-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Project refactor #13
Project refactor #13
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't have a strong opinion on the overall shape of this, as I don't have a good sense of what's idiomatic for golang, but it seems reasonable enough. Some minor issues mentioned inline.
project: usersec | ||
action: enforce | ||
allowed_domains: | ||
- '$example1\.com$' # Matches all Lyft+subdomains |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
bogus comment
@@ -0,0 +1,18 @@ | |||
broken: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file should probably have comments explaining why it's broken.
project: usersec | ||
action: enforce | ||
allowed_domains: | ||
- '^example1\.com$' # Matches all Lyft+subdomains |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
bogus comment
project: usersec | ||
action: enforce | ||
allowed_domains: | ||
- 'example1\.com$' # Matches all Lyft+subdomains |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
bogus comment
cmd/smokescreen/smokescreen.go
Outdated
|
||
app := cli.NewApp() | ||
app.Name = "smokescreen" | ||
app.Usage = "A simple HTTP proxy that fogs over naughty URLs" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about "...that prevents SSRF and can restrict destinations" or something else less cutesy and more practical?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not against that. I just took that from the repo description on github.com/stripe/smokescreen.
internal/pkg/egressacl/yaml.go
Outdated
"regexp" | ||
) | ||
|
||
type EgressAclYamlEntry struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The class naming is kind of weird here-- EgressAclConfiguration
maps directly to the YAML configuration file, but EgressAclYaml
and EgressAclYamlEntry
are the internal config format that doesn't map directly to YAML.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I was a bit lenient with this one since it's just an implementation detail behind an interface. I hear you though!
ptal @rlk-stripe |
|
||
import "github.com/stretchr/testify/assert" | ||
import "github.com/stripe/smokescreen/pkg/egressacl/decision" | ||
import "testing" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this is gofmt'd correctly?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It did!
lgtm |
de0ba18
to
20bbe53
Compare
20bbe53
to
b388f1b
Compare
r?: @rlk-stripe
This PR kills some globals and parameterizes parts of Smokescreen.