From 19df4d97556bc559ea3cbed09a4cce9ec0aedac9 Mon Sep 17 00:00:00 2001
From: Kekoa Kaaikala <kekoa.kaaikala@gmail.com>
Date: Mon, 15 Aug 2022 17:34:16 +0000
Subject: [PATCH] Island: Enforce "no trailing slash" rule for URLs

---
 monkey/monkey_island/cc/app.py                      |  9 ++++++++-
 .../tests/unit_tests/monkey_island/cc/test_app.py   | 13 ++++++-------
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py
index 0391026bb..d27fd24bf 100644
--- a/monkey/monkey_island/cc/app.py
+++ b/monkey/monkey_island/cc/app.py
@@ -128,7 +128,14 @@ class FlaskDIWrapper:
             raise ValueError(f"Resource {resource.__name__} has no defined URLs")
 
         self._reserve_urls(resource.urls)
-        resource.urls = map(lambda url: url.rstrip("/"), resource.urls)
+
+        # enforce our rule that URLs should not contain a trailing slash
+        for url in resource.urls:
+            if url.endswith("/"):
+                raise ValueError(
+                    f"Resource {resource.__name__} has an invalid URL: A URL "
+                    "should not have a trailing slash."
+                )
         dependencies = self._container.resolve_dependencies(resource)
         self._api.add_resource(resource, *resource.urls, resource_class_args=dependencies)
 
diff --git a/monkey/tests/unit_tests/monkey_island/cc/test_app.py b/monkey/tests/unit_tests/monkey_island/cc/test_app.py
index 27971e0b6..40e87a32b 100644
--- a/monkey/tests/unit_tests/monkey_island/cc/test_app.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/test_app.py
@@ -75,7 +75,7 @@ def test_url_check_slash_stripping__trailing_slash(resource_manager):
 
 
 def test_url_check_slash_stripping__path_separation(resource_manager):
-    resource3 = get_mock_resource("res3", ["/beef/face/"])
+    resource3 = get_mock_resource("res3", ["/beef/face"])
     resource4 = get_mock_resource("res4", ["/beefface"])
 
     # Following shouldn't raise and exception
@@ -83,9 +83,8 @@ def test_url_check_slash_stripping__path_separation(resource_manager):
     resource_manager.add_resource(resource4)
 
 
-def test_trailing_slash_removal(resource_manager):
-    bogus_endpoint = "/beef/face"
-    resource3 = get_mock_resource("res3", [f"{bogus_endpoint}/"])
-    resource_manager.add_resource(resource3)
-    registered_rules = resource_manager._api.app.url_map._rules
-    assert any([rule.rule == bogus_endpoint for rule in registered_rules])
+def test_trailing_slash_enforcement(resource_manager):
+    bad_endpoint = "/beef/face/"
+    with pytest.raises(ValueError):
+        resource3 = get_mock_resource("res3", [f"{bad_endpoint}"])
+        resource_manager.add_resource(resource3)