From 152fdaf5ba52745af6b4481bed04a4977a11f1f4 Mon Sep 17 00:00:00 2001 From: Tomas Restrepo Date: Mon, 6 Aug 2018 18:25:02 -0500 Subject: [PATCH] Only propagate query string if refURL is relative to baseURL --- pkg/repo/chartrepo.go | 7 ++++++- pkg/repo/chartrepo_test.go | 8 ++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/pkg/repo/chartrepo.go b/pkg/repo/chartrepo.go index 4e4bc6fe2..cd9d6c547 100644 --- a/pkg/repo/chartrepo.go +++ b/pkg/repo/chartrepo.go @@ -270,8 +270,13 @@ func ResolveReferenceURL(baseURL, refURL string) (string, error) { return "", fmt.Errorf("failed to parse %s as URL: %v", refURL, err) } + // if the base URL contains query string parameters, + // propagate them to the child URL but only if the + // refURL is relative to baseURL resolvedURL := parsedBaseURL.ResolveReference(parsedRefURL) - resolvedURL.RawQuery = parsedBaseURL.RawQuery + if (resolvedURL.Hostname() == parsedBaseURL.Hostname()) && (resolvedURL.Port() == parsedBaseURL.Port()) { + resolvedURL.RawQuery = parsedBaseURL.RawQuery + } return resolvedURL.String(), nil } diff --git a/pkg/repo/chartrepo_test.go b/pkg/repo/chartrepo_test.go index 4b290a0d1..19071872d 100644 --- a/pkg/repo/chartrepo_test.go +++ b/pkg/repo/chartrepo_test.go @@ -302,4 +302,12 @@ func TestResolveReferenceURL(t *testing.T) { if chartURL != "https://kubernetes-charts.storage.googleapis.com/nginx-0.2.0.tgz" { t.Errorf("%s", chartURL) } + + chartURL, err = ResolveReferenceURL("http://localhost:8123/?querystring", "https://kubernetes-charts.storage.googleapis.com/nginx-0.2.0.tgz") + if err != nil { + t.Errorf("%s", err) + } + if chartURL != "https://kubernetes-charts.storage.googleapis.com/nginx-0.2.0.tgz" { + t.Errorf("%s contains query string from base URL when it shouldn't", chartURL) + } }