Bug bounty test - PLEASE DO NOT APPROVE. vgopvg #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Daniel Ortiz <dortiz@krakend.io>
Resolved issues in proxy/shadow.go via DeepSource Autofix
…gure an specific timeout. Signed-off-by: Daniel Ortiz <dortiz@krakend.io>
Signed-off-by: Daniel Ortiz <dortiz@krakend.io>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.4.0 to 0.7.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](golang/net@v0.4.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…ttern. Signed-off-by: Daniel Ortiz <dortiz@krakend.io>
Add a setter to the sequentialParamsPattern
….org/x/net-0.7.0 Bump golang.org/x/net from 0.4.0 to 0.7.0
Set the timeout in the context sent to the shadow proxy request
Signed-off-by: kpacha <dlopez@krakend.io>
Signed-off-by: Moritz Ploss <moritz.ploss@gmail.com>
Fix race condition in shadowproxy
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.0.0-20211215153901-e495a2d5b3d3 to 0.1.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/commits/v0.1.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: kpacha <dlopez@krakend.io>
Signed-off-by: David Hontecillas <dhontecillas@gmail.com>
Resolved issues in proxy/plugin.go with DeepSource Autofix
Signed-off-by: Daniel Ortiz <dortiz@krakend.io>
Signed-off-by: Daniel Ortiz <dortiz@krakend.io>
Signed-off-by: Daniel Ortiz <dortiz@krakend.io>
Signed-off-by: Daniel Ortiz <dortiz@krakend.io>
Signed-off-by: Daniel Ortiz <dortiz@krakend.io>
Check function provided by request response modifier plugin is not nil
Add echo endpoint handler.
Signed-off-by: David Hontecillas <dhontecillas@gmail.com>
Signed-off-by: David Hontecillas <dhontecillas@gmail.com>
Signed-off-by: David Hontecillas <dhontecillas@gmail.com>
Signed-off-by: David Hontecillas <dhontecillas@gmail.com>
Signed-off-by: David Hontecillas <dhontecillas@gmail.com>
Signed-off-by: David Hontecillas <dhontecillas@gmail.com>
Signed-off-by: David Hontecillas <dhontecillas@gmail.com>
Signed-off-by: David Hontecillas <dhontecillas@gmail.com>
Add mTLS config for backend clients
…(also for backend headers) Signed-off-by: David Hontecillas <dhontecillas@gmail.com>
add backend level query strings filtering
Signed-off-by: kpacha <dlopez@krakend.io>
upgrade some x pkgs
…other partes (fixed) Signed-off-by: David Hontecillas <dhontecillas@gmail.com>
Remove gin pending fix "patch"
….0.0). Signed-off-by: Daniel Ortiz <dortiz@krakend.io>
Signed-off-by: Daniel Ortiz <dortiz@krakend.io>
Signed-off-by: Daniel Ortiz <dortiz@krakend.io>
Signed-off-by: Daniel Ortiz <dortiz@krakend.io>
Allow to configure the listen address of the service
init. If we initialize h2c using gin router it will use h2c handler to wrap handler with all routes registered on gin router. The problem is that it is possible to construct router factory with RunServer function which will wrap h2c handler with additional handler. Any logic in this handler will not be able to understand http2 cleartext requests. We have this example in krakend-ce repository where CORS support is added through RunServer function. Then we have CORS handler -> h2c handler -> Gin router. Simplest fix is to move h2c support to server initialization and add h2c handler as the outermost layer. Signed-off-by: Antonije Ivanovic <aivanovic@squarespace.com>
Signed-off-by: Antonije Ivanovic <aivanovic@squarespace.com>
Signed-off-by: Antonije Ivanovic <aivanovic@squarespace.com>
Signed-off-by: Antonije Ivanovic <aivanovic@squarespace.com>
Signed-off-by: David Hontecillas <dhontecillas@gmail.com>
Signed-off-by: David Hontecillas <dhontecillas@gmail.com>
Name explicitly the client certificate and private key
In my [#694](luraproject/lura#694) I fixed issued with h2c support and CORS. There was small bug which slipped through code review. New config field does not use correct struct tag. Changed `json` to `mapstructure`. Signed-off-by: Antonije Ivanovic <aivanovic@squarespace.com>
Fix for parsing use_h2c config
Signed-off-by: David Hontecillas <dhontecillas@gmail.com>
…_config fix missing h2c flag from parser to config
