diff options
author | Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> | 2023-06-28 08:56:35 +0200 |
---|---|---|
committer | Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> | 2023-06-28 08:57:28 +0200 |
commit | 7f698c89346acb5e5116736d25325a046652ba81 (patch) | |
tree | 31f82eff1f17b7bf53581583f6d856bf551036dd /config/security/whitelist.go | |
parent | fa0e16f4c79a703d122f1e3a3a99f4b779aea9b2 (diff) |
Don't panic on invalid security whitelist regexp
Fixes #11176
Diffstat (limited to 'config/security/whitelist.go')
-rw-r--r-- | config/security/whitelist.go | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/config/security/whitelist.go b/config/security/whitelist.go index 72a80da2e..92eb3102f 100644 --- a/config/security/whitelist.go +++ b/config/security/whitelist.go @@ -45,9 +45,9 @@ func (w Whitelist) MarshalJSON() ([]byte, error) { // NewWhitelist creates a new Whitelist from zero or more patterns. // An empty patterns list or a pattern with the value 'none' will create // a whitelist that will Accept none. -func NewWhitelist(patterns ...string) Whitelist { +func NewWhitelist(patterns ...string) (Whitelist, error) { if len(patterns) == 0 { - return Whitelist{acceptNone: true} + return Whitelist{acceptNone: true}, nil } var acceptSome bool @@ -68,7 +68,7 @@ func NewWhitelist(patterns ...string) Whitelist { if !acceptSome { return Whitelist{ acceptNone: true, - } + }, nil } var patternsr []*regexp.Regexp @@ -78,10 +78,23 @@ func NewWhitelist(patterns ...string) Whitelist { if p == "" { continue } - patternsr = append(patternsr, regexp.MustCompile(p)) + re, err := regexp.Compile(p) + if err != nil { + return Whitelist{}, fmt.Errorf("failed to compile whitelist pattern %q: %w", p, err) + } + patternsr = append(patternsr, re) } - return Whitelist{patterns: patternsr, patternsStrings: patternsStrings} + return Whitelist{patterns: patternsr, patternsStrings: patternsStrings}, nil +} + +// MustNewWhitelist creates a new Whitelist from zero or more patterns and panics on error. +func MustNewWhitelist(patterns ...string) Whitelist { + w, err := NewWhitelist(patterns...) + if err != nil { + panic(err) + } + return w } // Accept reports whether name is whitelisted. |