🐛 bug: reject malformed hostnames in hostauthorization wildcard path#4408
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
WalkthroughA new isValidHostSyntax helper validates normalized hosts (rejecting empty, leading/trailing/consecutive dots, invalid labels; accepting IP literals). parseNormalizedAuthority calls this validator and returns failure for invalid hosts. Tests now assert rejection for hosts containing '/', '?', or whitespace and for multi-trailing-dot with a port. ChangesHost Syntax Validation
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 golangci-lint (2.12.2)level=error msg="[linters_context] typechecking error: pattern ./...: directory prefix . does not contain main module or its selected dependencies" Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Code Review
This pull request introduces a host syntax validation helper isValidHostSyntax to the host authorization middleware to prevent invalid hosts (such as those containing path or query delimiters, or spaces) from being accepted, along with corresponding unit tests. A review comment suggests optimizing isValidHostSyntax to avoid heap allocations and iterator overhead on the hot path by validating the host in a single pass.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Multi trailing-dot authorities normalize to empty labels and are now correctly rejected by isValidHostSyntax, so the regression case is updated to expect rejection instead of acceptance. Rewrite isValidHostSyntax as a single-pass, zero-allocation label scan (net.ParseIP only for IPv6 literals) per review feedback. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #4408 +/- ##
==========================================
+ Coverage 91.33% 91.39% +0.06%
==========================================
Files 132 133 +1
Lines 13193 13357 +164
==========================================
+ Hits 12050 12208 +158
- Misses 724 730 +6
Partials 419 419
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
Add a direct table test exercising empty host, IPv4/IPv6 literals, leading/trailing hyphen labels, empty labels, underscores and oversize labels, bringing isValidHostSyntax to 100% coverage. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Motivation
attacker.test/.example.com).strings.HasSuffixover insufficiently validated host input.Description
isValidHostSyntax(host string) booltomiddleware/hostauthorization/hostauthorization.goto validate normalized host syntax (accept IP literals or RFC-style DNS labels and reject delimiters/whitespace, empty labels, labels with leading/trailing hyphens, and oversize labels).isValidHostSyntaxfromparseNormalizedAuthorityto reject malformed hosts early beforematchHostruns.Test_ParseNormalizedAuthorityinmiddleware/hostauthorization/hostauthorization_test.gofor inputs containing/,?, and spaces to ensure these are rejected.Testing
make auditwhich executed but failed due togovulncheckreporting multiple Go stdlib vulnerabilities in the pinned toolchain (go1.25.1), causing a non-zero exit (scan output reported numerous standard-library issues). (failed)make generate; the generation step completed successfully. (passed)make betteralign; completed successfully. (passed)make modernize; failed in this environment because themodernizetool requires Go >= 1.26 while the CI/toolchain usesgo1.25.1. (failed)make format; completed successfully. (passed)make lint; linter passed with0 issuesafter a minor gocritic suggestion was addressed. (passed)make test; full test suite executed successfully (3417 tests, 2 skipped). (passed)Codex Task