* Bump golang.org/x/crypto from 0.14.0 to 0.17.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. - [Commits](golang/crypto@v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * add ParentEndpoint to Backend config structure and info to the backend logs. Signed-off-by: David Hontecillas <dhontecillas@gmail.com> * Do not abort the loading of handler plugins when one of them fails to load. Adjust log levels. Signed-off-by: Daniel Ortiz <dortiz@krakend.io> * Fix typo Fix typo in "Response" word. Signed-off-by: Javier Vázquez Romera <javier.vazquez.romera@gmail.com> * Add the encoding to the HTTPResponseError so, when returning an error from the backend, the content-type matches. This change only applies when using "return_error_code" or "return_error_details". Signed-off-by: Daniel Ortiz <dortiz@krakend.io> * Fix tests and add mux support. Signed-off-by: Daniel Ortiz <dortiz@krakend.io> * Remove mux support since we can't write headers after the first write. Signed-off-by: Daniel Ortiz <dortiz@krakend.io> * refactor: autofix issues in 1 file Resolved issues in transport/http/client/status_test.go with DeepSource Autofix * Remove unused code. Signed-off-by: Daniel Ortiz <dortiz@krakend.io> * add parent endpoint method to backend logs to better indetify the parent endpoint Signed-off-by: David Hontecillas <dhontecillas@gmail.com> * Pass the application context to the request and response modifiers. Also extend the structs passed to the modifier functions so it can retrieve the execution Context. Reponse modifers now have access to the Request. Updated examples to show the new features. Signed-off-by: Daniel Ortiz <dortiz@krakend.io> * refactor: autofix issues in 1 file Resolved issues in proxy/plugin/modifier_test.go with DeepSource Autofix * do not export a function returning an unexported type Signed-off-by: kpacha <dlopez@krakend.io> * set the timeouts for the internal endpoint and backend(s) Signed-off-by: kpacha <dlopez@krakend.io> * build the final string directly Signed-off-by: kpacha <dlopez@krakend.io> * remove unrequired request clone Signed-off-by: kpacha <dlopez@krakend.io> * fix log messages Signed-off-by: kpacha <dlopez@krakend.io> * simplify the timeout assignation Signed-off-by: kpacha <dlopez@krakend.io> * feat: add overwrite functionality for invalid Pattern Signed-off-by: Emin Aktas <eminaktas34@gmail.com> * Bump google.golang.org/protobuf from 1.30.0 to 1.33.0 Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * requests should be cloned at the split/merge and concurrent mw only Signed-off-by: kpacha <dlopez@krakend.io> * do not use log.Fatal Signed-off-by: kpacha <dlopez@krakend.io> * set the max header bytes param configurable Signed-off-by: kpacha <dlopez@krakend.io> * fix the hash of the new config test Signed-off-by: kpacha <dlopez@krakend.io> * clone the body if there are one or more unsafe backends Signed-off-by: kpacha <dlopez@krakend.io> * Bump golang.org/x/net from 0.17.0 to 0.23.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](golang/net@v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * add config field to serve tls using multiple key pairs Signed-off-by: David Hontecillas <dhontecillas@gmail.com> * use list of certificates for serving TLS Signed-off-by: David Hontecillas <dhontecillas@gmail.com> * test serving multiple certificates Signed-off-by: David Hontecillas <dhontecillas@gmail.com> * fix style issues in certs tests Signed-off-by: David Hontecillas <dhontecillas@gmail.com> * add config option to tweak the DNS cache TTL Signed-off-by: David Hontecillas <dhontecillas@gmail.com> * get go version from runtime Signed-off-by: David Hontecillas <dhontecillas@gmail.com> * Correct typo in plugin registration log Signed-off-by: Albert Lombarte <albert@krakend.io> * h2c disabled by default --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: David Hontecillas <dhontecillas@gmail.com> Signed-off-by: Daniel Ortiz <dortiz@krakend.io> Signed-off-by: Javier Vázquez Romera <javier.vazquez.romera@gmail.com> Signed-off-by: kpacha <dlopez@krakend.io> Signed-off-by: Emin Aktas <eminaktas34@gmail.com> Signed-off-by: Albert Lombarte <albert@krakend.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: David Hontecillas <dhontecillas@gmail.com> Co-authored-by: Daniel Ortiz <dortiz@krakend.io> Co-authored-by: Javier Vázquez Romera <javier.vazquez.romera@gmail.com> Co-authored-by: A. Lombarte <alombarte@users.noreply.github.com> Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com> Co-authored-by: Daniel López <dlopez@krakend.io> Co-authored-by: Emin Aktas <eminaktas34@gmail.com> Co-authored-by: Albert Lombarte <albert@krakend.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bug bounty test - PLEASE DO NOT APPROVE. vgopvg