Skip to content

fix: harden header sanitization and handling logic#2025

Merged
k8s-ci-robot merged 1 commit intokubernetes-sigs:mainfrom
LukeAVanDrie:fix/headers-1624
Dec 19, 2025
Merged

fix: harden header sanitization and handling logic#2025
k8s-ci-robot merged 1 commit intokubernetes-sigs:mainfrom
LukeAVanDrie:fix/headers-1624

Conversation

@LukeAVanDrie
Copy link
Copy Markdown
Contributor

@LukeAVanDrie LukeAVanDrie commented Dec 18, 2025

What type of PR is this?
/kind bug

What this PR does / why we need it:
This PR hardens the HTTP header handling logic within the extension to ensure strict ownership of protocol and system metadata headers.

Previously, the header generation logic in generateHeaders (Request) and generateResponseHeaders (Response) acted as a transparent passthrough, appending user-supplied headers to the outgoing message.

Changes:

  • Strict Blocklist: Introduces requtil.IsSystemOwnedHeader to define a specific set of headers (Protocol, Routing, and Control) that must be managed exclusively by the extension.
  • Sanitization: Updates the header generation loops to silently drop any external values for these keys.

Reasoning:
These changes are necessary to prevent ambiguity in downstream proxies (Envoy) and backends. For example, internal routing headers should not be influenceable by external input.

Which issue(s) this PR fixes:
Fixes #1624

Does this PR introduce a user-facing change?:

Harden header handling logic to enforce strict ownership of system and protocol headers, preventing potential ambiguity in backend routing and response processing.

@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Dec 18, 2025
@netlify
Copy link
Copy Markdown

netlify Bot commented Dec 18, 2025
edited
Loading

Deploy Preview for gateway-api-inference-extension ready!

Name Link
🔨 Latest commit 95d9f1b
🔍 Latest deploy log https://app.netlify.com/projects/gateway-api-inference-extension/deploys/6944f9bee04d44000828ec56
😎 Deploy Preview https://deploy-preview-2025--gateway-api-inference-extension.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Dec 18, 2025
@k8s-ci-robot k8s-ci-robot requested a review from elevran December 18, 2025 21:06
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Dec 18, 2025

Hi @LukeAVanDrie. Thanks for your PR.

I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Dec 18, 2025
@LukeAVanDrie LukeAVanDrie mentioned this pull request Dec 18, 2025
Closed
@ahg-g
Copy link
Copy Markdown
Contributor

ahg-g commented Dec 19, 2025

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Dec 19, 2025
@ahg-g
Copy link
Copy Markdown
Contributor

ahg-g commented Dec 19, 2025

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 19, 2025
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Dec 19, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ahg-g, LukeAVanDrie

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Dec 19, 2025
@LukeAVanDrie
fix: harden header sanitization and handling logic
95d9f1b 
This change improves the robustness of header manipulation in the
ext_proc server. It implements strict sanitization for "system-owned"
headers (such as Content-Length and internal routing metadata) in both
the request and response paths.

Previously, these headers were passed through transparently from the
input. This change ensures the extension maintains authoritative control
over protocol and routing headers, preventing potential ambiguity in
downstream processing.
@k8s-ci-robot k8s-ci-robot removed lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Dec 19, 2025
@ahg-g
Copy link
Copy Markdown
Contributor

ahg-g commented Dec 19, 2025

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 19, 2025
@k8s-ci-robot k8s-ci-robot merged commit 5ec1fa1 into kubernetes-sigs:main Dec 19, 2025
12 checks passed
nirrozenbaum
nirrozenbaum reviewed Dec 19, 2025
View reviewed changes
Comment thread pkg/epp/util/request/headers.go
var (
// InputControlHeaders are sent by the Gateway/User to control EPP behavior.
// We must extract these, then strip them so they don't leak to the backend.
InputControlHeaders = map[string]bool{
Copy link
Copy Markdown
Contributor

@nirrozenbaum nirrozenbaum Dec 19, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: there’s no meaning for the “true” here, and this map acts as a hash set.
could be nice to use “set” from k8s utils instead of this map, and use the set.Has function (it’s backed by a map to struct{}).

it reads clearer IMO.
(if you want to push in a follow up)

Copy link
Copy Markdown
Contributor

@nirrozenbaum nirrozenbaum Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

example here:

gateway-api-inference-extension/pkg/epp/config/loader/configloader.go

Line 122 in 5ec1fa1

pluginNames := sets.New[string]()

Copy link
Copy Markdown
Contributor Author

@LukeAVanDrie LukeAVanDrie Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I considered this but figured map[string]bool or map[string]struct{} was idiomatic enough. The set utility reads nicer though, especially now that we have generics. Will send out a small followup!

@LukeAVanDrie LukeAVanDrie mentioned this pull request Dec 21, 2025
Merged
davidbreitgand pushed a commit to davidbreitgand/gateway-api-inference-extension that referenced this pull request Jan 6, 2026
@LukeAVanDrie @davidbreitgand
fix: harden header sanitization and handling logic (kubernetes-sigs#2025
cb76f38 
)

This change improves the robustness of header manipulation in the
ext_proc server. It implements strict sanitization for "system-owned"
headers (such as Content-Length and internal routing metadata) in both
the request and response paths.

Previously, these headers were passed through transparently from the
input. This change ensures the extension maintains authoritative control
over protocol and routing headers, preventing potential ambiguity in
downstream processing.
elevran pushed a commit to llm-d/llm-d-inference-scheduler that referenced this pull request Apr 23, 2026
@LukeAVanDrie
fix: harden header sanitization and handling logic (kubernetes-sigs/g…
bf6e842 
…ateway-api-inference-extension#2025)

This change improves the robustness of header manipulation in the
ext_proc server. It implements strict sanitization for "system-owned"
headers (such as Content-Length and internal routing metadata) in both
the request and response paths.

Previously, these headers were passed through transparently from the
input. This change ensures the extension maintains authoritative control
over protocol and routing headers, preventing potential ambiguity in
downstream processing.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nirrozenbaum nirrozenbaum nirrozenbaum left review comments

@danehans danehans Awaiting requested review from danehans

@elevran elevran Awaiting requested review from elevran

Assignees

@ahg-g ahg-g

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bug: Critical Header Handling Flaws (Trace ID Loss, Data Corruption, & Header Injection)

4 participants

@LukeAVanDrie @k8s-ci-robot @ahg-g @nirrozenbaum