github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

apiextensions: verify pattern regex for structural schema

Browse Source
This commit is contained in:
Dr. Stefan Schimanski 2019-05-30 16:04:40 +02:00
parent ba5c9b492e
commit 0ab6db2251
3 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/validation/validation_test.go
View File

@ -1692,6 +1692,7 @@ func TestValidateCustomResourceDefinition(t *testing.T) {
invalid("spec", "validation", "openAPIV3Schema", "properties[a]", "default"),
invalid("spec", "validation", "openAPIV3Schema", "properties[c]", "default"),
invalid("spec", "validation", "openAPIV3Schema", "properties[d]", "default"),
invalid("spec", "validation", "openAPIV3Schema", "properties[d]", "properties[bad]", "pattern"),
// we also expected unpruned and valid defaults under x-kubernetes-preserve-unknown-fields. We could be more
// strict here, but want to encourage proper specifications by forbidding other defaults.
invalid("spec", "validation", "openAPIV3Schema", "properties[e]", "properties[preserveUnknownFields]", "default"),

8
staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/validation.go
View File

@ -17,7 +17,9 @@ limitations under the License.
package schema
import (
"fmt"
"reflect"
"regexp"
"sort"
"k8s.io/apimachinery/pkg/util/validation/field"
@ -226,6 +228,12 @@ func validateValueValidation(v *ValueValidation, skipAnyOf, skipFirstAllOfAnyOf
allErrs = append(allErrs, validateNestedValueValidation(v.Not, false, false, lvl, fldPath.Child("not"))...)
if len(v.Pattern) > 0 {
if _, err := regexp.Compile(v.Pattern); err != nil {
allErrs = append(allErrs, field.Invalid(fldPath.Child("pattern"), v.Pattern, fmt.Sprintf("must be a valid regular expression, but isn't: %v", err)))
}
}
return allErrs
}

13
staging/src/k8s.io/apiextensions-apiserver/test/integration/validation_test.go
View File

@ -870,6 +870,19 @@ oneOf:
"spec.validation.openAPIV3Schema.not.default",
},
},
{
desc: "invalid regex pattern",
globalSchema: `
type: object
properties:
foo:
type: string
pattern: "+"
`,
expectedViolations: []string{
"spec.validation.openAPIV3Schema.properties[foo].pattern: Invalid value: \"+\": must be a valid regular expression, but isn't: error parsing regexp: missing argument to repetition operator: `+`",
},
},
{
desc: "forbidden vendor extensions in nested value validation",
globalSchema: `