Url rewrite - validate input #828

danielpeintner · 2022-09-15T09:51:31Z

I noticed this comment from @egekorkan :

Option 1 is not bad but we have to make sure that only relative URLs are used since the host part of the URL comes from the servient and not from the binding (which manages the forms href). There was previously a discussion about this at #632 . I propose to keep only one issue and move the comments from to the other.

I think that the PR missing the validation side. In my understanding, it is possible to write something like { "/properties/test" : "http://hello.com/test" }, which is something not desirable. Should we validate both In URI and out URI to be relative references? Maybe we can do this in a future PR.

Originally posted by @relu91 in #810 (comment)

The text was updated successfully, but these errors were encountered:

danielpeintner · 2022-09-15T09:54:53Z

I have the feeling that abusing it in any way is somewhat up to the user.

What if I want to use a different IP of the machine node-wot is not aware of. We would prohibit it. There might be other cases.
What are the main arguments why we should apply further checks?

danielpeintner mentioned this issue Sep 15, 2022

URL rewrite #810

Merged

relu91 added enhancement New feature or request binding-http Issues related to http protocol binding labels Sep 22, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Url rewrite - validate input #828

Url rewrite - validate input #828

danielpeintner commented Sep 15, 2022

danielpeintner commented Sep 15, 2022

Url rewrite - validate input #828

Url rewrite - validate input #828

Comments

danielpeintner commented Sep 15, 2022

danielpeintner commented Sep 15, 2022