CUSTESC-23757: Fix a bug where a wildcard ingress rule would match an host without starting with a dot

joliveirinha · joliveirinha · commit e3d35570e6e5 · 2022-11-25T17:00:59.000Z
diff --git a/ingress/ingress.go b/ingress/ingress.go
@@ -58,7 +58,7 @@ func matchHost(ruleHost, reqHost string) bool {
 
 	// Validate hostnames that use wildcards at the start
 	if strings.HasPrefix(ruleHost, "*.") {
-		toMatch := strings.TrimPrefix(ruleHost, "*.")
+		toMatch := strings.TrimPrefix(ruleHost, "*")
 		return strings.HasSuffix(reqHost, toMatch)
 	}
 	return false
diff --git a/ingress/rule_test.go b/ingress/rule_test.go
@@ -148,6 +148,16 @@ func Test_rule_matches(t *testing.T) {
 			},
 			want: true,
 		},
+		{
+			name: "Hostname with wildcard should not match if no dot present",
+			rule: Rule{
+				Hostname: "*.api.abc.cloud",
+			},
+			args: args{
+				requestURL: MustParseURL(t, "https://testing-api.abc.cloud"),
+			},
+			want: false,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ func matchHost(ruleHost, reqHost string) bool {`
`58`	`58`
`59`	`59`	`// Validate hostnames that use wildcards at the start`
`60`	`60`	`if strings.HasPrefix(ruleHost, "*.") {`
`61`		`- toMatch := strings.TrimPrefix(ruleHost, "*.")`
	`61`	`+ toMatch := strings.TrimPrefix(ruleHost, "*")`
`62`	`62`	`return strings.HasSuffix(reqHost, toMatch)`
`63`	`63`	`}`
`64`	`64`	`return false`