8000 Add string validation to server-tokens annotation by shaun-nx · Pull Request #2733 · nginx/kubernetes-ingress · GitHub
[go: up one dir, main page]
Skip to content

Add string validation to server-tokens annotation #2733

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Jun 10, 2022
Merged

Add string validation to server-tokens annotation #2733

merged 10 commits into from
Jun 10, 2022

Conversation

shaun-nx
Copy link
Contributor
@shaun-nx shaun-nx commented Jun 2, 2022
edited
Loading

Proposed changes

Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue here in this description (not in the title of the PR).

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

@github-actions github-actions bot added documentation Pull requests/issues for documentation enhancement Pull requests for new features/feature enhancements labels Jun 2, 2022
@shaun-nx shaun-nx changed the title Add string validation to server-token annotation Add string validation to server-tokens annotation Jun 2, 2022
jjngx
jjngx approved these changes Jun 2, 2022
View reviewed changes
Copy link
Contributor
@jjngx jjngx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍🏻

lucacome
lucacome reviewed Jun 3, 2022
View reviewed changes
internal/k8s/validation.go Outdated
const (
commaDelimiter = ","
commaDelimiter = ","
specialCharPattern = "[{}$;]"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How did you come up with this list? I think the only invalid character is an unescaped \ and $ if we decide that variables are not allowed.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also " needs to be disallowed, because the value is enclosed in " " in the templates -- https://github.com/nginxinc/kubernetes-ingress/blob/main/internal/configs/version1/nginx-plus.ingress.tmpl#L61 and https://github.com/nginxinc/kubernetes-ingress/blob/main/internal/configs/version2/nginx-plus.virtualserver.tmpl#L117

Example of a problem:

'nginx.org/server-tokens': 'hello"world'
->
```server_tokens "hello"world";

this will cause an NGINX reload error

Copy link
Contributor Author
@shaun-nx shaun-nx Jun 9, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for catching that. I've added an extra unit test to confirm this scenario is caught.

lucacome
lucacome reviewed Jun 3, 2022
View reviewed changes
@shaun-nx shaun-nx requested review from pleshakov and lucacome June 9, 2022 09:30
@codecov-commenter
Copy link
codecov-commenter commented Jun 9, 2022
edited
Loading

Codecov Report

Merging #2733 (614f225) into main (33c67d6) will decrease coverage by 0.01%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main    #2733      +/-   ##
==========================================
- Coverage   53.54%   53.52%   -0.02%     
==========================================
  Files          52       52              
  Lines       14764    14768       +4     
==========================================
  Hits         7905     7905              
- Misses       6597     6599       +2     
- Partials      262      264       +2
Impacted Files Coverage Δ
internal/k8s/validation.go 99.05% <100.00%> (+0.01%) ⬆️
internal/k8s/configuration.go 95.47% <0.00%> (-0.39%) ⬇️

📣 Codecov can now indicate which changes are the most critical in Pull Requests. Learn more

@shaun-nx shaun-nx merged commit b05e501 into main Jun 10, 2022
@shaun-nx shaun-nx deleted the feature/server-token-validation branch June 10, 2022 08:43
@ciarams87 ciarams87 added this to the v2.3.0 milestone Jun 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ciarams87 ciarams87 Awaiting requested review from ciarams87

@haywoodsh haywoodsh Awaiting requested review from haywoodsh

@pleshakov pleshakov Awaiting requested review from pleshakov

2 more reviewers

@lucacome lucacome lucacome approved these changes

@jjngx jjngx jjngx approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
documentation Pull requests/issues for documentation enhancement Pull requests for new features/feature enhancements
Projects
None yet
Milestone
v2.3.0
Development

Successfully merging this pull request may close these issues.
6 participants
@shaun-nx @codecov-commenter @lucacome @pleshakov @jjngx @ciarams87
0