fix!: small threat modelling issues (#4)

* removed btp-so endpoint

* delete json path option

* removed kubeconfig endpoint

Author: n3rdc4ptn

internal/server/handlerBtpSO.go

@@ -107,13 +107,7 @@ func _categoryHandler(s *shared, req *http.Request, res *response) (*response, *
 	var result []byte = append([]byte("["), bytes.Join(resultData, []byte(","))[:]...)
 	result = append(result, []byte("]")[:]...)
 
-	if data.JsonPath != "" {
-		result, err = ParseJsonPath(result, data.JsonPath)
-		if err != nil {
-			slog.Error("failed to parse json path", "err", err)
-			return nil, NewInternalServerError("failed to parse json path")
-		}
-	} else if data.JQ != "" {
+	if data.JQ != "" {
 		resultString, err := ParseJQ(result, data.JQ)
 		if err != nil {
 			slog.Error("failed to parse jq", "err", err)

internal/server/handlerCategory.go

@@ -25,7 +25,6 @@ const (
 	contextHeader                         = "X-context"
 	useCrateClusterHeader                 = "X-use-crate"
 	authorizationHeader                   = "Authorization"
-	jsonPathHeader                        = "X-jsonpath"
 	jqHeader                              = "X-jq"
 	categoryHeader                        = "X-category"
 )
@@ -40,7 +39,6 @@ var prohibitedRequestHeaders = []string{
 	mcpAuthHeader,
 	contextHeader,
 	authorizationHeader,
-	jsonPathHeader,
 	"User-Agent",
 	"Host",
 }
@@ -61,7 +59,6 @@ type ExtractedRequestData struct {
 	UseCrateCluster                 bool
 	CrateAuthorization              string
 	Headers                         map[string][]string
-	JsonPath                        string
 	JQ                              string
 	Category                        string
 }
@@ -128,16 +125,11 @@ func mainHandler(s *shared, req *http.Request, res *response) (*response, *HttpE
 		}
 	}(k8sResp.Body)
 
-	if (data.JsonPath == "" && data.JQ == "") || k8sResp.StatusCode >= 400 {
+	if (data.JQ == "") || k8sResp.StatusCode >= 400 {
 		err = CopyResponse(res, k8sResp, nil, nil)
 		if err != nil {
 			return nil, NewInternalServerError("failed to copy response: %v", err)
 		}
-	} else if data.JsonPath != "" {
-		err := res.buildJsonPathResponse(k8sResp, err, data)
-		if err != nil {
-			return nil, NewInternalServerError("failed to build jsonpath response: %v", err)
-		}
 	} else {
 		err := res.buildJqResponse(k8sResp, data)
 		if err != nil {
@@ -163,7 +155,6 @@ func extractRequestData(r *http.Request) (ExtractedRequestData, error) {
 		McpAuthorization:                r.Header.Get(mcpAuthHeader),
 		McpName:                         r.Header.Get(mcpName),
 		CrateAuthorization:              r.Header.Get(authorizationHeader),
-		JsonPath:                        r.Header.Get(jsonPathHeader),
 		JQ:                              r.Header.Get(jqHeader),
 		Category:                        r.Header.Get(categoryHeader),
 	}
@@ -202,19 +193,3 @@ func (r *response) buildJqResponse(k8sResp *http.Response, data ExtractedRequest
 	r.contentType = "application/json"
 	return err
 }
-
-func (r *response) buildJsonPathResponse(k8sResp *http.Response, err error, data ExtractedRequestData) error {
-	body, errR := io.ReadAll(k8sResp.Body)
-	if errR != nil {
-		return errors.Join(errors.New("failed to read api server response"), err)
-	}
-
-	parsedJson, err := ParseJsonPath(body, data.JsonPath)
-	if err != nil {
-		return errors.Join(errors.New("failed to parse response with jsonpath"), err)
-	}
-
-	err = CopyResponse(r, k8sResp, parsedJson, prohibitedResponseHeaders)
-	r.contentType = "application/json"
-	return err
-}

internal/server/handlerMain.go

@@ -14,8 +14,6 @@ func NewMiddleware(theCrateKube k8s.Kube, theDownstreamKube k8s.Kube) *http.Serv
 
 	mux := http.NewServeMux()
 
-	mux.HandleFunc("/.well-known/openmcp/kubeconfig", defaultHandler(shared, wellKnownKubeconfigHandler))
-	mux.HandleFunc("/btp-so", defaultHandler(shared, btpSOHandler))
 	mux.HandleFunc("/managed", defaultHandler(shared, managedHandler))
 	mux.HandleFunc("/c/", defaultHandler(shared, categoryHandler))
 	mux.HandleFunc("/", defaultHandler(shared, mainHandler))