istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/config/analysis/analyzers/virtualservice/regexes.go (about) 1 // Copyright Istio Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package virtualservice 16 17 import ( 18 "fmt" 19 "regexp" 20 21 "istio.io/api/networking/v1alpha3" 22 "istio.io/istio/pkg/config" 23 "istio.io/istio/pkg/config/analysis" 24 "istio.io/istio/pkg/config/analysis/analyzers/util" 25 "istio.io/istio/pkg/config/analysis/msg" 26 "istio.io/istio/pkg/config/resource" 27 "istio.io/istio/pkg/config/schema/gvk" 28 ) 29 30 // RegexAnalyzer checks all regexes in a virtual service 31 type RegexAnalyzer struct{} 32 33 var _ analysis.Analyzer = &RegexAnalyzer{} 34 35 // Metadata implements Analyzer 36 func (a *RegexAnalyzer) Metadata() analysis.Metadata { 37 return analysis.Metadata{ 38 Name: "virtualservice.RegexAnalyzer", 39 Description: "Checks regex syntax", 40 Inputs: []config.GroupVersionKind{ 41 gvk.VirtualService, 42 }, 43 } 44 } 45 46 // Analyze implements Analyzer 47 func (a *RegexAnalyzer) Analyze(ctx analysis.Context) { 48 ctx.ForEach(gvk.VirtualService, func(r *resource.Instance) bool { 49 a.analyzeVirtualService(r, ctx) 50 return true 51 }) 52 } 53 54 func (a *RegexAnalyzer) analyzeVirtualService(r *resource.Instance, ctx analysis.Context) { 55 vs := r.Message.(*v1alpha3.VirtualService) 56 57 for i, route := range vs.GetHttp() { 58 for j, m := range route.GetMatch() { 59 60 analyzeStringMatch(r, m.GetUri(), ctx, "uri", 61 fmt.Sprintf(util.URISchemeMethodAuthorityRegexMatch, i, j, "uri")) 62 analyzeStringMatch(r, m.GetScheme(), ctx, "scheme", 63 fmt.Sprintf(util.URISchemeMethodAuthorityRegexMatch, i, j, "scheme")) 64 analyzeStringMatch(r, m.GetMethod(), ctx, "method", 65 fmt.Sprintf(util.URISchemeMethodAuthorityRegexMatch, i, j, "method")) 66 analyzeStringMatch(r, m.GetAuthority(), ctx, "authority", 67 fmt.Sprintf(util.URISchemeMethodAuthorityRegexMatch, i, j, "authority")) 68 for key, h := range m.GetHeaders() { 69 analyzeStringMatch(r, h, ctx, "headers", 70 fmt.Sprintf(util.HeaderAndQueryParamsRegexMatch, i, j, "headers", key)) 71 } 72 for key, qp := range m.GetQueryParams() { 73 analyzeStringMatch(r, qp, ctx, "queryParams", 74 fmt.Sprintf(util.HeaderAndQueryParamsRegexMatch, i, j, "queryParams", key)) 75 } 76 // We don't validate withoutHeaders, because they are undocumented 77 } 78 for j, origin := range route.GetCorsPolicy().GetAllowOrigins() { 79 analyzeStringMatch(r, origin, ctx, "corsPolicy.allowOrigins", 80 fmt.Sprintf(util.AllowOriginsRegexMatch, i, j)) 81 } 82 } 83 } 84 85 func analyzeStringMatch(r *resource.Instance, sm *v1alpha3.StringMatch, ctx analysis.Context, where string, key string) { 86 re := sm.GetRegex() 87 if re == "" { 88 return 89 } 90 91 _, err := regexp.Compile(re) 92 if err == nil { 93 return 94 } 95 96 m := msg.NewInvalidRegexp(r, where, re, err.Error()) 97 98 // Get line number for different match field 99 if line, ok := util.ErrorLine(r, key); ok { 100 m.Line = line 101 } 102 103 ctx.Report(gvk.VirtualService, m) 104 }