[PR #849] [CLOSED] Further sanitization changes #1683

New Issue

adam · 2025-12-29T02:31:12+01:00

adam commented

2025-12-29 02:31:12 +01:00

📋 Pull Request Information

Original PR: https://github.com/juanfont/headscale/pull/849
Author: @hedgeberg
Created: 10/7/2022
Status: ❌ Closed

Base: main ← Head: sanitise-machine-key-url

📝 Commits (10+)

47149e4 Move nodekey sanitization into middlewear
e9f45f6 Whitelisting middleware
1e84cf3 Merge branch 'main' into sanitise-machine-key-url
20d7130 split out oidc router and sanitize in app.go
2e5f8c5 split out apple & machine routers.
9454f24 add handles for router
00a7168 Merge branch 'main' into sanitise-machine-key-url
05d839e patch-ups from after pulling in main
0531126 initial integration testing infra in http_test.go
5d435c1 fix failing test by fixing WithTestName arg

📊 Changes

8 files changed (+253 additions, -34 deletions)

View changed files

📝 Makefile (+3 -0)
📝 api.go (+3 -18)
📝 app.go (+30 -11)
📝 handler_legacy.go (+10 -4)
➕ http_utils/handlers.go (+26 -0)
➕ http_utils/whitelists.go (+75 -0)
➕ integration/http_test.go (+105 -0)
📝 utils.go (+1 -1)

📄 Description

read the CONTRIBUTING guidelines
raised a GitHub issue or discussed it on the projects chat beforehand

Still To-Do:

apply whitelist to other public-facing endpoints with user input
determine if a length requirement can be added for each input
added unit tests
added integration tests
updated documentation if needed
updated CHANGELOG.md

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/juanfont/headscale/pull/849 **Author:** [@hedgeberg](https://github.com/hedgeberg) **Created:** 10/7/2022 **Status:** ❌ Closed **Base:** `main` ← **Head:** `sanitise-machine-key-url` --- ### 📝 Commits (10+) - [`47149e4`](https://github.com/juanfont/headscale/commit/47149e475c031e22f79884378e953bd147986cdd) Move nodekey sanitization into middlewear - [`e9f45f6`](https://github.com/juanfont/headscale/commit/e9f45f6a0d291bfb4458857f08b836b44f0753a1) Whitelisting middleware - [`1e84cf3`](https://github.com/juanfont/headscale/commit/1e84cf3ae82c2576888405b66c926d64dfb3708e) Merge branch 'main' into sanitise-machine-key-url - [`20d7130`](https://github.com/juanfont/headscale/commit/20d713013a9532908849f60302ed93556c80b53b) split out oidc router and sanitize in app.go - [`2e5f8c5`](https://github.com/juanfont/headscale/commit/2e5f8c53f8205f0d7d974524153f22f064a79903) split out apple & machine routers. - [`9454f24`](https://github.com/juanfont/headscale/commit/9454f2425403d45567ac12287c6caed90abe4467) add handles for router - [`00a7168`](https://github.com/juanfont/headscale/commit/00a716803595f1a6741673d5cfcd17e036a26892) Merge branch 'main' into sanitise-machine-key-url - [`05d839e`](https://github.com/juanfont/headscale/commit/05d839ec9222b688be8eaa47902f655e77191cae) patch-ups from after pulling in main - [`0531126`](https://github.com/juanfont/headscale/commit/05311260dae887ef6e3b1d8e565f6a7ed9162c37) initial integration testing infra in http_test.go - [`5d435c1`](https://github.com/juanfont/headscale/commit/5d435c1f3fd89202a950c5af3c39f4734f642014) fix failing test by fixing WithTestName arg ### 📊 Changes **8 files changed** (+253 additions, -34 deletions) <details> <summary>View changed files</summary> 📝 `Makefile` (+3 -0) 📝 `api.go` (+3 -18) 📝 `app.go` (+30 -11) 📝 `handler_legacy.go` (+10 -4) ➕ `http_utils/handlers.go` (+26 -0) ➕ `http_utils/whitelists.go` (+75 -0) ➕ `integration/http_test.go` (+105 -0) 📝 `utils.go` (+1 -1) </details> ### 📄 Description  - [x] read the [CONTRIBUTING guidelines](README.md#contributing) - [x] raised a GitHub issue or discussed it on the projects chat beforehand Still To-Do: - [x] apply whitelist to other public-facing endpoints with user input - [ ] determine if a length requirement can be added for each input - [ ] added unit tests - [ ] added integration tests - [ ] updated documentation if needed - [ ] updated CHANGELOG.md  --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

adam added the pull-request label 2025-12-29 02:31:12 +01:00

adam closed this issue

2025-12-29 02:31:12 +01:00

Sign in to join this conversation.

Branches Tags

main

update_flake_lock_action

gh-pages

kradalby/release-v0.27.2

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/github.com/opencontainers/runc-1.3.3

copilot/investigate-headscale-issue-2788

copilot/investigate-visibility-issue-2788

copilot/investigate-issue-2833

copilot/debug-issue-2846

copilot/fix-issue-2847

dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0

dependabot/go_modules/github.com/docker/docker-28.3.3incompatible

kradalby/cli-experiement3

doc/0.26.1

doc/0.25.1

doc/0.25.0

doc/0.24.3

doc/0.24.2

doc/0.24.1

doc/0.24.0

kradalby/build-docker-on-pr

topic/docu-versioning

topic/docker-kos

juanfont/fix-crash-node-id

juanfont/better-disclaimer

update-contributors

topic/prettier

revert-1893-add-test-stage-to-docs

add-test-stage-to-docs

remove-node-check-interval

fix-empty-prefix

fix-ephemeral-reusable

bug_report-debuginfo

autogroups

logs-to-stderr

revert-1414-topic/fix_unix_socket

rename-machine-node

port-embedded-derp-tests-v2

port-derp-tests

duplicate-word-linter

update-tailscale-1.36

warn-against-apache

ko-fi-link

more-acl-tests

fix-typo-standalone

parallel-nolint

tparallel-fix

rerouting

ssh-changelog-docs

oidc-cleanup

web-auth-flow-tests

kradalby-gh-runner

fix-proto-lint

remove-funding-links

go-1.19

enable-1.30-in-tests

0.16.x

cosmetic-changes-integration

tmp-fix-integration-docker

fix-integration-docker

configurable-update-interval

show-nodes-online

hs2021

acl-syntax-fixes

ts2021-implementation

fix-spurious-updates

unstable-integration-tests

mandatory-stun

embedded-derp

prtemplate-fix

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/headscale#1683