krombel/oauth2
1
0
Fork 0
forked from remote/oauth2
Code Pull Requests 1 Activity

fix nits

Browse Source
This commit is contained in:
Patrick Jones
2021-08-12 15:55:41 -07:00
parent b46ea24969
commit e8d4c9f583
2 changed files with 47 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
google/internal/externalaccount/basecredentials.go
View File

@@ -62,16 +62,16 @@ var (
validTokenURLPatterns = []*regexp.Regexp{
// The complicated part in the middle matches any number of characters that
// aren't period, spaces, or slashes.
regexp.MustCompile("(?i)^[^\\.\\s\\/\\\\]+\\.sts\\.googleapis\\.com$"),
regexp.MustCompile("(?i)^sts\\.googleapis\\.com$"),
regexp.MustCompile("(?i)^sts\\.[^\\.\\s\\/\\\\]+\\.googleapis\\.com$"),
regexp.MustCompile("(?i)^[^\\.\\s\\/\\\\]+-sts\\.googleapis\\.com$"),
regexp.MustCompile(`(?i)^[^\.\s\/\\]+\.sts\.googleapis\.com$`),
regexp.MustCompile(`(?i)^sts\.googleapis\.com$`),
regexp.MustCompile(`(?i)^sts\.[^\.\s\/\\]+\.googleapis\.com$`),
regexp.MustCompile(`(?i)^[^\.\s\/\\]+-sts\.googleapis\.com$`),
}
validImpersonateURLPatterns = []*regexp.Regexp{
regexp.MustCompile("^[^\\.\\s\\/\\\\]+\\.iamcredentials\\.googleapis\\.com$"),
regexp.MustCompile("^iamcredentials\\.googleapis\\.com$"),
regexp.MustCompile("^iamcredentials\\.[^\\.\\s\\/\\\\]+\\.googleapis\\.com$"),
regexp.MustCompile("^[^\\.\\s\\/\\\\]+-iamcredentials\\.googleapis\\.com$"),
regexp.MustCompile(`^[^\.\s\/\\]+\.iamcredentials\.googleapis\.com$`),
regexp.MustCompile(`^iamcredentials\.googleapis\.com$`),
regexp.MustCompile(`^iamcredentials\.[^\.\s\/\\]+\.googleapis\.com$`),
regexp.MustCompile(`^[^\.\s\/\\]+-iamcredentials\.googleapis\.com$`),
}
)
@@ -80,14 +80,14 @@ func validateURL(input string, patterns []*regexp.Regexp, scheme string) bool {
if err != nil {
return false
}
if strings.ToLower(parsed.Scheme) != strings.ToLower(scheme) {
if !strings.EqualFold(parsed.Scheme, scheme) {
return false
}
toTest := parsed.Host
for _, pattern := range patterns {
valid := pattern.MatchString(toTest)
if valid {
if valid := pattern.MatchString(toTest); valid {
return true
}
}
@@ -103,13 +103,11 @@ func (c *Config) TokenSource(ctx context.Context) (oauth2.TokenSource, error) {
// because the unit test URLs are mocked, and would otherwise fail the
// validity check.
func (c *Config) tokenSource(ctx context.Context, tokenURLValidPats []*regexp.Regexp, impersonateURLValidPats []*regexp.Regexp, scheme string) (oauth2.TokenSource, error) {
// Check the validity of TokenURL.
valid := validateURL(c.TokenURL, tokenURLValidPats, scheme)
if !valid {
return nil, fmt.Errorf("oauth2/google: invalid TokenURL provided while constructing tokenSource")
}
// If ServiceAccountImpersonationURL is present, check its validity.
if c.ServiceAccountImpersonationURL != "" {
valid := validateURL(c.ServiceAccountImpersonationURL, impersonateURLValidPats, scheme)
if !valid {