From c8608ed8107c84c33910a92c16f4a493609e05c3 Mon Sep 17 00:00:00 2001 From: Rudolf Meijering Date: Wed, 24 Jun 2020 10:25:48 +0200 Subject: [PATCH] Fixes #69344: Don't allow empty string for server.basePath config (#69377) * Fixes #69344: Don't allow empty string for server.basePath config * Remove unused basepath group --- .../server/http/__snapshots__/http_config.test.ts.snap | 2 ++ src/core/server/http/http_config.test.ts | 8 ++++++++ src/core/server/http/http_config.ts | 2 +- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/core/server/http/__snapshots__/http_config.test.ts.snap b/src/core/server/http/__snapshots__/http_config.test.ts.snap index 07c153a7a8a2..d48ead3cec8e 100644 --- a/src/core/server/http/__snapshots__/http_config.test.ts.snap +++ b/src/core/server/http/__snapshots__/http_config.test.ts.snap @@ -83,6 +83,8 @@ Object { exports[`throws if basepath appends a slash 1`] = `"[basePath]: must start with a slash, don't end with one"`; +exports[`throws if basepath is an empty string 1`] = `"[basePath]: must start with a slash, don't end with one"`; + exports[`throws if basepath is missing prepended slash 1`] = `"[basePath]: must start with a slash, don't end with one"`; exports[`throws if basepath is not specified, but rewriteBasePath is set 1`] = `"cannot use [rewriteBasePath] when [basePath] is not specified"`; diff --git a/src/core/server/http/http_config.test.ts b/src/core/server/http/http_config.test.ts index eaf66219d08d..0698f118be03 100644 --- a/src/core/server/http/http_config.test.ts +++ b/src/core/server/http/http_config.test.ts @@ -78,6 +78,14 @@ test('throws if basepath appends a slash', () => { expect(() => httpSchema.validate(obj)).toThrowErrorMatchingSnapshot(); }); +test('throws if basepath is an empty string', () => { + const httpSchema = config.schema; + const obj = { + basePath: '', + }; + expect(() => httpSchema.validate(obj)).toThrowErrorMatchingSnapshot(); +}); + test('throws if basepath is not specified, but rewriteBasePath is set', () => { const httpSchema = config.schema; const obj = { diff --git a/src/core/server/http/http_config.ts b/src/core/server/http/http_config.ts index 289b6539fd76..83a2e712b424 100644 --- a/src/core/server/http/http_config.ts +++ b/src/core/server/http/http_config.ts @@ -23,7 +23,7 @@ import { hostname } from 'os'; import { CspConfigType, CspConfig, ICspConfig } from '../csp'; import { SslConfig, sslSchema } from './ssl_config'; -const validBasePathRegex = /(^$|^\/.*[^\/]$)/; +const validBasePathRegex = /^\/.*[^\/]$/; const uuidRegexp = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/i; const match = (regex: RegExp, errorMsg: string) => (str: string) =>