From 3c3e0f14899a6ad0bbf3d558ee27ef74889ca972 Mon Sep 17 00:00:00 2001 From: Steve Kuznetsov Date: Wed, 23 Aug 2017 12:13:18 -0700 Subject: [PATCH] Fix prefixing bug in import verifier In order to check if an import is of an allowed tree, we need to check that the import is either literally to the base of the tree or that the import is below the tree (the import, suffixed with `/`, should be a prefix) instead of checking simply that the import is a prefix of the allowed tree, as that causes issues with packages that are prefixes of each other, like `k8s.io/api` and `k8s.io/apimachinery`. Signed-off-by: Steve Kuznetsov --- cmd/importverifier/OWNERS | 8 ++++++++ cmd/importverifier/importverifier.go | 4 +++- 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 cmd/importverifier/OWNERS diff --git a/cmd/importverifier/OWNERS b/cmd/importverifier/OWNERS new file mode 100644 index 00000000000..44fce8b6eab --- /dev/null +++ b/cmd/importverifier/OWNERS @@ -0,0 +1,8 @@ +reviewers: + - stevekuznetsov + - deads2k + - sttts +approvers: + - stevekuznetsov + - deads2k + - sttts diff --git a/cmd/importverifier/importverifier.go b/cmd/importverifier/importverifier.go index b3188a375e4..d6b9efca4bf 100644 --- a/cmd/importverifier/importverifier.go +++ b/cmd/importverifier/importverifier.go @@ -152,7 +152,9 @@ func (i *ImportRestriction) isForbidden(imp string) bool { importsBelowBase := strings.HasPrefix(imp, i.BaseDir) importsAllowed := false for _, allowed := range i.AllowedImports { - importsAllowed = importsAllowed || strings.HasPrefix(imp, allowed) + exactlyImportsAllowed := imp == allowed + importsBelowAllowed := strings.HasPrefix(imp, fmt.Sprintf("%s/", allowed)) + importsAllowed = importsAllowed || (importsBelowAllowed || exactlyImportsAllowed) } return importsBelowRoot && !importsBelowBase && !importsAllowed