fix validations

nikola-jokic · nikola-jokic · commit 323eb91c2f19 · 2025-05-16T11:12:52.000+02:00
diff --git a/proxyconfig/proxyconfig.go b/proxyconfig/proxyconfig.go
@@ -21,19 +21,23 @@ func (pc *ProxyConfig) Validate() error {
 	}
 
 	if pc.HTTP != nil {
-		_, err := url.Parse(pc.HTTP.URL)
+		_, err := url.ParseRequestURI(pc.HTTP.URL)
 		if err != nil {
 			return fmt.Errorf("proxy http set with invalid url: %v", err)
 		}
 	}
 	if pc.HTTPS != nil {
-		_, err := url.Parse(pc.HTTPS.URL)
+		_, err := url.ParseRequestURI(pc.HTTPS.URL)
 		if err != nil {
 			return fmt.Errorf("proxy https set with invalid url: %v", err)
 		}
 	}
 
-	// TODO: maybe validate noproxy?
+	for _, u := range pc.NoProxy {
+		if _, err := url.ParseRequestURI(u); err != nil {
+			return fmt.Errorf("proxy no_proxy set with invalid url: %v", err)
+		}
+	}
 	return nil
 }
 
diff --git a/vault/azurekeyvault/config.go b/vault/azurekeyvault/config.go
@@ -32,14 +32,18 @@ func (c *Config) Validate() error {
 	if c.ClientID == "" {
 		return errors.New("client_id is not set")
 	}
-	if _, err := url.Parse(c.URL); err != nil {
+	if _, err := url.ParseRequestURI(c.URL); err != nil {
 		return fmt.Errorf("failed to parse url: %v", err)
 	}
 
-	if c.CertPath != "" {
+	if c.CertPath == "" {
 		return errors.New("cert path must be provided")
 	}
 
+	if _, err := os.Stat(c.CertPath); err != nil {
+		return fmt.Errorf("cert path %q does not exist: %v", c.CertPath, err)
+	}
+
 	if err := c.Proxy.Validate(); err != nil {
 		return fmt.Errorf("proxy validation failed: %v", err)
 	}
diff --git a/vault/azurekeyvault/config_test.go b/vault/azurekeyvault/config_test.go
@@ -2,6 +2,7 @@ package azurekeyvault
 
 import (
 	"os"
+	"path/filepath"
 	"testing"
 
 	"github.com/actions/actions-runner-controller/proxyconfig"
@@ -98,16 +99,6 @@ func TestValidate_valid(t *testing.T) {
 	clientID := "clientID"
 	url := "https://example.com"
 
-	cp, err := os.CreateTemp("", "")
-	require.NoError(t, err)
-	err = cp.Close()
-	require.NoError(t, err)
-	certPath := cp.Name()
-
-	t.Cleanup(func() {
-		os.Remove(certPath)
-	})
-
 	proxy := &proxyconfig.ProxyConfig{
 		HTTP: &proxyconfig.ProxyServerConfig{
 			URL:      "http://httpconfig.com",
@@ -124,15 +115,10 @@ func TestValidate_valid(t *testing.T) {
 		},
 	}
 
