Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Relax header validation for SIP. #925

Merged
merged 1 commit into from
Dec 17, 2024
Merged

Relax header validation for SIP. #925

merged 1 commit into from
Dec 17, 2024

Conversation

dennwc
Copy link
Contributor

@dennwc dennwc commented Dec 17, 2024

Since #920 is merged, we now allow mapping any SIP headers to attributes. Thus, do not enforce headers_to_attributes map to only contain X-* headers. While at it - properly validate header names.

@dennwc dennwc self-assigned this Dec 17, 2024
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Dec 17, 2024
edited
Loading

🦋 Changeset detected

Latest commit: 5f4c748

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

💥 An error occurred when fetching the changed packages and changesets in this PR 
Some errors occurred when validating the changesets config:
The package or glob expression "github.com/livekit/protocol" specified in the `fixed` option does not match any package in the project. You may have misspelled the package name or provided an invalid glob expression. Note that glob expressions must be defined according to https://www.npmjs.com/package/micromatch.

@dennwc dennwc requested review from kuba-- and a team December 17, 2024 14:59
kuba--
kuba-- reviewed Dec 17, 2024
View reviewed changes
livekit/sip.go Outdated
Comment on lines 109 to 110
if strings.ContainsFunc(header, func(r rune) bool {
if r >= 'a' && r <= 'z' {
return false
} else if r >= 'A' && r <= 'Z' {
return false
} else if r >= '0' && r <= '9' {
return false
}
switch r {
case '-':
return false
}
return true
}) {
return fmt.Errorf("invalid header name: %q", header)
Copy link

@kuba-- kuba-- Dec 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we replace it by sth. like:

if !regexp.MustCompile(`^[a-zA-Z0-9\-]*$`).MatchString(header) {
 return fmt.Errorf("invalid header name: %q", header)
}

Copy link

@kuba-- kuba-- Dec 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

btw. I suppose the number full of - (e.g. -------) is also incorrect

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, switched to regexp. Full header validation is out of scope - SIP itself will drop invalid headers during parsing. This is just a best-effort validation to prevent typos.

@dennwc dennwc requested a review from kuba-- December 17, 2024 16:05
@dennwc dennwc merged commit 9eb0489 into main Dec 17, 2024
3 checks passed
@dennwc dennwc deleted the sip-headers-relax branch December 17, 2024 16:26
@github-actions github-actions bot mentioned this pull request Dec 17, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidzhao davidzhao davidzhao approved these changes

@brianbraunstein brianbraunstein Awaiting requested review from brianbraunstein

@kuba-- kuba-- Awaiting requested review from kuba--

Assignees

@dennwc dennwc

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dennwc @davidzhao @kuba--