From fcb8bdf7219c76d2b608d45317427cbbd6e69d6c Mon Sep 17 00:00:00 2001
From: Arvind Bright <arvind.bright100@gmail.com>
Date: Wed, 2 Nov 2022 13:11:13 -0700
Subject: [PATCH] xds/google-c2p: validate url for no authorities (#5756)

---
 xds/googledirectpath/googlec2p.go      |  4 ++++
 xds/googledirectpath/googlec2p_test.go | 19 +++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/xds/googledirectpath/googlec2p.go b/xds/googledirectpath/googlec2p.go
index 1789334fd32..669c4fc1c48 100644
--- a/xds/googledirectpath/googlec2p.go
+++ b/xds/googledirectpath/googlec2p.go
@@ -92,6 +92,10 @@ type c2pResolverBuilder struct {
 }
 
 func (c2pResolverBuilder) Build(t resolver.Target, cc resolver.ClientConn, opts resolver.BuildOptions) (resolver.Resolver, error) {
+	if t.URL.Host != "" {
+		return nil, fmt.Errorf("google-c2p URI scheme does not support authorities")
+	}
+
 	if !runDirectPath() {
 		// If not xDS, fallback to DNS.
 		t.Scheme = dnsName
diff --git a/xds/googledirectpath/googlec2p_test.go b/xds/googledirectpath/googlec2p_test.go
index f32eafbf26c..f9357e9bf3a 100644
--- a/xds/googledirectpath/googlec2p_test.go
+++ b/xds/googledirectpath/googlec2p_test.go
@@ -20,12 +20,14 @@ package googledirectpath
 
 import (
 	"strconv"
+	"strings"
 	"testing"
 	"time"
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/internal/envconfig"
 	"google.golang.org/grpc/resolver"
 	"google.golang.org/grpc/xds/internal/xdsclient"
@@ -251,3 +253,20 @@ func TestBuildXDS(t *testing.T) {
 		})
 	}
 }
+
+// TestDialFailsWhenTargetContainsAuthority attempts to Dial a target URI of
+// google-c2p scheme with a non-empty authority and verifies that it fails with
+// an expected error.
+func TestBuildFailsWhenCalledWithAuthority(t *testing.T) {
+	uri := "google-c2p://an-authority/resource"
+	cc, err := grpc.Dial(uri, grpc.WithTransportCredentials(insecure.NewCredentials()))
+	defer func() {
+		if cc != nil {
+			cc.Close()
+		}
+	}()
+	wantErr := "google-c2p URI scheme does not support authorities"
+	if err == nil || !strings.Contains(err.Error(), wantErr) {
+		t.Fatalf("grpc.Dial(%s) returned error: %v, want: %v", uri, err, wantErr)
+	}
+}