added url validation, more nagtive tests

intelsdi-x · Feb 10, 2017 · 3c8774a · 3c8774a
1 parent d8782d1
commit 3c8774a
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 36 deletions.
diff --git a/mgmt/rest/server.go b/mgmt/rest/server.go
@@ -309,6 +309,19 @@ func (s *Server) addRoutes() {
 }
 
 func (s *Server) getAllowedOrigins(corsd string) ([]string, error) {
+	// Avoids validating URL panics.
+	defer func() {
+		if r := recover(); r != nil {
+			var ok bool
+			err, ok := r.(error)
+			if !ok {
+				err = fmt.Errorf("pkg: %v", r)
+				fmt.Println(err)
+			}
+		}
+
+	}()
+
 	if corsd == "" {
 		return []string{}, nil
 	}
@@ -321,9 +334,12 @@ func (s *Server) getAllowedOrigins(corsd string) ([]string, error) {
 		to := strings.TrimSpace(o)
 
 		// Validates Origin formation
-		_, err := url.ParseRequestURI(to)
-		if err != nil {
-			return []string{}, fmt.Errorf("Invalid origin found %s", to)
+		u, err := url.Parse(to)
+
+		// Checks if scheme or host exists when no error occured.
+		if err != nil || u.Scheme == "" || u.Host == "" {
+			restLogger.Errorf("Invalid origin found %s", to)
+			return []string{}, fmt.Errorf("Invalid origin found: %s.", to)
 		}
 
 		vo = append(vo, to)

diff --git a/mgmt/rest/server_test.go b/mgmt/rest/server_test.go
@@ -22,12 +22,11 @@ limitations under the License.
 package rest
 
 import (
+	"fmt"
 	"net/url"
 	"strings"
 	"testing"
 
-	"fmt"
-
 	"github.com/intelsdi-x/snap/pkg/cfgfile"
 	. "github.com/smartystreets/goconvey/convey"
 	"github.com/urfave/negroni"
@@ -180,13 +179,23 @@ type mockServer struct {
 func NewMockServer(cfg *Config) (*mockServer, []string, error) {
 	s := &mockServer{}
 	origins, err := s.getAllowedOrigins(cfg.Corsd)
-	if err != nil {
-		return nil, []string{}, err
-	}
-	return s, origins, nil
+
+	return s, origins, err
 }
 
 func (s *mockServer) getAllowedOrigins(corsd string) ([]string, error) {
+	defer func() {
+		if r := recover(); r != nil {
+			var ok bool
+			err, ok := r.(error)
+			if !ok {
+				err = fmt.Errorf("pkg: %v", r)
+				fmt.Println(err)
+			}
+		}
+
+	}()
+
 	if corsd == "" {
 		return []string{}, nil
 	}
@@ -195,19 +204,20 @@ func (s *mockServer) getAllowedOrigins(corsd string) ([]string, error) {
 	s.allowedOrigins = map[string]bool{}
 
 	os := strings.Split(corsd, ",")
-
 	for _, o := range os {
 		to := strings.TrimSpace(o)
 
 		// Validates Origin formation
 		u, err := url.Parse(to)
-		if err != nil || u == nil {
-			fmt.Println("EEERRRROOOOO", err)
-			return []string{}, fmt.Errorf("Invalid origin found %s", to)
+
+		// Checks if scheme or host exists when no error occured.
+		if err != nil || u.Scheme == "" || u.Host == "" {
+			restLogger.Errorf("Invalid origin found %s", to)
+			return []string{}, fmt.Errorf("Invalid origin found: %s.", to)
 		}
 
-		// 	vo = append(vo, to)
-		// 	s.allowedOrigins[to] = true
+		vo = append(vo, to)
+		s.allowedOrigins[to] = true
 	}
 	return vo, nil
 }
@@ -217,23 +227,23 @@ func TestRestAPICorsd(t *testing.T) {
 
 	Convey("Test cors origin list", t, func() {
 
-		// Convey("Origins are valid", func() {
-		// 	cfg.Corsd = "http://127.0.0.1:80, http://example.com"
-		// 	s, o, err := NewMockServer(cfg)
+		Convey("Origins are valid", func() {
+			cfg.Corsd = "http://127.0.0.1:80, http://example.com"
+			s, o, err := NewMockServer(cfg)
 
-		// 	So(len(s.allowedOrigins), ShouldEqual, 2)
-		// 	So(len(o), ShouldEqual, 2)
-		// 	So(err, ShouldBeNil)
-		// })
+			So(len(s.allowedOrigins), ShouldEqual, 2)
+			So(len(o), ShouldEqual, 2)
+			So(err, ShouldBeNil)
+		})
 
-		// Convey("Origins have a wrong separator", func() {
-		// 	cfg.Corsd = "http://127.0.0.1:80; http://example.com"
-		// 	s, o, err := NewMockServer(cfg)
+		Convey("Origins have a wrong separator", func() {
+			cfg.Corsd = "http://127.0.0.1:80; http://example.com"
+			s, o, err := NewMockServer(cfg)
 
-		// 	So(err, ShouldNotBeNil)
-		// 	So(len(s.allowedOrigins), ShouldEqual, 0)
-		// 	So(len(o), ShouldEqual, 0)
-		// })
+			So(err, ShouldNotBeNil)
+			So(len(s.allowedOrigins), ShouldEqual, 0)
+			So(len(o), ShouldEqual, 0)
+		})
 
 		Convey("Origin misses scheme", func() {
 			cfg.Corsd = "127.0.0.1:80, http://example.com"
@@ -244,13 +254,13 @@ func TestRestAPICorsd(t *testing.T) {
 			So(len(o), ShouldEqual, 0)
 		})
 
-		// Convey("Origin is malformed", func() {
-		// 	cfg.Corsd = "http://127.0.0.1:80, http@example.com"
-		// 	s, o, err := NewMockServer(cfg)
+		Convey("Origin is malformed", func() {
+			cfg.Corsd = "http://127.0.0.1:80, http://snap.io, http@example.com"
+			s, o, err := NewMockServer(cfg)
 
-		// 	So(err, ShouldNotBeNil)
-		// 	So(len(s.allowedOrigins), ShouldEqual, 0)
-		// 	So(len(o), ShouldEqual, 0)
-		// })
+			So(err, ShouldNotBeNil)
+			So(len(s.allowedOrigins), ShouldEqual, 2)
+			So(len(o), ShouldEqual, 0)
+		})
 	})
 }