+	certPath, err := filepath.Abs("testdata/server.crt")
+	require.NoError(t, err)
+
 	tt := map[string]*Config{
-		"with jwt": {
-			TenantID:     tenantID,
-			ClientID:     clientID,
-			URL:          url,
-			CertPath:     "",
-			CertPassword: "",
-			Proxy:        proxy,
-		},
 		"with cert": {
 			TenantID:     tenantID,
 			ClientID:     clientID,
diff --git a/vault/azurekeyvault/testdata/server.crt b/vault/azurekeyvault/testdata/server.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDOjCCAiKgAwIBAgIUQr7R8yN5+2and6ucUOPF6oIbD48wDQYJKoZIhvcNAQEL
+BQAwFzEVMBMGA1UEAwwMVGVzdCBSb290IENBMB4XDTI1MDIyODEyMDEzMFoXDTI2
+MDcxMzEyMDEzMFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA4oL2hAPQlDVaNJru5fIstkpoVSuam0vpswC7ciRc
+XQRjF3q8kjtIA7+jdySsKJqOLGnybDX3awvRyKMEjq11IfnZLjZc+FzTlA+x4z0h
+MHb0GiBFXKNzrExGI9F0KEPtFxcMIqZ119LY2ReexxWkZBQYlgTepaevp71za4c2
+n4Zy1+0iS5+uklZ4ANKMTBGlN76Qgt530VnpNiIeUbiUzY58Vx4q7kFcUv/oSz8p
+rbXr+/GGpAjrOc6/JsezRE8YK2po60dvV80TJ2Jt6pduvF7OSQnq/v4mJl1xuXKl
+Byo9HLbeu3BuVRWQs2/EwEzx5kX3Ugysl9Bm44K2yKe9/QIDAQABo4GAMH4wHwYD
+VR0jBBgwFoAUfd/q0BY4fkVBV3X+HWzXH0toW08wCQYDVR0TBAIwADALBgNVHQ8E
+BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEfwAAATAdBgNV
+HQ4EFgQUe0rTTfWjho3hgeLTnajTCpddo2MwDQYJKoZIhvcNAQELBQADggEBAIR2
+5zkA7rPnddxCunsz8Jjq3wyhR/KiAFz+RGeFeiXDkF2fWr7QIQ9KbFbv8tpfXR7P
+B75bY0sXwutHMB2sZDi92cH5sthNBfp19fI35cxcU4oTPxp4UZJKEiA3Qx8y73CX
+NJu1009nPdOJNlIboDGAFdZ5SH6RCh+YcQZ68kjHPWBIpXxLbs9FN3QmpbAvtLh1
+PoPaSy7IjKmxm1u+Lf6tyIn2IiB3MiynaB3OKvbkLCseM/5SZKMk6WKSDWopOCJr
+xciPOc+yeLz5I2Omn0uViOIIciqjlgxncWAyNtDgvJcecwqB2cPiIhk6GY0QZ1uM
+e7KoqGzWXvWLqJ13a9U=
+-----END CERTIFICATE-----
diff --git a/vault/vault_test.go b/vault/vault_test.go

Original file line number	Diff line number	Diff line change
`@@ -21,19 +21,23 @@ func (pc *ProxyConfig) Validate() error {`
`21`	`21`	`}`
`22`	`22`
`23`	`23`	`if pc.HTTP != nil {`
`24`		`- _, err := url.Parse(pc.HTTP.URL)`
	`24`	`+ _, err := url.ParseRequestURI(pc.HTTP.URL)`
`25`	`25`	`if err != nil {`
`26`	`26`	`return fmt.Errorf("proxy http set with invalid url: %v", err)`
`27`	`27`	`}`
`28`	`28`	`}`
`29`	`29`	`if pc.HTTPS != nil {`
`30`		`- _, err := url.Parse(pc.HTTPS.URL)`
	`30`	`+ _, err := url.ParseRequestURI(pc.HTTPS.URL)`
`31`	`31`	`if err != nil {`
`32`	`32`	`return fmt.Errorf("proxy https set with invalid url: %v", err)`
`33`	`33`	`}`
`34`	`34`	`}`
`35`	`35`
`36`		`- // TODO: maybe validate noproxy?`
	`36`	`+ for _, u := range pc.NoProxy {`
	`37`	`+ if _, err := url.ParseRequestURI(u); err != nil {`
	`38`	`+ return fmt.Errorf("proxy no_proxy set with invalid url: %v", err)`
	`39`	`+ }`
	`40`	`+ }`
`37`	`41`	`return nil`
`38`	`42`	`}`
`39`	`43`
Original file line number	Diff line number	Diff line change
`@@ -32,14 +32,18 @@ func (c *Config) Validate() error {`
`32`	`32`	`if c.ClientID == "" {`
`33`	`33`	`return errors.New("client_id is not set")`
`34`	`34`	`}`
`35`		`- if _, err := url.Parse(c.URL); err != nil {`
	`35`	`+ if _, err := url.ParseRequestURI(c.URL); err != nil {`
`36`	`36`	`return fmt.Errorf("failed to parse url: %v", err)`
`37`	`37`	`}`
`38`	`38`
`39`		`- if c.CertPath != "" {`
	`39`	`+ if c.CertPath == "" {`
`40`	`40`	`return errors.New("cert path must be provided")`
`41`	`41`	`}`
`42`	`42`
	`43`	`+ if _, err := os.Stat(c.CertPath); err != nil {`
	`44`	`+ return fmt.Errorf("cert path %q does not exist: %v", c.CertPath, err)`
	`45`	`+ }`
	`46`	`+`
`43`	`47`	`if err := c.Proxy.Validate(); err != nil {`
`44`	`48`	`return fmt.Errorf("proxy validation failed: %v", err)`
`45`	`49`	`}`