revert: drop nginx safe string validation changes#12076
revert: drop nginx safe string validation changes#12076wanghe-fit2cloud merged 1 commit intodev-v2from
Conversation
|
Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 22d5e129a2
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| location.UpdateDirective("proxy_pass", []string{req.ProxyPass}) | ||
| location.UpdateDirective("proxy_set_header", []string{"Host", req.ProxyHost}) |
There was a problem hiding this comment.
OperateProxy now writes req.ProxyPass and req.ProxyHost directly into nginx directives, but request.WebsiteProxyConfig only enforces required and DumpDirective serializes parameters verbatim (no escaping), so inputs containing ; or newline can inject extra directives or leave the generated proxy config invalid. This is a regression from the previous validation path and allows a crafted API payload to alter nginx behavior beyond the intended proxy fields.
Useful? React with 👍 / 👎.
| return | ||
| } | ||
| location.UpdateDirective("proxy_pass", []string{safePass}) | ||
| location.UpdateDirective("proxy_pass", []string{fmt.Sprintf("http://127.0.0.1:%d%s", server.Port, proxyPath)}) |
There was a problem hiding this comment.
The MCP bind flow now interpolates server.StreamableHttpPath/server.SsePath directly into proxy_pass, and those values come from create/update requests without strict format validation; because nginx config dumping does not escape directive separators, a path containing control characters or ; can inject unintended directives or break nginx syntax in generated /proxy/*.conf files. Reintroducing URL/path safety checks here is necessary to prevent config injection and reload failures.
Useful? React with 👍 / 👎.
| return err | ||
| } | ||
| location.UpdateDirective("auth_basic_user_file", []string{safePass}) | ||
| location.UpdateDirective("auth_basic_user_file", []string{fmt.Sprintf("/www/sites/%s/path_auth/pass/%s", website.Alias, fmt.Sprintf("%s.pass", req.Name))}) |
There was a problem hiding this comment.
This now embeds req.Name directly in auth_basic_user_file; the current path.Base check only prevents traversal and still allows nginx metacharacters/control characters, which are emitted raw when writing directives. A crafted auth name can therefore terminate or extend the directive in the generated path-auth config, causing unintended directives or persistent syntax errors during auth updates.
Useful? React with 👍 / 👎.
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: wanghe-fit2cloud The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Refs #12072