Skip to content

validating url for sso and sts #3610

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Nov 6, 2025
Merged

validating url for sso and sts #3610

merged 9 commits into from
Nov 6, 2025
+89 −2

Conversation

@pulimsr
Copy link
Contributor

@pulimsr pulimsr commented Nov 5, 2025
edited
Loading

Description of changes: validating credential urls for sso and sts

Check all that applies:

  • Did a review by yourself.
  • Added proper tests to cover this PR. (If tests are not applicable, explain.)
  • Checked if this PR is a breaking (APIs have been changed) change.
  • Checked if this PR will not introduce cross-platform inconsistent behavior.
  • Checked if this PR would require a ReadMe/Wiki update.

Check which platforms you have built SDK on to verify the correctness of this PR.

  • Linux
  • Windows
  • Android
  • MacOS
  • IOS
  • Other Platforms

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

sbiscigl
sbiscigl reviewed Nov 5, 2025
View reviewed changes
src/aws-cpp-sdk-core/source/internal/AWSHttpResourceClient.cpp Outdated
}
ss.str();

Aws::Http::URI uri(ss.str());
Copy link
Contributor

@sbiscigl sbiscigl Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instead of validating the the URI in the constructor, validate it when we make the call like how we currently do it in AwsClient, i.e. in AWSHttpResourceClient::GetResourceWithAWSWebServiceResult we should validate there before making any calls

tests/aws-cpp-sdk-core-tests/aws/auth/SSRFValidationTest.cpp Outdated
using namespace Aws::Auth;
using namespace Aws::Client;

class SSRFValidationTest : public Aws::Testing::AwsCppSdkGTestSuite {
Copy link
Contributor

@sbiscigl sbiscigl Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets not make this its own test, AWSCredentialsProviderTest has tests for both SSO and STS, lets place tests there that validate this behavor

@pulimsr pulimsr merged commit 091a493 into main Nov 6, 2025
4 of 5 checks passed
@pulimsr pulimsr deleted the sso-sts--url-validation branch November 6, 2025 15:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sbiscigl sbiscigl sbiscigl approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pulimsr @sbiscigl