Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MINOR: Refine route-acl rules to prevent unintended prefix matches #692

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

MINOR: Refine route-acl rules to prevent unintended prefix matches #692

wants to merge 2 commits into from
+6 −8

Conversation

fabianonunes
Copy link
Contributor

@fabianonunes fabianonunes commented Jan 9, 2025
edited
Loading

Since route-acl annotated rules take precedence over others, this PR updates its behavior to ensure they do not unintentionally overwrite other rules that share the same word prefix.

For example, a rule matching the path prefix /api should not inadvertently handle requests to /apiary.

To address this, the rule { path -m beg /api } has been replaced with a alternative that validates the URL's termination, ensuring it matches only /api$ or /api/.*:

# before this PR:
use_backend app_api_http if { var(txn.host) -m str api.demo } { path -m beg /api } { ... }

# after:
use_backend app_api_http if { var(txn.host) -m str api.demo } { path -m reg ^/api($|/) } { ... }

For better maintainability, this PR also refactors the AddCustomRoute function to eliminate redundancy introduced in commit c28d620. The updated code removes repetition without add extra spaces.

@fabianonunes
MINOR: remove redundancy in AddCustomRoute function logic
1fba224 
Refactors the `AddCustomRoute` function to eliminate redundancy introduced in commit c28d620.
The updated code removes repetition without add extra spaces.
@fabianonunes fabianonunes mentioned this pull request Jan 9, 2025
Closed
@fabianonunes fabianonunes marked this pull request as draft January 9, 2025 11:14
@fabianonunes fabianonunes force-pushed the route-acl-prefix-match branch 4 times, most recently from 51c67af to 7f273cc Compare January 9, 2025 11:25
@fabianonunes
MINOR: Refine route-acl rules to prevent unintended prefix matches
d40fa9d 
Since `route-acl` annotated rules take precedence over others, this
commit updates its behavior to ensure they do not unintentionally
overwrite other rules that share the same prefix.

For example, a rule matching the path /api should not inadvertently
handle requests to /apiary.
@fabianonunes fabianonunes force-pushed the route-acl-prefix-match branch from 7f273cc to d40fa9d Compare January 9, 2025 11:31
@fabianonunes fabianonunes marked this pull request as ready for review January 9, 2025 12:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@fabianonunes