Fix panic in BasicAuthDecode (#14046)
* Fix panic in BasicAuthDecode If the string does not contain ":" that function would run into an `index out of range [1] with length 1` error. prevent that. * Update BasicAuthDecode() Co-authored-by: 6543 <6543@obermui.de>
This commit is contained in:
parent
e9cc613c24
commit
27edc1aa19
|
@ -10,6 +10,7 @@ import (
|
||||||
"crypto/sha256"
|
"crypto/sha256"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
|
@ -63,6 +64,11 @@ func BasicAuthDecode(encoded string) (string, string, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
auth := strings.SplitN(string(s), ":", 2)
|
auth := strings.SplitN(string(s), ":", 2)
|
||||||
|
|
||||||
|
if len(auth) != 2 {
|
||||||
|
return "", "", errors.New("invalid basic authentication")
|
||||||
|
}
|
||||||
|
|
||||||
return auth[0], auth[1], nil
|
return auth[0], auth[1], nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -43,6 +43,12 @@ func TestBasicAuthDecode(t *testing.T) {
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Equal(t, "foo", user)
|
assert.Equal(t, "foo", user)
|
||||||
assert.Equal(t, "bar", pass)
|
assert.Equal(t, "bar", pass)
|
||||||
|
|
||||||
|
_, _, err = BasicAuthDecode("aW52YWxpZA==")
|
||||||
|
assert.Error(t, err)
|
||||||
|
|
||||||
|
_, _, err = BasicAuthDecode("invalid")
|
||||||
|
assert.Error(t, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestBasicAuthEncode(t *testing.T) {
|
func TestBasicAuthEncode(t *testing.T) {
|
||||||
|
|
Loading…
Reference in a new issue