github.com/imran-kn/cilium-fork@v1.6.9/pkg/policy/api/http.go

github.com/imran-kn/cilium-fork@v1.6.9/pkg/policy/api/http.go (about)

     1  // Copyright 2016-2017 Authors of Cilium
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package api
    16  
    17  import "regexp"
    18  
    19  // PortRuleHTTP is a list of HTTP protocol constraints. All fields are
    20  // optional, if all fields are empty or missing, the rule does not have any
    21  // effect.
    22  //
    23  // All fields of this type are extended POSIX regex as defined by IEEE Std
    24  // 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax)
    25  // matched against the path of an incoming request. Currently it can contain
    26  // characters disallowed from the conventional "path" part of a URL as defined
    27  // by RFC 3986.
    28  type PortRuleHTTP struct {
    29  	// Path is an extended POSIX regex matched against the path of a
    30  	// request. Currently it can contain characters disallowed from the
    31  	// conventional "path" part of a URL as defined by RFC 3986.
    32  	//
    33  	// If omitted or empty, all paths are all allowed.
    34  	//
    35  	// +optional
    36  	Path string `json:"path,omitempty"`
    37  
    38  	// Method is an extended POSIX regex matched against the method of a
    39  	// request, e.g. "GET", "POST", "PUT", "PATCH", "DELETE", ...
    40  	//
    41  	// If omitted or empty, all methods are allowed.
    42  	//
    43  	// +optional
    44  	Method string `json:"method,omitempty"`
    45  
    46  	// Host is an extended POSIX regex matched against the host header of a
    47  	// request, e.g. "foo.com"
    48  	//
    49  	// If omitted or empty, the value of the host header is ignored.
    50  	//
    51  	// +optional
    52  	Host string `json:"host,omitempty"`
    53  
    54  	// Headers is a list of HTTP headers which must be present in the
    55  	// request. If omitted or empty, requests are allowed regardless of
    56  	// headers present.
    57  	//
    58  	// +optional
    59  	Headers []string `json:"headers,omitempty"`
    60  }
    61  
    62  // Sanitize sanitizes HTTP rules. It ensures that the path and method fields
    63  // are valid regular expressions. Note that the proxy may support a wider-range
    64  // of regular expressions (e.g. that specified by ECMAScript), so this function
    65  // may return some false positives. If the rule is invalid, returns an error.
    66  func (h *PortRuleHTTP) Sanitize() error {
    67  
    68  	if h.Path != "" {
    69  		_, err := regexp.Compile(h.Path)
    70  		if err != nil {
    71  			return err
    72  		}
    73  	}
    74  
    75  	if h.Method != "" {
    76  		_, err := regexp.Compile(h.Method)
    77  		if err != nil {
    78  			return err
    79  		}
    80  	}
    81  
    82  	// Headers are not sanitized.
    83  	return nil
    84  }