You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Credit to @pleshakov , the telemetry collection of SnippetsFilters added in this PR has a few edge cases which lead to incorrect behavior. The issue comes up when parsing nginx directives and values. This is the current implementation of parsing Snippet values
func parseSnippetValueIntoDirectives(snippetValue string) []string {
separatedDirectives := strings.Split(snippetValue, ";")
directives := make([]string, 0, len(separatedDirectives))
for _, directive := range separatedDirectives {
// the strings.TrimSpace is needed in the case of multi-line NGINX Snippet values
directive = strings.Split(strings.TrimSpace(directive), " ")[0]
// splitting on the delimiting character can result in a directive being empty or a space/newline character,
// so we check here to ensure it's not
if directive != "" {
directives = append(directives, directive)
}
}
return directives
}
This current implementation is too lax on using the ; character as a separator for directives and leaves room for many edge cases to incorrectly get parsed.
Below are some examples:
Use of the map directive, which not only doesn't have the ; character at the end of the directive, but can have nested ; characters which are not directives.
Credit to @pleshakov , the telemetry collection of SnippetsFilters added in this PR has a few edge cases which lead to incorrect behavior. The issue comes up when parsing nginx directives and values. This is the current implementation of parsing Snippet values
This current implementation is too lax on using the
;
character as a separator for directives and leaves room for many edge cases to incorrectly get parsed.Below are some examples:
Use of the map directive, which not only doesn't have the
;
character at the end of the directive, but can have nested;
characters which are not directives.input:
output:
Any example with
;
included in the value.proxy_set_header hello "myvalue;abc";
Comments in general, AND if
;
is inside a comment# this is a nasty; comment
The text was updated successfully, but these errors were encountered: