Limit the number of parts allowed for auth token (#8122)

picatz · yycptt · commit 988c5602d2cc · 2025-08-20T14:59:40.000-07:00
## What changed?

This PR aims to add a limit to the number of parts when splitting an
`Authorization` header `Bearer $token` values.

## Why?

This is useful for limiting potential abuses from maliciously crafted
header values.

## How did you test it?
- [x] built
- [x] run locally and tested manually
- [x] covered by existing tests
- [ ] added new unit test(s)
- [ ] added new functional test(s)

## Potential risks

I don't think there's any major risk here?
diff --git a/common/authorization/default_jwt_claim_mapper.go b/common/authorization/default_jwt_claim_mapper.go
@@ -72,7 +72,9 @@ func (a *defaultJWTClaimMapper) GetClaims(authInfo *AuthInfo) (*Claims, error) {
 		return &claims, nil
 	}
 
-	parts := strings.Split(authInfo.AuthToken, " ")
+	// We use strings.SplitN even though we check the length later, to avoid
+	// unnecessary allocations if the format is correct.
+	parts := strings.SplitN(authInfo.AuthToken, " ", 2)
 	if len(parts) != 2 {
 		return nil, serviceerror.NewPermissionDenied("unexpected authorization token format", "")
 	}

Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,9 @@ func (a defaultJWTClaimMapper) GetClaims(authInfo AuthInfo) (*Claims, error) {`
`72`	`72`	`return &claims, nil`
`73`	`73`	`}`
`74`	`74`
`75`		`- parts := strings.Split(authInfo.AuthToken, " ")`
	`75`	`+ // We use strings.SplitN even though we check the length later, to avoid`
	`76`	`+ // unnecessary allocations if the format is correct.`
	`77`	`+ parts := strings.SplitN(authInfo.AuthToken, " ", 2)`
`76`	`78`	`if len(parts) != 2 {`
`77`	`79`	`return nil, serviceerror.NewPermissionDenied("unexpected authorization token format", "")`
`78`	`80`	`}`