Revert forked Director logic post go 1.23 + CVE fix

Golang patched the 100-continue bug this was working around. We've
reverted our custom fix, but kept integration tests to ensure it doesn't
regress.

Author: geofffranks

src/code.cloudfoundry.org/gorouter/config/config.go

@@ -484,14 +484,13 @@ type Config struct {
 	LoadBalance             string `yaml:"balancing_algorithm,omitempty"`
 	LoadBalanceAZPreference string `yaml:"balancing_algorithm_az_preference,omitempty"`
 
-	DisableKeepAlives            bool `yaml:"disable_keep_alives"`
-	MaxIdleConns                 int  `yaml:"max_idle_conns,omitempty"`
-	MaxIdleConnsPerHost          int  `yaml:"max_idle_conns_per_host,omitempty"`
-	MaxRequestHeaderBytes        int  `yaml:"max_request_header_bytes"`
-	MaxResponseHeaderBytes       int  `yaml:"max_response_header_bytes"`
-	MaxRequestHeaders            int  `yaml:"max_request_headers"`
-	MaxResponseHeaders           int  `yaml:"max_response_headers"`
-	KeepAlive100ContinueRequests bool `yaml:"keep_alive_100_continue_requests"`
+	DisableKeepAlives      bool `yaml:"disable_keep_alives"`
+	MaxIdleConns           int  `yaml:"max_idle_conns,omitempty"`
+	MaxIdleConnsPerHost    int  `yaml:"max_idle_conns_per_host,omitempty"`
+	MaxRequestHeaderBytes  int  `yaml:"max_request_header_bytes"`
+	MaxResponseHeaderBytes int  `yaml:"max_response_header_bytes"`
+	MaxRequestHeaders      int  `yaml:"max_request_headers"`
+	MaxResponseHeaders     int  `yaml:"max_response_headers"`
 
 	HTTPRewrite HTTPRewrite `yaml:"http_rewrite,omitempty"`
 

src/code.cloudfoundry.org/gorouter/config/config_test.go

@@ -889,14 +889,6 @@ backends:
 			Expect(config.DisableKeepAlives).To(BeFalse())
 		})
 
-		It("sets KeepAlive100ContinueRequests", func() {
-			var b = []byte("keep_alive_100_continue_requests: true")
-			err := config.Initialize(b)
-			Expect(err).ToNot(HaveOccurred())
-
-			Expect(config.KeepAlive100ContinueRequests).To(BeTrue())
-		})
-
 		It("sets MaxIdleConns", func() {
 			var b = []byte("max_idle_conns: 200")
 			err := config.Initialize(b)

src/code.cloudfoundry.org/gorouter/handlers/proxy_picker.go

@@ -1193,20 +1193,23 @@ var _ = Describe("Router Integration", func() {
 			runningApp.Stop()
 		})
 
-		var testRequest = func(body string) int {
+		var testRequest = func(header, body string) net.Conn {
 			conn, err := net.Dial("tcp", fmt.Sprintf("localhost:%d", proxyPort))
 			Expect(err).ToNot(HaveOccurred())
 			conn.SetReadDeadline(time.Now().Add(20 * time.Second))
 
 			connWriter := bufio.NewWriter(conn)
 
-			connWriter.Write([]byte(body))
+			connWriter.Write([]byte(header))
 			connWriter.Flush()
 
-			connReader := bufio.NewReader(conn)
-			resp, err := http.ReadResponse(connReader, &http.Request{})
-			Expect(err).NotTo(HaveOccurred())
-			return resp.StatusCode
+			if body != "" {
+				time.Sleep(100 * time.Millisecond)
+				connWriter.Write([]byte(body))
+				connWriter.Flush()
+
+			}
+			return conn
 		}
 
 		It("resets response for new request", func() {
@@ -1219,18 +1222,32 @@ var _ = Describe("Router Integration", func() {
 			go func() {
 				defer close(badRequestsDone)
 				defer GinkgoRecover()
-				for i := 0; i < 100; i++ {
-					statusCode := testRequest(
-						"OPTIONS / HTTP/1.1\r\n" +
-							fmt.Sprintf("Host: %s\r\n", appRoute) +
-							"Expect: 100-Continue\r\n" +
-							"Content-Type: text/plain\r\n" +
-							fmt.Sprintf("Content-Length: %d\r\n", 5) +
-							"\r\n" +
-							"hello",
+				for i := range 100 {
+					conn := testRequest(
+						"OPTIONS / HTTP/1.1\r\n"+
+							fmt.Sprintf("Host: %s\r\n", appRoute)+
+							"Expect: 100-Continue\r\n"+
+							"Content-Type: text/plain\r\n"+
+							fmt.Sprintf("Content-Length: %d\r\n", 5)+
+							"\r\n",
+						"hello",
 					)
-					Expect(statusCode).To(Equal(http.StatusMethodNotAllowed))
-					time.Sleep(50 * time.Millisecond)
+					responseReader := bufio.NewReader(conn)
+
+					var lines []string
+					for range 3 {
+						line, err := responseReader.ReadString('\n')
+						Expect(err).ToNot(HaveOccurred())
+						lines = append(lines, line)
+					}
+					conn.Close()
+					if lines[0] == "HTTP/1.1 100 Continue\r\n" {
+						Expect(lines[2]).To(Equal("HTTP/1.1 405 Method Not Allowed\r\n"))
+					} else {
+						Expect(lines[0]).To(Equal("HTTP/1.1 405 Method Not Allowed\r\n"))
+					}
+
+					time.Sleep(25 * time.Millisecond)
 					if i == 0 {
 						close(badRequestsStarted)
 					}
@@ -1244,15 +1261,21 @@ var _ = Describe("Router Integration", func() {
 			go func() {
 				defer close(goodRequestsDone)
 				defer GinkgoRecover()
-				for i := 0; i < 10; i++ {
-					statusCode := testRequest(
-						"GET / HTTP/1.1\r\n" +
-							fmt.Sprintf("Host: %s\r\n", appRoute) +
+				for range 50 {
+					conn := testRequest(
+						"GET / HTTP/1.1\r\n"+
+							fmt.Sprintf("Host: %s\r\n", appRoute)+
 							"\r\n",
+						"",
 					)
-					Expect(statusCode).To(Equal(http.StatusOK))
+					responseReader := bufio.NewReader(conn)
+					line, err := responseReader.ReadString('\n')
+					Expect(err).ToNot(HaveOccurred())
+					conn.Close()
+					Expect(line).To(Equal("HTTP/1.1 200 OK\r\n"))
 					time.Sleep(100 * time.Millisecond)
 				}
+
 			}()
 
