tunnel_routes: stricter validation for parameters (#917)

Enforce some stricter parameter validation on values to prevent hidden issues.
cloudflare · May 31, 2022 · b005e27 · b005e27
1 parent 36002e2
commit b005e27
Showing 1 changed file with 28 additions and 2 deletions.
diff --git a/tunnel_routes.go b/tunnel_routes.go
@@ -6,11 +6,17 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"strings"
 	"time"
 
 	"github.com/pkg/errors"
 )
 
+var (
+	ErrMissingNetwork      = errors.New("missing required network parameter")
+	ErrInvalidNetworkValue = errors.New("invalid IP parameter. Cannot use CIDR ranges for this endpoint.")
+)
+
 // TunnelRoute is the full record for a route.
 type TunnelRoute struct {
 	Network    string     `json:"network"`
@@ -22,7 +28,7 @@ type TunnelRoute struct {
 }
 
 type TunnelRoutesListParams struct {
-	AccountID       string
+	AccountID       string     `url:"-"`
 	TunnelID        string     `url:"tunnel_id,omitempty"`
 	Comment         string     `url:"comment,omitempty"`
 	IsDeleted       *bool      `url:"is_deleted,omitempty"`
@@ -76,7 +82,7 @@ func (api *API) ListTunnelRoutes(ctx context.Context, params TunnelRoutesListPar
 	}
 
 	uri := buildURI(fmt.Sprintf("/%s/%s/teamnet/routes", AccountRouteRoot, params.AccountID), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
 	if err != nil {
 		return []TunnelRoute{}, err
 	}
@@ -94,6 +100,18 @@ func (api *API) ListTunnelRoutes(ctx context.Context, params TunnelRoutesListPar
 //
 // See: https://api.cloudflare.com/#tunnel-route-get-tunnel-route-by-ip
 func (api *API) GetTunnelRouteForIP(ctx context.Context, params TunnelRoutesForIPParams) (TunnelRoute, error) {
+	if params.AccountID == "" {
+		return TunnelRoute{}, ErrMissingAccountID
+	}
+
+	if params.Network == "" {
+		return TunnelRoute{}, ErrMissingNetwork
+	}
+
+	if strings.Contains(params.Network, "/") {
+		return TunnelRoute{}, ErrInvalidNetworkValue
+	}
+
 	uri := fmt.Sprintf("/%s/%s/teamnet/routes/ip/%s", AccountRouteRoot, params.AccountID, params.Network)
 
 	responseBody, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
@@ -119,6 +137,10 @@ func (api *API) CreateTunnelRoute(ctx context.Context, params TunnelRoutesCreate
 		return TunnelRoute{}, ErrMissingAccountID
 	}
 
+	if params.Network == "" {
+		return TunnelRoute{}, ErrMissingNetwork
+	}
+
 	uri := fmt.Sprintf("/%s/%s/teamnet/routes/network/%s", AccountRouteRoot, params.AccountID, url.PathEscape(params.Network))
 
 	responseBody, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
@@ -143,6 +165,10 @@ func (api *API) DeleteTunnelRoute(ctx context.Context, params TunnelRoutesDelete
 		return ErrMissingAccountID
 	}
 
+	if params.Network == "" {
+		return ErrMissingNetwork
+	}
+
 	uri := fmt.Sprintf("/%s/%s/teamnet/routes/network/%s", AccountRouteRoot, params.AccountID, url.PathEscape(params.Network))
 
 	responseBody, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)