Enable filtering 'strict-mode' by default

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2022-04-29 12:17:22 +0200
committer: gjoranv <gv@verizonmedia.com> 2022-06-08 11:45:20 +0200
commit: 48d0b778681f08f27fae29a974c1aad071912efe (patch)
tree: 874a00fdcf4163eab528880be4ab21e14ee5a846 /config-model
parent: a6d53acc873b9057c2e5faf54d6b60d9616b0582 (diff)
2 files changed, 45 insertions, 7 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/Http.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/Http.java
index f5d1d3e6afd..eea3ec68cc0 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/Http.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/Http.java
@@ -24,7 +24,7 @@ public class Http extends AbstractConfigProducer<AbstractConfigProducer<?>> impl
     private final List<FilterBinding> bindings = new CopyOnWriteArrayList<>();
     private volatile JettyHttpServer httpServer;
     private volatile AccessControl accessControl;
-    private volatile boolean strictFiltering = false; // TODO Vespa 8: Enable strict filtering by default if filtering is enabled
+    private volatile Boolean strictFiltering;
 
     public Http(FilterChains chains) {
         super("http");
@@ -83,7 +83,12 @@ public class Http extends AbstractConfigProducer<AbstractConfigProducer<?>> impl
                     .binding(binding.binding().patternString()));
         }
         populateDefaultFiltersConfig(builder, httpServer);
-        builder.strictFiltering(strictFiltering);
+
+        // Enable strict filter by default if any filter chain/binding is configured
+        boolean strictFilter = this.strictFiltering == null
+                ? (!bindings.isEmpty() || !filterChains.allChains().allComponents().isEmpty())
+                : strictFiltering;
+        builder.strictFiltering(strictFilter);
     }
 
     @Override
diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/http/StrictFilteringTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/http/StrictFilteringTest.java
index f703f39295f..ad81c9a5a4d 100644
--- a/config-model/src/test/java/com/yahoo/vespa/model/container/http/StrictFilteringTest.java
+++ b/config-model/src/test/java/com/yahoo/vespa/model/container/http/StrictFilteringTest.java
@@ -8,7 +8,7 @@ import com.yahoo.vespa.model.container.xml.ContainerModelBuilder;
 import org.junit.Test;
 import org.w3c.dom.Element;
 
-import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertEquals;
 
 /**
  * @author bjorncs
@@ -16,11 +16,11 @@ import static org.junit.Assert.assertTrue;
 public class StrictFilteringTest extends DomBuilderTest {
 
     @Test
-    public void default_request_and_response_filters_in_services_xml_are_listen_in_server_config() {
+    public void strict_filtering_enabled_if_specified_in_services() {
         Element xml = parse(
                 "<container version='1.0'>",
                 "  <http>",
-                "    <filtering strict-mode=\"true\">",
+                "    <filtering strict-mode='true'>",
                 "      <request-chain id='request-chain-with-binding'>",
                 "        <filter id='my-filter' class='MyFilter'/>",
                 "        <binding>http://*/my-chain-binding</binding>",
@@ -29,9 +29,42 @@ public class StrictFilteringTest extends DomBuilderTest {
                 "    <server id='server1' port='8000' />",
                 "  </http>",
                 "</container>");
-        buildContainerCluster(xml);
+        assertStrictFiltering(true, xml);
+    }
+
+    @Test
+    public void strict_filtering_enabled_by_default_if_filter_present() {
+        Element xml = parse(
+                "<container version='1.0'>",
+                "  <http>",
+                "    <filtering>",
+                "      <request-chain id='request-chain'>",
+                "        <filter id='my-filter' class='MyFilter'/>",
+                "      </request-chain>",
+                "    </filtering>",
+                "    <server id='server1' port='8000' />",
+                "  </http>",
+                "</container>");
+        assertStrictFiltering(true, xml);
+    }
+
+    @Test
+    public void strict_filtering_disabled_if_no_filter() {
+        Element xml = parse(
+                "<container version='1.0'>",
+                "  <http>",
+                "    <filtering>",
+                "    </filtering>",
+                "    <server id='server1' port='8000' />",
+                "  </http>",
+                "</container>");
+        assertStrictFiltering(false, xml);
+    }
+
+    private void assertStrictFiltering(boolean expected, Element services) {
+        buildContainerCluster(services);
         ServerConfig config = root.getConfig(ServerConfig.class, "container/http/jdisc-jetty/server1");
-        assertTrue(config.strictFiltering());
+        assertEquals(expected, config.strictFiltering());
     }
 
     private void buildContainerCluster(Element containerElem) {
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2022-04-29 12:17:22 +0200
committer	gjoranv <gv@verizonmedia.com>	2022-06-08 11:45:20 +0200
commit	48d0b778681f08f27fae29a974c1aad071912efe (patch)
tree	874a00fdcf4163eab528880be4ab21e14ee5a846 /config-model
parent	a6d53acc873b9057c2e5faf54d6b60d9616b0582 (diff)