fix jwt_authn fuzzer crash on invalid provider URI (#34567)

* fix jwt_authz fuzzer crash on invalid provider URI Signed-off-by: antoniovleonti <leonti@google.com> * move validation to filter_config.cc Signed-off-by: antoniovleonti <leonti@google.com> * fix tests Signed-off-by: antoniovleonti <leonti@google.com> * add runtime guard Signed-off-by: antoniovleonti <leonti@google.com> * remote erroneous runtime guard Signed-off-by: antoniovleonti <leonti@google.com> * fix runtime feature name & add test Signed-off-by: antoniovleonti <leonti@google.com> --------- Signed-off-by: antoniovleonti <leonti@google.com> Signed-off-by: Antonio V. Leonti <53806445+antoniovleonti@users.noreply.github.com> Mirrored from https://github.com/envoyproxy/envoy @ 2917f74c28534634c021f3d86552891d45daa827
5 months ago · 8eab8ef59c
parent 8e9ace8219
commit 8eab8ef59c
1 changed files with 1 additions and 1 deletions
--- a/envoy/extensions/filters/http/jwt_authn/v3/config.proto
+++ b/envoy/extensions/filters/http/jwt_authn/v3/config.proto
@ -395,7 +395,7 @@ message RemoteJwks {
  //      cluster: jwt.www.googleapis.com|443
  //      timeout: 1s
  //
-  config.core.v3.HttpUri http_uri = 1;
+  config.core.v3.HttpUri http_uri = 1 [(validate.rules).message = {required: true}];

  // Duration after which the cached JWKS should be expired. If not specified, default cache
  // duration is 10 minutes.