disallow github and bitbucket

This commit is contained in:
James Bardin 2017-11-20 16:44:50 -05:00
parent 98d0d15ddc
commit 92db96f783
2 changed files with 31 additions and 5 deletions

View File

@ -40,6 +40,13 @@ var (
// ProviderRe is a regular expression defining the format allowed for // ProviderRe is a regular expression defining the format allowed for
// provider fields in module registry implementations. // provider fields in module registry implementations.
ProviderRe = regexp.MustCompile("^" + providerSubRe + "$") ProviderRe = regexp.MustCompile("^" + providerSubRe + "$")
// these hostnames are not allowed as registry sources, because they are
// already special case module sources in terraform.
disallowed = map[string]bool{
"github.com": true,
"bitbucket.org": true,
}
) )
// Module describes a Terraform Registry Module source. // Module describes a Terraform Registry Module source.
@ -60,7 +67,7 @@ type Module struct {
// NewModule construct a new module source from separate parts. Pass empty // NewModule construct a new module source from separate parts. Pass empty
// string if host or submodule are not needed. // string if host or submodule are not needed.
func NewModule(host, namespace, name, provider, submodule string) *Module { func NewModule(host, namespace, name, provider, submodule string) (*Module, error) {
m := &Module{ m := &Module{
RawNamespace: namespace, RawNamespace: namespace,
RawName: name, RawName: name,
@ -68,9 +75,16 @@ func NewModule(host, namespace, name, provider, submodule string) *Module {
RawSubmodule: submodule, RawSubmodule: submodule,
} }
if host != "" { if host != "" {
m.RawHost = NewFriendlyHost(host) h := NewFriendlyHost(host)
if h != nil {
fmt.Println("HOST:", h)
if !h.Valid() || disallowed[h.Display()] {
return nil, ErrInvalidModuleSource
}
}
m.RawHost = h
} }
return m return m, nil
} }
// ParseModuleSource attempts to parse source as a Terraform registry module // ParseModuleSource attempts to parse source as a Terraform registry module
@ -85,8 +99,10 @@ func NewModule(host, namespace, name, provider, submodule string) *Module {
func ParseModuleSource(source string) (*Module, error) { func ParseModuleSource(source string) (*Module, error) {
// See if there is a friendly host prefix. // See if there is a friendly host prefix.
host, rest := ParseFriendlyHost(source) host, rest := ParseFriendlyHost(source)
if host != nil && !host.Valid() { if host != nil {
return nil, ErrInvalidModuleSource if !host.Valid() || disallowed[host.Display()] {
return nil, ErrInvalidModuleSource
}
} }
matches := moduleSourceRe.FindStringSubmatch(rest) matches := moduleSourceRe.FindStringSubmatch(rest)

View File

@ -96,6 +96,16 @@ func TestModule(t *testing.T) {
source: "foo.com/var/baz?otherthing", source: "foo.com/var/baz?otherthing",
wantErr: true, wantErr: true,
}, },
{
name: "disallow github",
source: "github.com/HashiCorp/Consul/aws",
wantErr: true,
},
{
name: "disallow bitbucket",
source: "bitbucket.org/HashiCorp/Consul/aws",
wantErr: true,
},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {