Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

validation on name for targetRef is too weak #7912

Closed
lahabana opened this issue Sep 28, 2023 · 1 comment · Fixed by #7972
Closed

validation on name for targetRef is too weak #7912

lahabana opened this issue Sep 28, 2023 · 1 comment · Fixed by #7972
Assignees
@bartsmykla
Labels
good first issue Good for newcomers kind/bug A bug triage/accepted The issue was reviewed and is complete enough to start working on it

Comments

@lahabana
Copy link
Contributor

What happened?

In:

kuma/pkg/plugins/policies/core/matchers/validators/validator.go

Lines 26 to 44 in 29d7e81

refKind := ref.Kind
switch refKind {
case common_api.Mesh:
if ref.Name != "" {
verr.AddViolation("name", fmt.Sprintf("using name with kind %v is not yet supported", refKind))
}
verr.Add(disallowedField("mesh", ref.Mesh, refKind))
verr.Add(disallowedField("tags", ref.Tags, refKind))
case common_api.MeshSubset:
verr.Add(disallowedField("name", ref.Name, refKind))
verr.Add(disallowedField("mesh", ref.Mesh, refKind))
case common_api.MeshService:
verr.Add(requiredField("name", ref.Name, refKind))
verr.Add(disallowedField("mesh", ref.Mesh, refKind))
verr.Add(disallowedField("tags", ref.Tags, refKind))
case common_api.MeshServiceSubset:
verr.Add(requiredField("name", ref.Name, refKind))
verr.Add(disallowedField("mesh", ref.Mesh, refKind))
}

There's no validation on the value of name, tags, mesh.

For example someone did:

targetRef:
  kind: MeshService
  name: '*'

because they were used to old policies.
@lahabana lahabana added good first issue Good for newcomers triage/pending This issue will be looked at on the next triage meeting kind/bug A bug labels Sep 28, 2023
@jakubdyszkiewicz
Copy link
Contributor

Triage: reuse validator for service name and tags

@jakubdyszkiewicz jakubdyszkiewicz added triage/accepted The issue was reviewed and is complete enough to start working on it and removed triage/pending This issue will be looked at on the next triage meeting labels Oct 2, 2023
@alparslanavci alparslanavci mentioned this issue Oct 5, 2023
Merged
6 tasks
@bartsmykla bartsmykla self-assigned this Oct 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bartsmykla bartsmykla

Labels
good first issue Good for newcomers kind/bug A bug triage/accepted The issue was reviewed and is complete enough to start working on it
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(policy): improve targetRef name and tags validation alparslanavci/kuma
3 participants
@lahabana @jakubdyszkiewicz @bartsmykla