Documentation
¶
Overview ¶
Package validation includes validators to validate values that will propagate to the NGINX configuration.
The validation rules prevent two cases: (1) Invalid values. Such values will cause NGINX to fail to reload the configuration. (2) Malicious values. Such values will cause NGINX to succeed to reload, but will configure NGINX maliciously, outside of the NGF capabilities. For example, configuring NGINX to serve the contents of the file system of its container.
The validation rules are based on the types in the parent config package and how they are used in the NGINX configuration templates. Changes to those might require changing the validation rules.
The rules are much looser for NGINX than for the Gateway API. However, some valid Gateway API values are not valid for NGINX.
Index ¶
- type GenericValidator
- func (GenericValidator) ValidateEndpoint(endpoint string) error
- func (GenericValidator) ValidateEscapedStringNoVarExpansion(value string) error
- func (GenericValidator) ValidateNginxDuration(duration string) error
- func (GenericValidator) ValidateNginxSize(size string) error
- func (GenericValidator) ValidateServiceName(name string) error
- type HTTPHeaderValidator
- type HTTPNJSMatchValidator
- func (HTTPNJSMatchValidator) ValidateHeaderNameInMatch(name string) error
- func (HTTPNJSMatchValidator) ValidateHeaderValueInMatch(value string) error
- func (HTTPNJSMatchValidator) ValidateMethodInMatch(method string) (valid bool, supportedValues []string)
- func (HTTPNJSMatchValidator) ValidatePathInMatch(path string) error
- func (HTTPNJSMatchValidator) ValidateQueryParamNameInMatch(name string) error
- func (HTTPNJSMatchValidator) ValidateQueryParamValueInMatch(value string) error
- type HTTPRedirectValidator
- func (HTTPRedirectValidator) ValidateHostname(hostname string) error
- func (HTTPRedirectValidator) ValidateRedirectPort(_ int32) error
- func (HTTPRedirectValidator) ValidateRedirectScheme(scheme string) (valid bool, supportedValues []string)
- func (HTTPRedirectValidator) ValidateRedirectStatusCode(statusCode int) (valid bool, supportedValues []string)
- type HTTPURLRewriteValidator
- type HTTPValidator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type GenericValidator ¶ added in v1.3.0
type GenericValidator struct{}
GenericValidator validates values for generic cases in the nginx conf.
func (GenericValidator) ValidateEndpoint ¶ added in v1.3.0
func (GenericValidator) ValidateEndpoint(endpoint string) error
ValidateEndpoint validates an alphanumeric endpoint, with optional http scheme and port.
func (GenericValidator) ValidateEscapedStringNoVarExpansion ¶ added in v1.3.0
func (GenericValidator) ValidateEscapedStringNoVarExpansion(value string) error
ValidateEscapedStringNoVarExpansion ensures that no invalid characters are included in the string value that could lead to unwanted nginx behavior.
func (GenericValidator) ValidateNginxDuration ¶ added in v1.3.0
func (GenericValidator) ValidateNginxDuration(duration string) error
ValidateNginxDuration validates a duration string that nginx can understand.
func (GenericValidator) ValidateNginxSize ¶ added in v1.3.0
func (GenericValidator) ValidateNginxSize(size string) error
ValidateNginxSize validates a size string that nginx can understand.
func (GenericValidator) ValidateServiceName ¶ added in v1.3.0
func (GenericValidator) ValidateServiceName(name string) error
ValidateServiceName validates a service name that can only use alphanumeric characters.
type HTTPHeaderValidator ¶ added in v1.3.0
type HTTPHeaderValidator struct{}
HTTPHeaderValidator validates values for request headers, which in NGINX is done with the proxy_set_header directive.
func (HTTPHeaderValidator) ValidateFilterHeaderName ¶ added in v1.3.0
func (HTTPHeaderValidator) ValidateFilterHeaderName(name string) error
func (HTTPHeaderValidator) ValidateFilterHeaderValue ¶ added in v1.3.0
func (HTTPHeaderValidator) ValidateFilterHeaderValue(value string) error
type HTTPNJSMatchValidator ¶
type HTTPNJSMatchValidator struct{}
HTTPNJSMatchValidator validates values used for matching a request. The matching is implemented in NJS (except for path matching), so changes to the implementation change the validation rules here.
func (HTTPNJSMatchValidator) ValidateHeaderNameInMatch ¶
func (HTTPNJSMatchValidator) ValidateHeaderNameInMatch(name string) error
func (HTTPNJSMatchValidator) ValidateHeaderValueInMatch ¶
func (HTTPNJSMatchValidator) ValidateHeaderValueInMatch(value string) error
func (HTTPNJSMatchValidator) ValidateMethodInMatch ¶
func (HTTPNJSMatchValidator) ValidateMethodInMatch(method string) (valid bool, supportedValues []string)
func (HTTPNJSMatchValidator) ValidatePathInMatch ¶
func (HTTPNJSMatchValidator) ValidatePathInMatch(path string) error
ValidatePathInMatch a path used in the location directive.
func (HTTPNJSMatchValidator) ValidateQueryParamNameInMatch ¶
func (HTTPNJSMatchValidator) ValidateQueryParamNameInMatch(name string) error
func (HTTPNJSMatchValidator) ValidateQueryParamValueInMatch ¶
func (HTTPNJSMatchValidator) ValidateQueryParamValueInMatch(value string) error
type HTTPRedirectValidator ¶
type HTTPRedirectValidator struct{}
HTTPRedirectValidator validates values for a redirect, which in NGINX is done with the return directive. For example, return 302 "https://example.com:8080";
func (HTTPRedirectValidator) ValidateHostname ¶ added in v1.2.0
func (HTTPRedirectValidator) ValidateHostname(hostname string) error
func (HTTPRedirectValidator) ValidateRedirectPort ¶
func (HTTPRedirectValidator) ValidateRedirectPort(_ int32) error
func (HTTPRedirectValidator) ValidateRedirectScheme ¶
func (HTTPRedirectValidator) ValidateRedirectScheme(scheme string) (valid bool, supportedValues []string)
ValidateRedirectScheme validates a scheme to be used in the return directive for a redirect. NGINX rules are not restrictive, but it is easier to validate just for two allowed values http and https, dictated by the Gateway API spec.
func (HTTPRedirectValidator) ValidateRedirectStatusCode ¶
func (HTTPRedirectValidator) ValidateRedirectStatusCode(statusCode int) (valid bool, supportedValues []string)
ValidateRedirectStatusCode validates a status code to be used in the return directive for a redirect. NGINX allows 0..999. However, let's be conservative and only allow 301 and 302 (the values allowed by the Gateway API spec). Note that in the future, we might reserve some codes for internal redirects, so better not to allow all possible code values. We can always relax the validation later in case there is a need.
type HTTPURLRewriteValidator ¶ added in v1.2.0
type HTTPURLRewriteValidator struct{}
HTTPURLRewriteValidator validates values for a URL rewrite.
func (HTTPURLRewriteValidator) ValidateRewritePath ¶ added in v1.2.0
func (HTTPURLRewriteValidator) ValidateRewritePath(path string) error
ValidateRewritePath validates a path used in a URL Rewrite filter.
type HTTPValidator ¶
type HTTPValidator struct {
HTTPNJSMatchValidator
HTTPRedirectValidator
HTTPURLRewriteValidator
HTTPHeaderValidator
}
HTTPValidator validates values that will propagate into the NGINX configuration http context. The validation rules are based on the nginx/config/http types and how they are used in the configuration templates of the nginx/config package. Changes to those might require changing the validation rules.
Source Files