Don't panic on invalid security whitelist regexp

Fixes #11176
author: Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> 2023-06-28 08:56:35 +0200
committer: Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> 2023-06-28 08:57:28 +0200
commit: 7f698c89346acb5e5116736d25325a046652ba81 (patch)
tree: 31f82eff1f17b7bf53581583f6d856bf551036dd /config
parent: fa0e16f4c79a703d122f1e3a3a99f4b779aea9b2 (diff)
3 files changed, 30 insertions, 17 deletions
diff --git a/config/security/securityConfig.go b/config/security/securityConfig.go
index 5d0db2fb9..3d17b7a48 100644
--- a/config/security/securityConfig.go
+++ b/config/security/securityConfig.go
@@ -34,7 +34,7 @@ const securityConfigKey = "security"
 // DefaultConfig holds the default security policy.
 var DefaultConfig = Config{
 	Exec: Exec{
-		Allow: NewWhitelist(
+		Allow: MustNewWhitelist(
 			"^(dart-)?sass(-embedded)?$", // sass, dart-sass, dart-sass-embedded.
 			"^go$",                       // for Go Modules
 			"^npx$",                      // used by all Node tools (Babel, PostCSS).
@@ -42,14 +42,14 @@ var DefaultConfig = Config{
 		),
 		// These have been tested to work with Hugo's external programs
 		// on Windows, Linux and MacOS.
-		OsEnv: NewWhitelist(`(?i)^((HTTPS?|NO)_PROXY|PATH(EXT)?|APPDATA|TE?MP|TERM|GO\w+)$`),
+		OsEnv: MustNewWhitelist(`(?i)^((HTTPS?|NO)_PROXY|PATH(EXT)?|APPDATA|TE?MP|TERM|GO\w+)$`),
 	},
 	Funcs: Funcs{
-		Getenv: NewWhitelist("^HUGO_", "^CI$"),
+		Getenv: MustNewWhitelist("^HUGO_", "^CI$"),
 	},
 	HTTP: HTTP{
-		URLs:    NewWhitelist(".*"),
-		Methods: NewWhitelist("(?i)GET|POST"),
+		URLs:    MustNewWhitelist(".*"),
+		Methods: MustNewWhitelist("(?i)GET|POST"),
 	},
 }
 
@@ -221,7 +221,7 @@ func stringSliceToWhitelistHook() mapstructure.DecodeHookFuncType {
 
 		wl := types.ToStringSlicePreserveString(data)
 
-		return NewWhitelist(wl...), nil
+		return NewWhitelist(wl...)
 
 	}
 }
diff --git a/config/security/whitelist.go b/config/security/whitelist.go
index 72a80da2e..92eb3102f 100644
--- a/config/security/whitelist.go
+++ b/config/security/whitelist.go
@@ -45,9 +45,9 @@ func (w Whitelist) MarshalJSON() ([]byte, error) {
 // NewWhitelist creates a new Whitelist from zero or more patterns.
 // An empty patterns list or a pattern with the value 'none' will create
 // a whitelist that will Accept none.
-func NewWhitelist(patterns ...string) Whitelist {
+func NewWhitelist(patterns ...string) (Whitelist, error) {
 	if len(patterns) == 0 {
-		return Whitelist{acceptNone: true}
+		return Whitelist{acceptNone: true}, nil
 	}
 
 	var acceptSome bool
@@ -68,7 +68,7 @@ func NewWhitelist(patterns ...string) Whitelist {
 	if !acceptSome {
 		return Whitelist{
 			acceptNone: true,
-		}
+		}, nil
 	}
 
 	var patternsr []*regexp.Regexp
@@ -78,10 +78,23 @@ func NewWhitelist(patterns ...string) Whitelist {
 		if p == "" {
 			continue
 		}
-		patternsr = append(patternsr, regexp.MustCompile(p))
+		re, err := regexp.Compile(p)
+		if err != nil {
+			return Whitelist{}, fmt.Errorf("failed to compile whitelist pattern %q: %w", p, err)
+		}
+		patternsr = append(patternsr, re)
 	}
 
-	return Whitelist{patterns: patternsr, patternsStrings: patternsStrings}
+	return Whitelist{patterns: patternsr, patternsStrings: patternsStrings}, nil
+}
+
+// MustNewWhitelist creates a new Whitelist from zero or more patterns and panics on error.
+func MustNewWhitelist(patterns ...string) Whitelist {
+	w, err := NewWhitelist(patterns...)
+	if err != nil {
+		panic(err)
+	}
+	return w
 }
 
 // Accept reports whether name is whitelisted.
diff --git a/config/security/whitelist_test.go b/config/security/whitelist_test.go
index 5c4196dff..89d1bc2b1 100644
--- a/config/security/whitelist_test.go
+++ b/config/security/whitelist_test.go
@@ -24,21 +24,21 @@ func TestWhitelist(t *testing.T) {
 	c := qt.New(t)
 
 	c.Run("none", func(c *qt.C) {
-		c.Assert(NewWhitelist("none", "foo").Accept("foo"), qt.IsFalse)
-		c.Assert(NewWhitelist().Accept("foo"), qt.IsFalse)
-		c.Assert(NewWhitelist("").Accept("foo"), qt.IsFalse)
-		c.Assert(NewWhitelist("  ", " ").Accept("foo"), qt.IsFalse)
+		c.Assert(MustNewWhitelist("none", "foo").Accept("foo"), qt.IsFalse)
+		c.Assert(MustNewWhitelist().Accept("foo"), qt.IsFalse)
+		c.Assert(MustNewWhitelist("").Accept("foo"), qt.IsFalse)
+		c.Assert(MustNewWhitelist("  ", " ").Accept("foo"), qt.IsFalse)
 		c.Assert(Whitelist{}.Accept("foo"), qt.IsFalse)
 	})
 
 	c.Run("One", func(c *qt.C) {
-		w := NewWhitelist("^foo.*")
+		w := MustNewWhitelist("^foo.*")
 		c.Assert(w.Accept("foo"), qt.IsTrue)
 		c.Assert(w.Accept("mfoo"), qt.IsFalse)
 	})
 
 	c.Run("Multiple", func(c *qt.C) {
-		w := NewWhitelist("^foo.*", "^bar.*")
+		w := MustNewWhitelist("^foo.*", "^bar.*")
 		c.Assert(w.Accept("foo"), qt.IsTrue)
 		c.Assert(w.Accept("bar"), qt.IsTrue)
 		c.Assert(w.Accept("mbar"), qt.IsFalse)
author	Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com>	2023-06-28 08:56:35 +0200
committer	Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com>	2023-06-28 08:57:28 +0200
commit	7f698c89346acb5e5116736d25325a046652ba81 (patch)
tree	31f82eff1f17b7bf53581583f6d856bf551036dd /config
parent	fa0e16f4c79a703d122f1e3a3a99f4b779aea9b2 (diff)