Remove envoy.reloadable_features.sanitize_original_path

README.md

@@ -112,8 +112,7 @@ These environment variables offer controls for the bootstrap config generation f
 |`APPMESH_SET_TRACING_DECISION`	|<true &#124; false>	|Controls whether Envoy modifies the `x-request-id` header appearing in a request from a client	|TRUE	|
 |`ENVOY_NO_EXTENSION_LOOKUP_BY_NAME`	|<true &#124; false>	|Controls whether Envoy needs type URL to lookup extensions regardless of the name field. If the type URL is missing it will reject (NACK) the configuration	|true	|
 |`ENVOY_ENABLE_TCP_POOL_IDLE_TIMEOUT`	|<true &#124; false>	|Controls whether the `idle_timeout` protocol options feature is enabled for TCP upstreams. If not configured the default `idle_timeout` is 10 minutes. Set this environment variable to `false` to disable `idle_timeout` option.	|true	|
-|`ENVOY_SANITIZE_ORIGINAL_PATH`	|<true &#124; false>	|Controls whether to sanitize `x-envoy-original-path` coming from an untrusted users. Set this environment variable to `false` to not sanitize `x-envoy-original-path` header coming from untrusted users.	|true	|
-|`ENVOY_ACTIVE_HEALTH_CHECK_UNEJECT_HOST`	|<true &#124; false>	|Controls whether, if active HC is enabled and a host is ejected by outlier detection, a successful active health check unejects the host and consider it healthy. This also clears all the outlier detection counters.	|false	|
+|`ENVOY_USE_HTTP_CLIENT_TO_FETCH_AWS_CREDENTIALS`	|<true &#124; false>	|Controls whether to use http async client to fetch AWS credentials in Envoy from metadata credentials providers instead of libcurl. The usage of libcurl is deprecated in Envoy	|false	|
 |`MAX_REQUESTS_PER_IO_CYCLE`	|1	|For setting the limit on the number of HTTP requests processed from a single connection in a single I/O cycle. Requests over this limit are processed in subsequent I/O cycles. This mitigates CPU starvation by connections that simultaneously send high number of requests by allowing requests from other connections to make progress. This runtime value can be set to 1 in the presence of abusive HTTP/2 or HTTP/3 connections. By default this is not set.	|	|
 |`APPMESH_SDS_SOCKET_PATH`	|/path/to/socket	|Unix Domain Socket for SDS Based TLS.	|	|
 |`APPMESH_PREVIEW`	|<0 &#124; 1>	|Enables the App Mesh Preview Endpoint	|	|

agent/envoy_bootstrap/envoy_bootstrap.go

@@ -123,11 +123,6 @@ func getRuntimeConfigLayer0() (map[string]interface{}, error) {
 		return nil, err
 	}
 
-	setSanitizeOriginalPath, err := env.TruthyOrElse("ENVOY_SANITIZE_ORIGINAL_PATH", true)
-	if err != nil {
-		return nil, err
-	}
-
 	setUseHttpClientToFetchAwsCredentials, err := env.TruthyOrElse("ENVOY_USE_HTTP_CLIENT_TO_FETCH_AWS_CREDENTIALS", config.ENVOY_USE_HTTP_CLIENT_TO_FETCH_AWS_CREDENTIALS_DEFAULT)
 	if err != nil {
 		return nil, err
@@ -152,16 +147,6 @@ func getRuntimeConfigLayer0() (map[string]interface{}, error) {
 		// Refer to https://www.envoyproxy.io/docs/envoy/latest/version_history/v1.22.0#minor-behavior-changes
 		"envoy.reloadable_features.no_extension_lookup_by_name": setNoExtensionLookupByName,
 
-		// Default is set to true.
-		// Envoy fixed a bug where `x-envoy-original-path` was not being sanitized when sent from untrusted users.
-		// This bug fix was done to address a CVE https://nvd.nist.gov/vuln/detail/CVE-2023-27487
-		// https://github.com/envoyproxy/envoy/commit/4a8cc2eabaf3d1300f84fe8df333064bfe2fafcd
-		// See https://www.envoyproxy.io/docs/envoy/v1.25.4/version_history/v1.25/v1.25.4#bug-fixes
-		// This introduced a behavioral change where `x-envoy-original-path` won't be propagated leading to potential change
-		// in request path logged in traces and access logs. So in case user wants to keep the original behavior because
-		// CVE is not applicable in their case then they can set Envoy env variable ENVOY_SANITIZE_ORIGINAL_PATH to `false`.
-		"envoy.reloadable_features.sanitize_original_path": setSanitizeOriginalPath,
-
 		// Default is set to false.
 		// Envoy introduced an option to use http async client to fetch aws metadata credentials instead of using libcurl.
 		// This effort was to deprecated the usage of libcurl in Envoy.

