diff options
Diffstat (limited to 'lib/policy/config')
| -rw-r--r-- | lib/policy/config/config.go | 13 | ||||
| -rw-r--r-- | lib/policy/config/testdata/bad/regex_ends_newline.json | 21 | ||||
| -rw-r--r-- | lib/policy/config/testdata/bad/regex_ends_newline.yaml | 17 |
3 files changed, 51 insertions, 0 deletions
diff --git a/lib/policy/config/config.go b/lib/policy/config/config.go index 627e9cf..c670bac 100644 --- a/lib/policy/config/config.go +++ b/lib/policy/config/config.go @@ -24,6 +24,7 @@ var ( ErrInvalidPathRegex = errors.New("config.Bot: invalid path regex") ErrInvalidHeadersRegex = errors.New("config.Bot: invalid headers regex") ErrInvalidCIDR = errors.New("config.Bot: invalid CIDR") + ErrRegexEndsWithNewline = errors.New("config.Bot: regular expression ends with newline (try >- instead of > in yaml)") ErrInvalidImportStatement = errors.New("config.ImportStatement: invalid source file") ErrCantSetBotAndImportValuesAtOnce = errors.New("config.BotOrImport: can't set bot rules and import values at the same time") ErrMustSetBotOrImportRules = errors.New("config.BotOrImport: rule definition is invalid, you must set either bot rules or an import statement, not both") @@ -91,12 +92,20 @@ func (b BotConfig) Valid() error { } if b.UserAgentRegex != nil { + if strings.HasSuffix(*b.UserAgentRegex, "\n") { + errs = append(errs, fmt.Errorf("%w: user agent regex: %q", ErrRegexEndsWithNewline, *b.UserAgentRegex)) + } + if _, err := regexp.Compile(*b.UserAgentRegex); err != nil { errs = append(errs, ErrInvalidUserAgentRegex, err) } } if b.PathRegex != nil { + if strings.HasSuffix(*b.PathRegex, "\n") { + errs = append(errs, fmt.Errorf("%w: path regex: %q", ErrRegexEndsWithNewline, *b.PathRegex)) + } + if _, err := regexp.Compile(*b.PathRegex); err != nil { errs = append(errs, ErrInvalidPathRegex, err) } @@ -108,6 +117,10 @@ func (b BotConfig) Valid() error { continue } + if strings.HasSuffix(expr, "\n") { + errs = append(errs, fmt.Errorf("%w: header %s regex: %q", ErrRegexEndsWithNewline, name, expr)) + } + if _, err := regexp.Compile(expr); err != nil { errs = append(errs, ErrInvalidHeadersRegex, err) } diff --git a/lib/policy/config/testdata/bad/regex_ends_newline.json b/lib/policy/config/testdata/bad/regex_ends_newline.json new file mode 100644 index 0000000..14c7fa9 --- /dev/null +++ b/lib/policy/config/testdata/bad/regex_ends_newline.json @@ -0,0 +1,21 @@ +{ + "bots": [ + { + "name": "user-agent-ends-newline", + "user_agent_regex": "Mozilla\n", + "action": "CHALLENGE" + }, + { + "name": "path-ends-newline", + "path_regex": "^/evil/.*$\n", + "action": "CHALLENGE" + }, + { + "name": "headers-ends-newline", + "headers_regex": { + "CF-Worker": ".*\n" + }, + "action": "CHALLENGE" + } + ] +} diff --git a/lib/policy/config/testdata/bad/regex_ends_newline.yaml b/lib/policy/config/testdata/bad/regex_ends_newline.yaml new file mode 100644 index 0000000..1f0ae85 --- /dev/null +++ b/lib/policy/config/testdata/bad/regex_ends_newline.yaml @@ -0,0 +1,17 @@ +bots: +- name: user-agent-ends-newline + # Subtle bug: this ends with a newline + user_agent_regex: > + Mozilla + action: CHALLENGE +- name: path-ends-newline + # Subtle bug: this ends with a newline + path_regex: > + ^/evil/.*$ + action: CHALLENGE +- name: headers-ends-newline + # Subtle bug: this ends with a newline + headers_regex: + CF-Worker: > + .* + action: CHALLENGE
\ No newline at end of file |