p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Merge pull request #2194 from guardicore/2191-trailing-url-slashes 

Island: Remove trailing slashes before registering a URL
This commit is contained in:
Mike Salvatore 2022-08-15 14:25:28 -04:00 committed by GitHub
parent 96f794e192 a67a4418c9
commit 500eeeb582
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
monkey/monkey_island/cc/app.py
View File

@ -129,6 +129,13 @@ class FlaskDIWrapper:
self._reserve_urls(resource.urls) self._reserve_urls(resource.urls)
# enforce our rule that URLs should not contain a trailing slash
for url in resource.urls:
if url.endswith("/"):
raise ValueError(
f"Resource {resource.__name__} has an invalid URL: A URL "
"should not have a trailing slash."
)
dependencies = self._container.resolve_dependencies(resource) dependencies = self._container.resolve_dependencies(resource)
self._api.add_resource(resource, *resource.urls, resource_class_args=dependencies) self._api.add_resource(resource, *resource.urls, resource_class_args=dependencies)

2
monkey/monkey_island/cc/resources/propagation_credentials.py
View File

@ -11,7 +11,7 @@ _stolen_collection = "stolen-credentials"
class PropagationCredentials(AbstractResource): class PropagationCredentials(AbstractResource):
urls = ["/api/propagation-credentials/", "/api/propagation-credentials/<string:collection>"] urls = ["/api/propagation-credentials", "/api/propagation-credentials/<string:collection>"]
def __init__(self, credentials_repository: ICredentialsRepository): def __init__(self, credentials_repository: ICredentialsRepository):
self._credentials_repository = credentials_repository self._credentials_repository = credentials_repository

6
monkey/tests/unit_tests/monkey_island/cc/resources/test_propagation_credentials.py
View File

@ -22,8 +22,8 @@ from monkey_island.cc.resources.propagation_credentials import (
) )
ALL_CREDENTIALS_URL = PropagationCredentials.urls[0] ALL_CREDENTIALS_URL = PropagationCredentials.urls[0]
CONFIGURED_CREDENTIALS_URL = urljoin(ALL_CREDENTIALS_URL, _configured_collection) CONFIGURED_CREDENTIALS_URL = urljoin(ALL_CREDENTIALS_URL + "/", _configured_collection)
STOLEN_CREDENTIALS_URL = urljoin(ALL_CREDENTIALS_URL, _stolen_collection) STOLEN_CREDENTIALS_URL = urljoin(ALL_CREDENTIALS_URL + "/", _stolen_collection)
@pytest.fixture @pytest.fixture
@ -105,7 +105,7 @@ def test_all_propagation_credentials_endpoint__put_not_allowed(flask_client):
assert resp.status_code == HTTPStatus.METHOD_NOT_ALLOWED assert resp.status_code == HTTPStatus.METHOD_NOT_ALLOWED
NON_EXISTENT_COLLECTION_URL = urljoin(ALL_CREDENTIALS_URL, "bogus-credentials") NON_EXISTENT_COLLECTION_URL = urljoin(ALL_CREDENTIALS_URL + "/", "bogus-credentials")
def test_propagation_credentials_endpoint__get_not_found(flask_client): def test_propagation_credentials_endpoint__get_not_found(flask_client):

9
monkey/tests/unit_tests/monkey_island/cc/test_app.py
View File

@ -75,9 +75,16 @@ def test_url_check_slash_stripping__trailing_slash(resource_manager):
def test_url_check_slash_stripping__path_separation(resource_manager): def test_url_check_slash_stripping__path_separation(resource_manager):
resource3 = get_mock_resource("res3", ["/beef/face/"]) resource3 = get_mock_resource("res3", ["/beef/face"])
resource4 = get_mock_resource("res4", ["/beefface"]) resource4 = get_mock_resource("res4", ["/beefface"])
# Following shouldn't raise and exception # Following shouldn't raise and exception
resource_manager.add_resource(resource3) resource_manager.add_resource(resource3)
resource_manager.add_resource(resource4) resource_manager.add_resource(resource4)
def test_trailing_slash_enforcement(resource_manager):
bad_endpoint = "/beef/face/"
with pytest.raises(ValueError):
resource3 = get_mock_resource("res3", [f"{bad_endpoint}"])
resource_manager.add_resource(resource3)