agent/envoy_bootstrap/envoy_bootstrap_test.go

@@ -673,7 +673,6 @@ metadata:
     envoy.features.enable_all_deprecated_features: true
     envoy.reloadable_features.http_set_tracing_decision_in_request_id: true
     envoy.reloadable_features.no_extension_lookup_by_name: true
-    envoy.reloadable_features.sanitize_original_path: true
     envoy.reloadable_features.use_http_client_to_fetch_aws_credentials: false
     re2.max_program_size.error_level: 1000
 `)
@@ -685,8 +684,6 @@ func TestBuildNodeMetadata_StaticRuntimeMappingDefaultOverridden(t *testing.T) {
 	defer os.Unsetenv("APPMESH_SET_TRACING_DECISION")
 	os.Setenv("ENVOY_NO_EXTENSION_LOOKUP_BY_NAME", "false")
 	defer os.Unsetenv("ENVOY_NO_EXTENSION_LOOKUP_BY_NAME")
-	os.Setenv("ENVOY_SANITIZE_ORIGINAL_PATH", "false")
-	defer os.Unsetenv("ENVOY_SANITIZE_ORIGINAL_PATH")
 	os.Setenv("MAX_REQUESTS_PER_IO_CYCLE", "1")
 	defer os.Unsetenv("MAX_REQUESTS_PER_IO_CYCLE")
 	os.Setenv("ENVOY_USE_HTTP_CLIENT_TO_FETCH_AWS_CREDENTIALS", "true")
@@ -702,7 +699,6 @@ metadata:
     envoy.features.enable_all_deprecated_features: true
     envoy.reloadable_features.http_set_tracing_decision_in_request_id: false
     envoy.reloadable_features.no_extension_lookup_by_name: false
-    envoy.reloadable_features.sanitize_original_path: false
     envoy.reloadable_features.use_http_client_to_fetch_aws_credentials: true
     re2.max_program_size.error_level: 1000
     http.max_requests_per_io_cycle: 1
@@ -722,7 +718,6 @@ layers:
       envoy.features.enable_all_deprecated_features: true
       envoy.reloadable_features.http_set_tracing_decision_in_request_id: true
       envoy.reloadable_features.no_extension_lookup_by_name: true
-      envoy.reloadable_features.sanitize_original_path: true
       envoy.reloadable_features.use_http_client_to_fetch_aws_credentials: false
       re2.max_program_size.error_level: 1000
   - name: "admin_layer"
@@ -745,7 +740,6 @@ layers:
       envoy.features.enable_all_deprecated_features: true
       envoy.reloadable_features.http_set_tracing_decision_in_request_id: false
       envoy.reloadable_features.no_extension_lookup_by_name: true
-      envoy.reloadable_features.sanitize_original_path: true
       envoy.reloadable_features.use_http_client_to_fetch_aws_credentials: false
       re2.max_program_size.error_level: 1000
   - name: "admin_layer"
@@ -768,30 +762,6 @@ layers:
       envoy.features.enable_all_deprecated_features: true
       envoy.reloadable_features.http_set_tracing_decision_in_request_id: true
       envoy.reloadable_features.no_extension_lookup_by_name: false
-      envoy.reloadable_features.sanitize_original_path: true
-      envoy.reloadable_features.use_http_client_to_fetch_aws_credentials: false
-      re2.max_program_size.error_level: 1000
-  - name: "admin_layer"
-    adminLayer: {}
-`)
-}
-
-func TestBuildLayeredRuntime_DontSanitizeOriginalPath(t *testing.T) {
-	setup()
-	os.Setenv("ENVOY_SANITIZE_ORIGINAL_PATH", "false")
-	defer os.Unsetenv("ENVOY_SANITIZE_ORIGINAL_PATH")
-	rt, err := buildLayeredRuntime()
-	if err != nil {
-		t.Error(err)
-	}
-	checkMessage(t, rt, `
-layers:
-  - name: "static_layer_0"
-    staticLayer:
-      envoy.features.enable_all_deprecated_features: true
-      envoy.reloadable_features.http_set_tracing_decision_in_request_id: true
-      envoy.reloadable_features.no_extension_lookup_by_name: true
-      envoy.reloadable_features.sanitize_original_path: false
       envoy.reloadable_features.use_http_client_to_fetch_aws_credentials: false
       re2.max_program_size.error_level: 1000
   - name: "admin_layer"
@@ -814,7 +784,6 @@ layers:
       envoy.features.enable_all_deprecated_features: true
       envoy.reloadable_features.http_set_tracing_decision_in_request_id: true
       envoy.reloadable_features.no_extension_lookup_by_name: true
-      envoy.reloadable_features.sanitize_original_path: true
       envoy.reloadable_features.use_http_client_to_fetch_aws_credentials: false
       re2.max_program_size.error_level: 1000
       http.max_requests_per_io_cycle: 1
@@ -838,7 +807,6 @@ layers:
       envoy.features.enable_all_deprecated_features: true
       envoy.reloadable_features.http_set_tracing_decision_in_request_id: true
       envoy.reloadable_features.no_extension_lookup_by_name: true
-      envoy.reloadable_features.sanitize_original_path: true
       envoy.reloadable_features.use_http_client_to_fetch_aws_credentials: false
       re2.max_program_size.error_level: 1000
   - name: "admin_layer"
@@ -861,7 +829,6 @@ layers:
       envoy.features.enable_all_deprecated_features: true
       envoy.reloadable_features.http_set_tracing_decision_in_request_id: true
       envoy.reloadable_features.no_extension_lookup_by_name: true
-      envoy.reloadable_features.sanitize_original_path: true
       envoy.reloadable_features.use_http_client_to_fetch_aws_credentials: true
       re2.max_program_size.error_level: 1000
   - name: "admin_layer"