validation

package

v1.2.0 Latest Latest Go to latest Published: Mar 21, 2024 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nginxinc/nginx-gateway-fabric

Links

Open Source Insights

Documentation ¶

Overview ¶

Package validation includes validators to validate values that will propagate to the NGINX configuration.

The validation rules prevent two cases: (1) Invalid values. Such values will cause NGINX to fail to reload the configuration. (2) Malicious values. Such values will cause NGINX to succeed to reload, but will configure NGINX maliciously, outside of the NGF capabilities. For example, configuring NGINX to serve the contents of the file system of its container.

The validation rules are based on the types in the parent config package and how they are used in the NGINX configuration templates. Changes to those might require changing the validation rules.

The rules are much looser for NGINX than for the Gateway API. However, some valid Gateway API values are not valid for NGINX.

Index ¶

type HTTPNJSMatchValidator
type HTTPRedirectValidator
type HTTPRequestHeaderValidator
- func (HTTPRequestHeaderValidator) ValidateRequestHeaderName(name string) error
- func (HTTPRequestHeaderValidator) ValidateRequestHeaderValue(value string) error
type HTTPURLRewriteValidator
- func (HTTPURLRewriteValidator) ValidateRewritePath(path string) error
type HTTPValidator

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type HTTPNJSMatchValidator ¶

type HTTPNJSMatchValidator struct{}

HTTPNJSMatchValidator validates values used for matching a request. The matching is implemented in NJS (except for path matching), so changes to the implementation change the validation rules here.

func (HTTPNJSMatchValidator) ValidateHeaderNameInMatch ¶

func (HTTPNJSMatchValidator) ValidateHeaderNameInMatch(name string) error

func (HTTPNJSMatchValidator) ValidateHeaderValueInMatch ¶

func (HTTPNJSMatchValidator) ValidateHeaderValueInMatch(value string) error

func (HTTPNJSMatchValidator) ValidateMethodInMatch ¶

func (HTTPNJSMatchValidator) ValidateMethodInMatch(method string) (valid bool, supportedValues []string)

func (HTTPNJSMatchValidator) ValidatePathInMatch ¶

func (HTTPNJSMatchValidator) ValidatePathInMatch(path string) error

ValidatePathInMatch a path used in the location directive.

func (HTTPNJSMatchValidator) ValidateQueryParamNameInMatch ¶

func (HTTPNJSMatchValidator) ValidateQueryParamNameInMatch(name string) error

func (HTTPNJSMatchValidator) ValidateQueryParamValueInMatch ¶

func (HTTPNJSMatchValidator) ValidateQueryParamValueInMatch(value string) error

type HTTPRedirectValidator ¶

type HTTPRedirectValidator struct{}

HTTPRedirectValidator validates values for a redirect, which in NGINX is done with the return directive. For example, return 302 "https://example.com:8080";

func (HTTPRedirectValidator) ValidateHostname ¶ added in v1.2.0

func (HTTPRedirectValidator) ValidateHostname(hostname string) error

func (HTTPRedirectValidator) ValidateRedirectPort ¶

func (HTTPRedirectValidator) ValidateRedirectPort(_ int32) error

func (HTTPRedirectValidator) ValidateRedirectScheme ¶

func (HTTPRedirectValidator) ValidateRedirectScheme(scheme string) (valid bool, supportedValues []string)

ValidateRedirectScheme validates a scheme to be used in the return directive for a redirect. NGINX rules are not restrictive, but it is easier to validate just for two allowed values http and https, dictated by the Gateway API spec.

func (HTTPRedirectValidator) ValidateRedirectStatusCode ¶

func (HTTPRedirectValidator) ValidateRedirectStatusCode(statusCode int) (valid bool, supportedValues []string)

ValidateRedirectStatusCode validates a status code to be used in the return directive for a redirect. NGINX allows 0..999. However, let's be conservative and only allow 301 and 302 (the values allowed by the Gateway API spec). Note that in the future, we might reserve some codes for internal redirects, so better not to allow all possible code values. We can always relax the validation later in case there is a need.

type HTTPRequestHeaderValidator ¶

type HTTPRequestHeaderValidator struct{}

HTTPRequestHeaderValidator validates values for request headers, which in NGINX is done with the proxy_set_header directive.

func (HTTPRequestHeaderValidator) ValidateRequestHeaderName ¶

func (HTTPRequestHeaderValidator) ValidateRequestHeaderName(name string) error

func (HTTPRequestHeaderValidator) ValidateRequestHeaderValue ¶

func (HTTPRequestHeaderValidator) ValidateRequestHeaderValue(value string) error

type HTTPURLRewriteValidator ¶ added in v1.2.0

type HTTPURLRewriteValidator struct{}

HTTPURLRewriteValidator validates values for a URL rewrite.

func (HTTPURLRewriteValidator) ValidateRewritePath ¶ added in v1.2.0

func (HTTPURLRewriteValidator) ValidateRewritePath(path string) error

ValidateRewritePath validates a path used in a URL Rewrite filter.

type HTTPValidator ¶

type HTTPValidator struct {
	HTTPNJSMatchValidator
	HTTPRedirectValidator
	HTTPURLRewriteValidator
	HTTPRequestHeaderValidator
}

HTTPValidator validates values that will propagate into the NGINX configuration http context. The validation rules are based on the nginx/config/http types and how they are used in the configuration templates of the nginx/config package. Changes to those might require changing the validation rules

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL