From 6ecd78ad826080e2d98362d078b8d139234b1d29 Mon Sep 17 00:00:00 2001
From: Rudolf Meijering <skaapgif@gmail.com>
Date: Wed, 17 Jun 2020 12:28:14 +0200
Subject: [PATCH] Fixes #69344: Don't allow empty string for server.basePath
 config

---
 .../server/http/__snapshots__/http_config.test.ts.snap    | 2 ++
 src/core/server/http/http_config.test.ts                  | 8 ++++++++
 src/core/server/http/http_config.ts                       | 2 +-
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/core/server/http/__snapshots__/http_config.test.ts.snap b/src/core/server/http/__snapshots__/http_config.test.ts.snap
index 07c153a7a8a200..d48ead3cec8e13 100644
--- a/src/core/server/http/__snapshots__/http_config.test.ts.snap
+++ b/src/core/server/http/__snapshots__/http_config.test.ts.snap
@@ -83,6 +83,8 @@ Object {
 
 exports[`throws if basepath appends a slash 1`] = `"[basePath]: must start with a slash, don't end with one"`;
 
+exports[`throws if basepath is an empty string 1`] = `"[basePath]: must start with a slash, don't end with one"`;
+
 exports[`throws if basepath is missing prepended slash 1`] = `"[basePath]: must start with a slash, don't end with one"`;
 
 exports[`throws if basepath is not specified, but rewriteBasePath is set 1`] = `"cannot use [rewriteBasePath] when [basePath] is not specified"`;
diff --git a/src/core/server/http/http_config.test.ts b/src/core/server/http/http_config.test.ts
index 0976bfd56682ec..2979f6b2f34ee6 100644
--- a/src/core/server/http/http_config.test.ts
+++ b/src/core/server/http/http_config.test.ts
@@ -74,6 +74,14 @@ test('throws if basepath appends a slash', () => {
   expect(() => httpSchema.validate(obj)).toThrowErrorMatchingSnapshot();
 });
 
+test('throws if basepath is an empty string', () => {
+  const httpSchema = config.schema;
+  const obj = {
+    basePath: '',
+  };
+  expect(() => httpSchema.validate(obj)).toThrowErrorMatchingSnapshot();
+});
+
 test('throws if basepath is not specified, but rewriteBasePath is set', () => {
   const httpSchema = config.schema;
   const obj = {
diff --git a/src/core/server/http/http_config.ts b/src/core/server/http/http_config.ts
index 289b6539fd7625..e48fea7867a745 100644
--- a/src/core/server/http/http_config.ts
+++ b/src/core/server/http/http_config.ts
@@ -23,7 +23,7 @@ import { hostname } from 'os';
 import { CspConfigType, CspConfig, ICspConfig } from '../csp';
 import { SslConfig, sslSchema } from './ssl_config';
 
-const validBasePathRegex = /(^$|^\/.*[^\/]$)/;
+const validBasePathRegex = /(^\/.*[^\/]$)/;
 const uuidRegexp = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
 
 const match = (regex: RegExp, errorMsg: string) => (str: string) =>