fix: validate instances in fuse mode (#875)

## Change Description Validate instances in fuse mode to avoid incorrectly picking up file system requests. ## Checklist - [x] Make sure to open an issue as a [bug/issue](https://github.com/GoogleCloudPlatform/cloudsql-proxy/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea. - [x] Ensure the tests and linter pass - [x] Appropriate documentation is updated (if necessary) ## Relevant issues: - Fixes #873
GoogleCloudPlatform · Aug 9, 2021 · 96f8b65 · 96f8b65
1 parent 247cbad
commit 96f8b65
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 12 deletions.
diff --git a/cmd/cloud_sql_proxy/proxy.go b/cmd/cloud_sql_proxy/proxy.go
@@ -31,7 +31,6 @@ import (
 	"github.com/GoogleCloudPlatform/cloudsql-proxy/logging"
 	"github.com/GoogleCloudPlatform/cloudsql-proxy/proxy/fuse"
 	"github.com/GoogleCloudPlatform/cloudsql-proxy/proxy/proxy"
-	"github.com/GoogleCloudPlatform/cloudsql-proxy/proxy/util"
 	sqladmin "google.golang.org/api/sqladmin/v1beta4"
 )
 
@@ -225,17 +224,12 @@ var validNets = func() map[string]bool {
 
 func parseInstanceConfig(dir, instance string, cl *http.Client) (instanceConfig, error) {
 	var ret instanceConfig
-	args := strings.Split(instance, "=")
-	if len(args) > 2 {
-		return instanceConfig{}, fmt.Errorf("invalid instance argument: must be either form - `<instance_connection_string>` or `<instance_connection_string>=<options>`; invalid arg was %q", instance)
+	proj, region, name, args, err := proxy.ParseInstanceConnectionName(instance)
+	if err != nil {
+		return instanceConfig{}, err
 	}
-	// Parse the instance connection name - everything before the "=".
 	ret.Instance = args[0]
-	proj, region, name := util.SplitName(ret.Instance)
 	regionName := fmt.Sprintf("%s~%s", region, name)
-	if proj == "" || region == "" || name == "" {
-		return instanceConfig{}, fmt.Errorf("invalid instance connection string: must be in the form `project:region:instance-name`; invalid name was %q", args[0])
-	}
 	if len(args) == 1 {
 		// Default to listening via unix socket in specified directory
 		ret.Network = "unix"

diff --git a/proxy/fuse/fuse.go b/proxy/fuse/fuse.go
@@ -243,6 +243,10 @@ func (r *fsRoot) Lookup(ctx context.Context, req *fuse.LookupRequest, resp *fuse
 	r.sockLock.Lock()
 	defer r.sockLock.Unlock()
 
+	if _, _, _, _, err := proxy.ParseInstanceConnectionName(instance); err != nil {
+		return nil, err
+	}
+
 	if ret, ok := r.links[instance]; ok {
 		return ret, nil
 	}

diff --git a/proxy/fuse/fuse_test.go b/proxy/fuse/fuse_test.go
@@ -58,7 +58,7 @@ func TestBadDir(t *testing.T) {
 	}
 	defer fuse.Close()
 
-	_, err = os.Stat(filepath.Join(dir, "dir1", "dir2"))
+	_, err = os.Stat(filepath.Join(dir, "dir:ectory:1", "dir:ectory:2"))
 	if err == nil {
 		t.Fatal("able to find a directory inside the mount point, expected only regular files")
 	}
@@ -90,7 +90,7 @@ func TestSingleInstance(t *testing.T) {
 	}
 	defer fuse.Close()
 
-	const want = "test:instance"
+	const want = "test:instance:string"
 	path := filepath.Join(dir, want)
 
 	fi, err := os.Stat(path)
@@ -155,7 +155,7 @@ func BenchmarkNewConnection(b *testing.B) {
 		}
 	}()
 
-	const instance = "test:instance"
+	const instance = "test:instance:string"
 	path := filepath.Join(dir, instance)
 
 	b.ResetTimer()

diff --git a/proxy/proxy/client.go b/proxy/proxy/client.go
@@ -21,11 +21,13 @@ import (
 	"errors"
 	"fmt"
 	"net"
+	"strings"
 	"sync"
 	"sync/atomic"
 	"time"
 
 	"github.com/GoogleCloudPlatform/cloudsql-proxy/logging"
+	"github.com/GoogleCloudPlatform/cloudsql-proxy/proxy/util"
 	"golang.org/x/net/proxy"
 	"golang.org/x/time/rate"
 )
@@ -522,6 +524,21 @@ func (c *Client) InstanceVersionContext(ctx context.Context, instance string) (s
 	return version, nil
 }
 
+// ParseInstanceConnectionName verifies that instances are in the expected format and include
+// the necessary components.
+func ParseInstanceConnectionName(instance string) (string, string, string, []string, error) {
+	args := strings.Split(instance, "=")
+	if len(args) > 2 {
+		return "", "", "", nil, fmt.Errorf("invalid instance argument: must be either form - `<instance_connection_string>` or `<instance_connection_string>=<options>`; invalid arg was %q", instance)
+	}
+	// Parse the instance connection name - everything before the "=".
+	proj, region, name := util.SplitName(args[0])
+	if proj == "" || region == "" || name == "" {
+		return "", "", "", nil, fmt.Errorf("invalid instance connection string: must be in the form `project:region:instance-name`; invalid name was %q", args[0])
+	}
+	return proj, region, name, args, nil
+}
+
 // AvailableConn returns false if MaxConnections has been reached, true otherwise.
 // When MaxConnections is 0, there is no limit.
 func (c *Client) AvailableConn() bool {

diff --git a/proxy/proxy/client_test.go b/proxy/proxy/client_test.go
@@ -317,3 +317,28 @@ func TestRemoteCertError(t *testing.T) {
 	}
 
 }
+
+func TestValidate(t *testing.T) {
+	// SplitName has its own tests and is not specifically tested here.
+	table := []struct {
+		in           string
+		wantValid    bool
+		wantErrorStr string
+	}{
+		{"proj:region:my-db", true, ""},
+		{"proj:region:my-db=options", true, ""},
+		{"proj=region=my-db", false, "invalid instance argument: must be either form - `<instance_connection_string>` or `<instance_connection_string>=<options>`; invalid arg was \"proj=region=my-db\""},
+		{"projregionmy-db", false, "invalid instance connection string: must be in the form `project:region:instance-name`; invalid name was \"projregionmy-db\""},
+	}
+
+	for _, test := range table {
+		_, _, _, _, gotError := ParseInstanceConnectionName(test.in)
+		var gotErrorStr string
+		if gotError != nil {
+			gotErrorStr = gotError.Error()
+		}
+		if gotErrorStr != test.wantErrorStr {
+			t.Errorf("Validate(%q): got \"%v\" for error, want \"%v\"", test.in, gotError, test.wantErrorStr)
+		}
+	}
+}