexp.MustCompile("(?i)^[^\\.\\s\\/\\\\]+\\.sts\\.googleapis\\.com$"),
|
||||
regexp.MustCompile("(?i)^sts\\.googleapis\\.com$"),
|
||||
regexp.MustCompile("(?i)^sts\\.[^\\.\\s\\/\\\\]+\\.googleapis\\.com$"),
|
||||
regexp.MustCompile("(?i)^[^\\.\\s\\/\\\\]+-sts\\.googleapis\\.com$"),
|
||||
regexp.MustCompile(`(?i)^[^\.\s\/\\]+\.sts\.googleapis\.com$`),
|
||||
regexp.MustCompile(`(?i)^sts\.googleapis\.com$`),
|
||||
regexp.MustCompile(`(?i)^sts\.[^\.\s\/\\]+\.googleapis\.com$`),
|
||||
regexp.MustCompile(`(?i)^[^\.\s\/\\]+-sts\.googleapis\.com$`),
|
||||
}
|
||||
validImpersonateURLPatterns = []*regexp.Regexp{
|
||||
regexp.MustCompile("^[^\\.\\s\\/\\\\]+\\.iamcredentials\\.googleapis\\.com$"),
|
||||
regexp.MustCompile("^iamcredentials\\.googleapis\\.com$"),
|
||||
regexp.MustCompile("^iamcredentials\\.[^\\.\\s\\/\\\\]+\\.googleapis\\.com$"),
|
||||
regexp.MustCompile("^[^\\.\\s\\/\\\\]+-iamcredentials\\.googleapis\\.com$"),
|
||||
regexp.MustCompile(`^[^\.\s\/\\]+\.iamcredentials\.googleapis\.com$`),
|
||||
regexp.MustCompile(`^iamcredentials\.googleapis\.com$`),
|
||||
regexp.MustCompile(`^iamcredentials\.[^\.\s\/\\]+\.googleapis\.com$`),
|
||||
regexp.MustCompile(`^[^\.\s\/\\]+-iamcredentials\.googleapis\.com$`),
|
||||
}
|
||||
)
|
||||
|
||||
|
|
@ -80,14 +80,14 @@ func validateURL(input string, patterns []*regexp.Regexp, scheme string) bool {
|
|||
if err != nil {
|
||||
return false
|
||||
}
|
||||
if strings.ToLower(parsed.Scheme) != strings.ToLower(scheme) {
|
||||
if !strings.EqualFold(parsed.Scheme, scheme) {
|
||||
return false
|
||||
}
|
||||
toTest := parsed.Host
|
||||
|
||||
for _, pattern := range patterns {
|
||||
valid := pattern.MatchString(toTest)
|
||||
if valid {
|
||||
|
||||
if valid := pattern.MatchString(toTest); valid {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
|
@ -103,13 +103,11 @@ func (c *Config) TokenSource(ctx context.Context) (oauth2.TokenSource, error) {
|
|||
// because the unit test URLs are mocked, and would otherwise fail the
|
||||
// validity check.
|
||||
func (c *Config) tokenSource(ctx context.Context, tokenURLValidPats []*regexp.Regexp, impersonateURLValidPats []*regexp.Regexp, scheme string) (oauth2.TokenSource, error) {
|
||||
// Check the validity of TokenURL.
|
||||
valid := validateURL(c.TokenURL, tokenURLValidPats, scheme)
|
||||
if !valid {
|
||||
return nil, fmt.Errorf("oauth2/google: invalid TokenURL provided while constructing tokenSource")
|
||||
}
|
||||
|
||||
// If ServiceAccountImpersonationURL is present, check its validity.
|
||||
if c.ServiceAccountImpersonationURL != "" {
|
||||
valid := validateURL(c.ServiceAccountImpersonationURL, impersonateURLValidPats, scheme)
|
||||
if !valid {
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
"io/ioutil"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"regexp"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
|
@ -101,27 +100,26 @@ func TestToken(t *testing.T) {
|
|||
func TestValidateURLTokenURL(t *testing.T) {
|
||||
var urlValidityTests = []struct {
|
||||
tokURL string
|
||||
pattern []*regexp.Regexp
|
||||
expectSuccess bool
|
||||
}{
|
||||
{"https://east.sts.googleapis.com", validTokenURLPatterns, true},
|
||||
{"https://sts.googleapis.com", validTokenURLPatterns, true},
|
||||
{"https://sts.asfeasfesef.googleapis.com", validTokenURLPatterns, true},
|
||||
{"https://us-east-1-sts.googleapis.com", validTokenURLPatterns, true},
|
||||
{"https://sts.googleapis.com/your/path/here", validTokenURLPatterns, true},
|
||||
{"https://.sts.googleapis.com", validTokenURLPatterns, false},
|
||||
{"https://badsts.googleapis.com", validTokenURLPatterns, false},
|
||||
{"https://sts.asfe.asfesef.googleapis.com", validTokenURLPatterns, false},
|
||||
{"https://sts..googleapis.com", validTokenURLPatterns, false},
|
||||
{"https://-sts.googleapis.com", validTokenURLPatterns, false},
|
||||
{"https://us-ea.st-1-sts.googleapis.com", validTokenURLPatterns, false},
|
||||
{"https://sts.googleapis.com.evil.com/whatever/path", validTokenURLPatterns, false},
|
||||
{"https://us-eas\\t-1.sts.googleapis.com", validTokenURLPatterns, false},
|
||||
{"https:/us-ea/st-1.sts.googleapis.com", validTokenURLPatterns, false},
|
||||
{"https:/us-east 1.sts.googleapis.com", validTokenURLPatterns, false},
|
||||
{"https://", validTokenURLPatterns, false},
|
||||
{"http://us-east-1.sts.googleapis.com", validTokenURLPatterns, false},
