Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent absolute URLs in checks paths #3685

Merged
merged 1 commit into from
Jan 4, 2018
Merged

Prevent absolute URLs in checks paths #3685

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
8 changes: 8 additions & 0 deletions nomad/structs/structs.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"fmt"
"io"
"net"
"net/url"
"os"
"path/filepath"
"reflect"
Expand Down Expand Up @@ -2937,6 +2938,13 @@ func (sc *ServiceCheck) validate() error {
if sc.Path == "" {
return fmt.Errorf("http type must have a valid http path")
}
url, err := url.Parse(sc.Path)
if err != nil {
return fmt.Errorf("http type must have a valid http path")
}
if url.IsAbs() {
return fmt.Errorf("http type must have a relative http path")
}

case ServiceCheckScript:
if sc.Command == "" {
Expand Down
31 changes: 31 additions & 0 deletions nomad/structs/structs_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1230,6 +1230,37 @@ func TestTask_Validate_Service_Check(t *testing.T) {
if err != nil {
t.Fatalf("err: %v", err)
}

check2 := ServiceCheck{
Name: "check-name-2",
Type: ServiceCheckHTTP,
Interval: 10 * time.Second,
Timeout: 2 * time.Second,
Path: "/foo/bar",
}

err = check2.validate()
if err != nil {
t.Fatalf("err: %v", err)
}

check2.Path = ""
err = check2.validate()
if err == nil {
t.Fatal("Expected an error")
}
if !strings.Contains(err.Error(), "valid http path") {
t.Fatalf("err: %v", err)
}

check2.Path = "http://www.example.com"
err = check2.validate()
if err == nil {
t.Fatal("Expected an error")
}
if !strings.Contains(err.Error(), "relative http path") {
t.Fatalf("err: %v", err)
}
}

// TestTask_Validate_Service_Check_AddressMode asserts that checks do not
Expand Down
3 changes: 2 additions & 1 deletion website/source/api/json-jobs.html.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -412,7 +412,8 @@ The `Task` object supports the following keys:
- `Path`: The path of the HTTP endpoint which Consul will query to query
the health of a service if the type of the check is `http`. Nomad
will add the IP of the service and the port, users are only required
to add the relative URL of the health check endpoint.
to add the relative URL of the health check endpoint. Absolute paths
are not allowed.

- `Protocol`: This indicates the protocol for the HTTP checks. Valid
options are `http` and `https`. We default it to `http`.
Expand Down