public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[main] Plugin fixes (#57399)

Browse Source 
* Plugins: Remove support for V1 manifests

* Plugins: Make proxy endpoints not leak sensitive HTTP headers

* Security: Fix do not forward login cookie in outgoing requests

(cherry picked from commit 4539c33fce)

Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
This commit is contained in:
Marcus Efraimsson
2022-10-21 13:54:55 +02:00
committed by GitHub
parent af17123b5f
commit 6f8fcae01b
20 changed files with 198 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/infra/httpclient/httpclientprovider/forwarded_cookie_middleware_test.go
+8 -1
View File
@@ -13,6 +13,7 @@ func TestForwardedCookiesMiddleware(t *testing.T) {
tcs := []struct {
desc string
allowedCookies []string
disallowedCookies []string
expectedCookieHeader string
}{
{
@@ -30,6 +31,12 @@ func TestForwardedCookiesMiddleware(t *testing.T) {
allowedCookies: []string{"c1", "c3"},
expectedCookieHeader: "c1=1; c3=3",
},
{
desc: "When provided with allowed and not allowed cookies should populate Cookie header",
allowedCookies: []string{"c1", "c3"},
disallowedCookies: []string{"c1"},
expectedCookieHeader: "c3=3",
},
}
for _, tc := range tcs {
@@ -41,7 +48,7 @@ func TestForwardedCookiesMiddleware(t *testing.T) {
{Name: "c2", Value: "2"},
{Name: "c3", Value: "3"},
}
mw := httpclientprovider.ForwardedCookiesMiddleware(forwarded, tc.allowedCookies)
mw := httpclientprovider.ForwardedCookiesMiddleware(forwarded, tc.allowedCookies, tc.disallowedCookies)
opts := httpclient.Options{}
rt := mw.CreateMiddleware(opts, finalRoundTripper)
require.NotNil(t, rt)
pkg/infra/httpclient/httpclientprovider/forwarded_cookies_middleware.go
+2 -2
View File
@@ -11,13 +11,13 @@ const ForwardedCookiesMiddlewareName = "forwarded-cookies"
// ForwardedCookiesMiddleware middleware that sets Cookie header on the
// outgoing request, if forwarded cookies configured/provided.
func ForwardedCookiesMiddleware(forwardedCookies []*http.Cookie, allowedCookies []string) httpclient.Middleware {
func ForwardedCookiesMiddleware(forwardedCookies []*http.Cookie, allowedCookies []string, disallowedCookies []string) httpclient.Middleware {
return httpclient.NamedMiddlewareFunc(ForwardedCookiesMiddlewareName, func(opts httpclient.Options, next http.RoundTripper) http.RoundTripper {
return httpclient.RoundTripperFunc(func(req *http.Request) (*http.Response, error) {
for _, cookie := range forwardedCookies {
req.AddCookie(cookie)
}
proxyutil.ClearCookieHeader(req, allowedCookies)
proxyutil.ClearCookieHeader(req, allowedCookies, disallowedCookies)
return next.RoundTrip(req)
})
})