mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

fix: crash when applying unquoted null (#8081)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2023-08-22 14:05:08 +02:00 committed by GitHub
parent 19b1944bc3
commit 4058b0794e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 72 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
pkg/validation/policy/validate.go
View file

@ -639,6 +639,17 @@ func validateMatchKindHelper(rule kyvernov1.Rule) error {
return fmt.Errorf("at least one element must be specified in a kind block, the kind attribute is mandatory when working with the resources element") return fmt.Errorf("at least one element must be specified in a kind block, the kind attribute is mandatory when working with the resources element")
} }
// isMapStringString goes through a map to verify values are string
func isMapStringString(m map[string]interface{}) bool {
// range over labels
for _, val := range m {
if val == nil || reflect.TypeOf(val).String() != "string" {
return false
}
}
return true
}
// isLabelAndAnnotationsString :- Validate if labels and annotations contains only string values // isLabelAndAnnotationsString :- Validate if labels and annotations contains only string values
func isLabelAndAnnotationsString(rule kyvernov1.Rule) bool { func isLabelAndAnnotationsString(rule kyvernov1.Rule) bool {
checkLabelAnnotation := func(metaKey map[string]interface{}) bool { checkLabelAnnotation := func(metaKey map[string]interface{}) bool {
@ -646,21 +657,15 @@ func isLabelAndAnnotationsString(rule kyvernov1.Rule) bool {
if mk == "labels" { if mk == "labels" {
labelKey, ok := metaKey[mk].(map[string]interface{}) labelKey, ok := metaKey[mk].(map[string]interface{})
if ok { if ok {
// range over labels if !isMapStringString(labelKey) {
for _, val := range labelKey { return false
if reflect.TypeOf(val).String() != "string" {
return false
}
} }
} }
} else if mk == "annotations" { } else if mk == "annotations" {
annotationKey, ok := metaKey[mk].(map[string]interface{}) annotationKey, ok := metaKey[mk].(map[string]interface{})
if ok { if ok {
// range over annotations if !isMapStringString(annotationKey) {
for _, val := range annotationKey { return false
if reflect.TypeOf(val).String() != "string" {
return false
}
} }
} }
} }

57
pkg/validation/policy/validate_test.go
View file

@ -3295,3 +3295,60 @@ func Test_ImmutableGenerateFields(t *testing.T) {
assert.Assert(t, (err != nil) == test.expectedErr, test.name, err) assert.Assert(t, (err != nil) == test.expectedErr, test.name, err)
} }
} }
func Test_isMapStringString(t *testing.T) {
type args struct {
m map[string]interface{}
}
tests := []struct {
name string
args args
want bool
}{{
name: "nil",
args: args{
m: nil,
},
want: true,
}, {
name: "empty",
args: args{
m: map[string]interface{}{},
},
want: true,
}, {
name: "string values",
args: args{
m: map[string]interface{}{
"a": "b",
"c": "d",
},
},
want: true,
}, {
name: "int value",
args: args{
m: map[string]interface{}{
"a": "b",
"c": 123,
},
},
want: false,
}, {
name: "nil value",
args: args{
m: map[string]interface{}{
"a": "b",
"c": nil,
},
},
want: false,
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := isMapStringString(tt.args.m); got != tt.want {
t.Errorf("checkLabelAnnotation() = %v, want %v", got, tt.want)
}
})
}
}