[jboss-jira] [JBoss JIRA] (WFCORE-4309) Value validator for 'host-context-map' attribute of 'server-ssl-sni-context' resource

Jan Stourac (Jira) issues at jboss.org
Fri Mar 29 14:12:02 EDT 2019 

    [ https://issues.jboss.org/browse/WFCORE-4309?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13715190#comment-13715190 ] 

Jan Stourac commented on WFCORE-4309:
-------------------------------------

Thanks for this fix, although I am afraid that since issues WFWIP-102 and WFCORE-4302 have not been resolved (and probably will be rejected) the hostname provided has to be entered in a regular expression format. In such case the introduced validation is too strict as even simple escaping characters (double backslash) are not allowed now.

In this context, implementation of this needs to be either updated or the introduced validation removed completely.

> Value validator for 'host-context-map' attribute of 'server-ssl-sni-context' resource
> -------------------------------------------------------------------------------------
>
>                 Key: WFCORE-4309
>                 URL: https://issues.jboss.org/browse/WFCORE-4309
>             Project: WildFly Core
>          Issue Type: Enhancement
>          Components: Security
>    Affects Versions: 7.0.0.Final
>            Reporter: Jan Stourac
>            Assignee: Diana Vilkolakova
>            Priority: Minor
>             Fix For: 9.0.0.Beta2
>
>
> There is not validation for 'host-context-map' property values on key side. There is validation for the values that represents 'server-ssl-contexts', although, there is no validation for host matching part. E.g. writing attribute of this value is possible:
> {code}
> /subsystem=elytron/server-ssl-sni-context=serverSslSniCtx:write-attribute(name=host-context-map,value={"\\?.example.com"=validSslContext,"..example.com"="validSslContext", "\\*\\*.example.com"=validSslContext})
> {code}
> {code}
> "\\?.example.com"
> "..example.com"
> "\\*\\*.example.com"
> {code}
> even though, these are invalid host name matchers IMHO. It would be nice to identify these and report those to user immediately during the configuration attempt.



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list