haproxy Cookie id leaks information about software

pecameron · pecameron · commit 28ab17de8d1c · 2016-05-09T08:29:35.000-04:00
Resolves: bz1328030
This obfuscates the cookie name my hashing the original name.

Signed-off-by: Phil Cameron &lt;pcameron@redhat.com&gt;
diff --git a/images/router/haproxy/conf/haproxy-config.template b/images/router/haproxy/conf/haproxy-config.template
@@ -217,9 +217,9 @@ backend be_edge_http_{{$cfgIdx}}
   http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
   {{ if (eq $cfg.TLSTermination "") }}
-    cookie OPENSHIFT_{{$cfgIdx}}_SERVERID insert indirect nocache httponly
+    cookie {{$cfg.RoutingKeyName}} insert indirect nocache httponly
   {{ else }}
-    cookie OPENSHIFT_EDGE_{{$cfgIdx}}_SERVERID insert indirect nocache httponly secure
+    cookie {{$cfg.RoutingKeyName}} insert indirect nocache httponly secure
   {{ end }}
   http-request set-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)]
                 {{ range $idx, $endpoint := endpointsForAlias $cfg $serviceUnit }}
@@ -243,7 +243,7 @@ backend be_secure_{{$cfgIdx}}
   option redispatch
   balance leastconn
   timeout check 5000ms
-  cookie OPENSHIFT_REENCRYPT_{{$cfgIdx}}_SERVERID insert indirect nocache httponly secure
+  cookie {{$cfg.RoutingKeyName}} insert indirect nocache httponly secure
                 {{ range $idx, $endpoint := endpointsForAlias $cfg $serviceUnit }}
   server {{$endpoint.IdHash}} {{$endpoint.IP}}:{{$endpoint.Port}} ssl check inter 5000ms verify required ca-file {{ $workingDir }}/cacerts/{{$cfgIdx}}.pem cookie {{$endpoint.IdHash}}
                 {{ end }}
diff --git a/pkg/router/template/router.go b/pkg/router/template/router.go
@@ -1,6 +1,7 @@
 package templaterouter
 
 import (
+	"crypto/md5"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -450,6 +451,9 @@ func (r *templateRouter) AddRoute(id string, route *routeapi.Route, host string)
 		}
 	}
 
+	key := fmt.Sprintf("%s %s", config.TLSTermination, backendKey)
+	config.RoutingKeyName = fmt.Sprintf("%x", md5.Sum([]byte(key)))
+
 	//create or replace
 	frontend.ServiceAliasConfigs[backendKey] = config
 	r.state[id] = frontend
diff --git a/pkg/router/template/types.go b/pkg/router/template/types.go
@@ -37,6 +37,8 @@ type ServiceAliasConfig struct {
 	// insecure connections to an edge-terminated route:
 	//   none (or disable), allow or redirect
 	InsecureEdgeTerminationPolicy routeapi.InsecureEdgeTerminationPolicyType
+	// Hash of the route name - used to obscure cookieId
+	RoutingKeyName string
 }
 
 type ServiceAliasConfigStatus string
diff --git a/test/integration/router_test.go b/test/integration/router_test.go
@@ -1035,6 +1035,12 @@ func getRoute(routerUrl string, hostName string, protocol string, headers map[st
 			return "", fmt.Errorf("GET of %s returned: %d", url, resp.StatusCode)
 		}
 		respBody, err := ioutil.ReadAll(resp.Body)
+		cookies := resp.Cookies()
+		for _, cookie := range cookies {
+			if len(cookie.Name) != 32 || len(cookie.Value) != 32 {
+				return "", fmt.Errorf("GET of %s returned bad cookie %s=%s", url, cookie.Name, cookie.Value)
+			}
+		}
 		return string(respBody), err
 
 	case "ws", "wss":

Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,8 @@ type ServiceAliasConfig struct {`
`37`	`37`	`// insecure connections to an edge-terminated route:`
`38`	`38`	`// none (or disable), allow or redirect`
`39`	`39`	`InsecureEdgeTerminationPolicy routeapi.InsecureEdgeTerminationPolicyType`
	`40`	`+ // Hash of the route name - used to obscure cookieId`
	`41`	`+ RoutingKeyName string`
`40`	`42`	`}`
`41`	`43`
`42`	`44`	`type ServiceAliasConfigStatus string`