 			Eventually(goodRequestsDone, "10s", "1s").Should(BeClosed())

src/code.cloudfoundry.org/gorouter/handlers/proxy_picker_test.go

@@ -127,23 +127,6 @@ func NewProxy(
 		ModifyResponse: p.modifyResponse,
 	}
 
-	// by default, we should close 100-continue requests for safety
-	// this requires a second proxy because Director and Rewrite cannot coexist
-	// additionally, Director() is called before hop-by-hop headers are sanitized
-	// whereas Rewrite is after, and this is where `Connection: close` can be added
-	expect100ContinueRProxy := &httputil.ReverseProxy{
-		Rewrite:        p.setupProxyRequestClose100Continue,
-		Transport:      prt,
-		FlushInterval:  50 * time.Millisecond,
-		BufferPool:     p.bufferPool,
-		ModifyResponse: p.modifyResponse,
-	}
-
-	// if we want to not force close 100-continue requests, use the normal rproxy
-	if cfg.KeepAlive100ContinueRequests {
-		expect100ContinueRProxy = rproxy
-	}
-
 	routeServiceHandler := handlers.NewRouteService(routeServiceConfig, registry, logger, errorWriter)
 
 	zipkinHandler := handlers.NewZipkin(cfg.Tracing.EnableZipkin, logger)
@@ -191,7 +174,7 @@ func NewProxy(
 	})
 	n.Use(routeServiceHandler)
 	n.Use(p)
-	n.Use(handlers.NewProxyPicker(rproxy, expect100ContinueRProxy))
+	n.UseHandler(rproxy)
 
 	return n
 }
@@ -277,44 +260,6 @@ func (p *proxy) setupProxyRequest(target *http.Request) {
 	target.Header.Del(router_http.CfAppInstance)
 }
 
-func (p *proxy) setupProxyRequestClose100Continue(target *httputil.ProxyRequest) {
-	reqInfo, err := handlers.ContextRequestInfo(target.In)
-	if err != nil {
-		log.Panic(p.logger, "request-info-err", log.ErrAttr(err))
-		return
-	}
-	reqInfo.BackendReqHeaders = target.Out.Header
-
-	target.Out.URL.Scheme = "http"
-	target.Out.URL.Host = target.In.Host
-	target.Out.URL.ForceQuery = false
-	target.Out.URL.Opaque = target.In.RequestURI
-
-	if strings.HasPrefix(target.In.RequestURI, "//") {
-		path := escapePathAndPreserveSlashes(target.In.URL.Path)
-		target.Out.URL.Opaque = "//" + target.In.Host + path
-
-		if len(target.In.URL.Query()) > 0 {
-			target.Out.URL.Opaque = target.Out.URL.Opaque + "?" + target.In.URL.Query().Encode()
-		}
-	}
-	target.Out.URL.RawQuery = ""
-
-	setRequestXRequestStart(target.Out)
-	target.Out.Header.Del(router_http.CfAppInstance)
-
-	// always set connection close on 100-continue requests
-	target.Out.Header.Set("Connection", "close")
-
-	target.Out.Header["X-Forwarded-For"] = target.In.Header["X-Forwarded-For"]
-	target.Out.Header["Forwarded"] = target.In.Header["Forwarded"]
-	// Takes care of setting the X-Forwarded-For header properly. Also sets the X-Forwarded-Proto
-	// which we overwrite again.
-	target.SetXForwarded()
-	target.Out.Header["X-Forwarded-Proto"] = target.In.Header["X-Forwarded-Proto"]
-	target.Out.Header["X-Forwarded-Host"] = target.In.Header["X-Forwarded-Host"]
-}
-
 func setRequestXRequestStart(request *http.Request) {
 	if _, ok := request.Header[http.CanonicalHeaderKey("X-Request-Start")]; !ok {
 		request.Header.Set("X-Request-Start", strconv.FormatInt(time.Now().UnixNano()/1e6, 10))