PB-737: Use regex full-match instead of using $ in regex

.env.default

@@ -3,5 +3,5 @@ AWS_SECRET_ACCESS_KEY=dummy123
 AWS_ENDPOINT_URL=http://localhost:8080
 AWS_DEFAULT_REGION=eu-central-1
 AWS_DYNAMODB_TABLE_NAME=test-db
-ALLOWED_DOMAINS=.*localhost((:[0-9]*)?|\/)?$,.*admin\.ch$,.*bgdi\.ch$
+ALLOWED_DOMAINS=.*localhost((:[0-9]*)?|\/)?,.*admin\.ch,.*bgdi\.ch
 STAGING=local

.env.testing

@@ -1,4 +1,4 @@
-ALLOWED_DOMAINS=.*\.geo\.admin\.ch$,.*\.bgdi\.ch$,http://localhost((:[0-9]*)?|\/)?$
+ALLOWED_DOMAINS=.*\.geo\.admin\.ch,.*\.bgdi\.ch,http://localhost((:[0-9]*)?|\/)?
 AWS_ACCESS_KEY_ID=testing
 AWS_SECRET_ACCESS_KEY=testing
 AWS_SECURITY_TOKEN=testing

app/__init__.py

@@ -26,7 +26,7 @@
 
 
 def is_domain_allowed(domain):
-    return re.match(ALLOWED_DOMAINS_PATTERN, domain) is not None
+    return re.fullmatch(ALLOWED_DOMAINS_PATTERN, domain) is not None
 
 
 @app.before_request

app/helpers/utils.py

@@ -113,7 +113,7 @@ def get_url():
             f"The url given as parameter was too long. (limit is 2046 "
             f"characters, {len(url)} given)"
         )
-    if not re.match(ALLOWED_DOMAINS_PATTERN, urlparse(url).netloc):
+    if not re.fullmatch(ALLOWED_DOMAINS_PATTERN, urlparse(url).netloc):
         logger.error('URL(%s) given as a parameter is not allowed', url)
         abort(400, 'URL given as a parameter is not allowed.')
 

tests/unit_tests/base.py

@@ -91,7 +91,7 @@ def assertCors(
     ):  # pylint: disable=invalid-name
         self.assertIn('Access-Control-Allow-Origin', response.headers)
         self.assertIsNotNone(
-            re.match(origin_pattern, response.headers['Access-Control-Allow-Origin']),
+            re.fullmatch(origin_pattern, response.headers['Access-Control-Allow-Origin']),
             msg=f"Access-Control-Allow-Origin={response.headers['Access-Control-Allow-Origin']}"
             f" doesn't match {origin_pattern}"
         )