more data validation

Author: e-n-0

contrib/haproxy/stream-processing-offload/haproxy_mp.go

@@ -29,24 +29,24 @@ func (a *requestHeadersHAProxy) NewRequest(ctx context.Context) (*http.Request,
 		return nil, err
 	}
 
+	authority := headers.Get("Host")
 	method := getStringValue(a.msg, "method")
 	path := getStringValue(a.msg, "path")
 	https := getBoolValue(a.msg, "https")
 	remoteIp := getIPValue(a.msg, "ip")
 	remotePort := strconv.Itoa(getIntValue(a.msg, "ip_port"))
 
+	if authority == "" || method == "" || path == "" || remoteIp == nil {
+		return nil, fmt.Errorf("missing required values in the http request SPOE message")
+	}
+
 	var tlsState *tls.ConnectionState
 	scheme := "http"
 	if https {
 		tlsState = &tls.ConnectionState{}
 		scheme = "https"
 	}
 
-	authority := headers.Get("Host")
-	if authority == "" {
-		return nil, fmt.Errorf("no Host header")
-	}
-
 	// Define if a body is present based on Content-Length header
 	contentLength := headers.Get("Content-Length")
 	if contentLength != "" {

contrib/haproxy/stream-processing-offload/haproxy_test.go

@@ -9,6 +9,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"net"
 	"os"
 	"regexp"
 	"strconv"
@@ -567,6 +568,14 @@ func sendProcessingRequestHeaders(t *testing.T, handler func(*request.Request),
 	mKv.Add("https", true)
 	mKv.Add("timeout", "1s")
 
+	if ip, ok := headers["X-Forwarded-For"]; ok {
+		mKv.Add("ip", net.ParseIP(ip))
+	} else {
+		mKv.Add("ip", net.ParseIP("123.123.123.123"))
+	}
+
+	mKv.Add("ip_port", 12345)
+
 	messages := message.Messages{
 		&message.Message{Name: "http-request-headers-msg", KV: mKv},
 	}
@@ -608,7 +617,6 @@ func sendProcessingRequestBody(t *testing.T, handler func(*request.Request), bod
 	t.Helper()
 
 	mKv := kv.NewKV()
-	mKv.Add("body_size", len(body))
 	mKv.Add("body", body)
 	mKv.Add("span_id", spanId)
 

contrib/haproxy/stream-processing-offload/hdrsbin_parser.go

@@ -25,6 +25,10 @@ func readUvarintAt(buf []byte, p int) (val uint64, next int, err error) {
 // The list is terminated by a pair of empty strings (length 0 for both name and value).
 // https://www.haproxy.com/documentation/haproxy-configuration-manual/latest/#7.3.6-req.hdrs_bin
 func parseHAProxyReqHdrsBin(buf []byte) (http.Header, error) {
+	if buf == nil || len(buf) == 0 {
+		return nil, fmt.Errorf("empty headers buffer")
+	}
+
 	headers := make(http.Header)
 
 	p := 0

contrib/haproxy/stream-processing-offload/hdrsbin_parser_test.go

@@ -150,6 +150,11 @@ func TestParseHAProxyReqHdrsBin_Table(t *testing.T) {
 			},
 			want: http.Header{"A": {"B"}},
 		},
+		{
+			name:    "Malformed_Empty",
+			build:   func() []byte { return nil },
+			wantErr: true,
+		},
 	}
 
 	for _, tc := range tests {