|
||||
{"https://us-east-1.sts.googleapis.comevil.com", validTokenURLPatterns, false},
|
||||
{"https://east.sts.googleapis.com", true},
|
||||
{"https://sts.googleapis.com", true},
|
||||
{"https://sts.asfeasfesef.googleapis.com", true},
|
||||
{"https://us-east-1-sts.googleapis.com", true},
|
||||
{"https://sts.googleapis.com/your/path/here", true},
|
||||
{"https://.sts.googleapis.com", false},
|
||||
{"https://badsts.googleapis.com", false},
|
||||
{"https://sts.asfe.asfesef.googleapis.com", false},
|
||||
{"https://sts..googleapis.com", false},
|
||||
{"https://-sts.googleapis.com", false},
|
||||
{"https://us-ea.st-1-sts.googleapis.com", false},
|
||||
{"https://sts.googleapis.com.evil.com/whatever/path", false},
|
||||
{"https://us-eas\\t-1.sts.googleapis.com", false},
|
||||
{"https:/us-ea/st-1.sts.googleapis.com", false},
|
||||
{"https:/us-east 1.sts.googleapis.com", false},
|
||||
{"https://", false},
|
||||
{"http://us-east-1.sts.googleapis.com", false},
|
||||
{"https://us-east-1.sts.googleapis.comevil.com", false},
|
||||
}
|
||||
ctx := context.Background()
|
||||
for _, tt := range urlValidityTests {
|
||||
|
|
@ -158,27 +156,26 @@ func TestValidateURLTokenURL(t *testing.T) {
|
|||
func TestValidateURLImpersonateURL(t *testing.T) {
|
||||
var urlValidityTests = []struct {
|
||||
impURL string
|
||||
pattern []*regexp.Regexp
|
||||
expectSuccess bool
|
||||
}{
|
||||
{"https://east.iamcredentials.googleapis.com", validImpersonateURLPatterns, true},
|
||||
{"https://iamcredentials.googleapis.com", validImpersonateURLPatterns, true},
|
||||
{"https://iamcredentials.asfeasfesef.googleapis.com", validImpersonateURLPatterns, true},
|
||||
{"https://us-east-1-iamcredentials.googleapis.com", validImpersonateURLPatterns, true},
|
||||
{"https://iamcredentials.googleapis.com/your/path/here", validImpersonateURLPatterns, true},
|
||||
{"https://.iamcredentials.googleapis.com", validImpersonateURLPatterns, false},
|
||||
{"https://badiamcredentials.googleapis.com", validImpersonateURLPatterns, false},
|
||||
{"https://iamcredentials.asfe.asfesef.googleapis.com", validImpersonateURLPatterns, false},
|
||||
{"https://iamcredentials..googleapis.com", validImpersonateURLPatterns, false},
|
||||
{"https://-iamcredentials.googleapis.com", validImpersonateURLPatterns, false},
|
||||
{"https://us-ea.st-1-iamcredentials.googleapis.com", validImpersonateURLPatterns, false},
|
||||
{"https://iamcredentials.googleapis.com.evil.com/whatever/path", validImpersonateURLPatterns, false},
|
||||
{"https://us-eas\\t-1.iamcredentials.googleapis.com", validImpersonateURLPatterns, false},
|
||||
{"https:/us-ea/st-1.iamcredentials.googleapis.com", validImpersonateURLPatterns, false},
|
||||
{"https:/us-east 1.iamcredentials.googleapis.com", validImpersonateURLPatterns, false},
|
||||
{"https://", validImpersonateURLPatterns, false},
|
||||
{"http://us-east-1.iamcredentials.googleapis.com", validImpersonateURLPatterns, false},
|
||||
{"https://us-east-1.iamcredentials.googleapis.comevil.com", validImpersonateURLPatterns, false},
|
||||
{"https://east.iamcredentials.googleapis.com", true},
|
||||
{"https://iamcredentials.googleapis.com", true},
|
||||
{"https://iamcredentials.asfeasfesef.googleapis.com", true},
|
||||
{"https://us-east-1-iamcredentials.googleapis.com", true},
|
||||
{"https://iamcredentials.googleapis.com/your/path/here", true},
|
||||
{"https://.iamcredentials.googleapis.com", false},
|
||||
{"https://badiamcredentials.googleapis.com", false},
|
||||
{"https://iamcredentials.asfe.asfesef.googleapis.com", false},
|
||||
{"https://iamcredentials..googleapis.com", false},
|
||||
{"https://-iamcredentials.googleapis.com", false},
|
||||
{"https://us-ea.st-1-iamcredentials.googleapis.com", false},
|
||||
{"https://iamcredentials.googleapis.com.evil.com/whatever/path", false},
|
||||
{"https://us-eas\\t-1.iamcredentials.googleapis.com", false},
|
||||
{"https:/us-ea/st-1.iamcredentials.googleapis.com", false},
|
||||
{"https:/us-east 1.iamcredentials.googleapis.com", false},
|
||||
{"https://", false},
|
||||
{"http://us-east-1.iamcredentials.googleapis.com", false},
|
||||
{"https://us-east-1.iamcredentials.googleapis.comevil.com", false},
|
||||
}
|
||||
ctx := context.Background()
|
||||
for _, tt := range urlValidityTests {
|
||||
|
|
|
|||
Loading…
Reference in New Issue