From a628e3688b7810bacc3d8d559e47329d5ec011d5 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Fri, 19 Nov 2021 17:19:45 +0100 Subject: [PATCH 1/2] fix(userspace/falco): accept 'Content-Type' header that contains "application/json", but it is not strictly equal to it. Signed-off-by: Federico Di Pierro --- userspace/falco/webserver.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/userspace/falco/webserver.cpp b/userspace/falco/webserver.cpp index 6098063eee2..5af8db84ce6 100644 --- a/userspace/falco/webserver.cpp +++ b/userspace/falco/webserver.cpp @@ -150,7 +150,7 @@ bool k8s_audit_handler::handlePost(CivetServer *server, struct mg_connection *co // Ensure that the content-type is application/json const char *ct = server->getHeader(conn, string("Content-Type")); - if(ct == NULL || string(ct) != "application/json") + if(ct == NULL || strstr(ct, "application/json") == NULL) { mg_send_http_error(conn, 400, "Wrong Content Type"); From 66732f3f23f140f60fa674dbb1b521121441a720 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Tue, 23 Nov 2021 09:58:34 +0100 Subject: [PATCH 2/2] update(userspace/falco): enforce check that content-type actually starts with "application/json" string. Signed-off-by: Federico Di Pierro Co-authored-by: Leonardo Grasso --- userspace/falco/webserver.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/userspace/falco/webserver.cpp b/userspace/falco/webserver.cpp index 5af8db84ce6..6405d0ca16e 100644 --- a/userspace/falco/webserver.cpp +++ b/userspace/falco/webserver.cpp @@ -150,7 +150,8 @@ bool k8s_audit_handler::handlePost(CivetServer *server, struct mg_connection *co // Ensure that the content-type is application/json const char *ct = server->getHeader(conn, string("Content-Type")); - if(ct == NULL || strstr(ct, "application/json") == NULL) + // content type *must* start with application/json + if(ct == NULL || strncmp(ct, "application/json", strlen("application/json")) != 0) { mg_send_http_error(conn, 400, "Wrong Content Type");