test(handler) check that templates cannot write ngx.ctx (#44)

Kong · Jun 2, 2021 · da026e6 · da026e6
1 parent 3a80379
commit da026e6
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 1 deletion.
diff --git a/.travis.yml b/.travis.yml
@@ -26,6 +26,7 @@ env:
   - secure: d8lQhUZik+Ng0+GueJzTn5+DXmWCW/Sx7eb+pbk8g5HJB4Myk3CGjdYb/wmn1oARpagQlMFCERdqYDY+NsVLL/m65aJkDsGiJYjxtE+EP7pai0gfpGD1tvBZ4te/YsbjdhNtj+nQ3nk0Ecc0S9+l99ztG7VjnBdfZbVOYLpJIzl/UNV5V/y00mdKkwTlGqppMe45XVqGdS/KkKMYm6w1OSs9YA4u9OpbzRmfvK5y1MRPNfRd1NY2+624bDEUZrPvicsofwDV7GhtPsr6hewGWmlA7/fINrE/rUaQKyFeeEkRQz7HCe9f7PlNHlPWD9nIGVbBNOaQqMmXlasdOqqMlJftukymiQdl1ALyZLa0y47MariOwzkU9aftcOQMsIwpuThWd1izzH+VVi9fWIFWvghD2MI5Ar+YxqRv2F1gLdhfte3Gaq+K8liKhiQG05GwxzWaJgAhoCY84KVh1zChjq4ZhN1zxWybEfaBboTYhKG82FKhRFppYfxLvNgUhRSBblWMsYpNsqapag4AL0GYiGnynTrlgRohHHCBSHt/6WZGOED8vCBKrd5e9iIWTK5WIipN6THQXdofA7xjbl6fEsdl5UiJc+vgRTuT96Te2LeLWswWdu0n1L+DEfLaPCPzxOXHElYe6NC/X1zsI4IEflUGHiNYS7oMkrHb4eEcz4g=
 
 install:
+- echo "$DOCKER_KEY" | docker login -u "$DOCKER_USER" --password-stdin
 - git clone --single-branch https://github.com/Kong/kong-pongo ../kong-pongo
 - "../kong-pongo/pongo.sh up"
 - "../kong-pongo/pongo.sh build"

diff --git a/kong/plugins/request-transformer/access.lua b/kong/plugins/request-transformer/access.lua
@@ -136,7 +136,7 @@ local function param_value(source_template, config_array)
   -- Find or compile the specific template
   local compiled_template = compiled_templates[source_template]
   if not compiled_template then
-    compiled_template = pl_template.compile(source_template, compile_opts)
+    compiled_template = assert(pl_template.compile(source_template, compile_opts))
     compiled_templates[source_template] = compiled_template
   end
 

diff --git a/spec/02-access_spec.lua b/spec/02-access_spec.lua
@@ -125,6 +125,10 @@ describe("Plugin: request-transformer(access) [#" .. strategy .. "]", function()
       hosts = { "test27.test" }
     })
 
+    local route28 = bp.routes:insert({
+      hosts = { "test28.test" }
+    })
+
     bp.plugins:insert {
       route = { id = route1.id },
       name = "request-transformer",
@@ -453,6 +457,18 @@ describe("Plugin: request-transformer(access) [#" .. strategy .. "]", function()
       }
     }
 
+    -- transformer attempts to inject a value in ngx.ctx.shared, but that will result in an invalid template
+    -- which provokes a failure
+    bp.plugins:insert {
+      route = { id = route28.id },
+      name = "request-transformer",
+      config = {
+        add = {
+          headers = { "X-Write-Attempt:$(shared.written = true)" },
+        }
+      }
+    }
+
     assert(helpers.start_kong({
       database = strategy,
       plugins = "bundled, request-transformer",
@@ -2171,6 +2187,16 @@ describe("Plugin: request-transformer(access) [#" .. strategy .. "]", function()
       local value = assert.request(r).has.queryparam("shared_param1")
       assert.equals("1.2.3", value)
     end)
+    it("cannot write a value in `kong.ctx.shared`", function()
+      local r = client:send {
+        method = "GET",
+        path = "/",
+        headers = {
+          host = "test28.test",
+        }
+      }
+      assert.response(r).has.status(500)
+    end)
   end)
   describe("remove then add header (regression test)", function()
     it("header already exists in request", function()