From ef469a740a24b87f501606c897ea849d6478e162 Mon Sep 17 00:00:00 2001 From: drfish Date: Sat, 29 Feb 2020 22:14:06 +0800 Subject: [PATCH] Fix unsafe json construction for scale.go and codec_check.go --- .../apimachinery/pkg/runtime/codec_check.go | 10 +++++++++- staging/src/k8s.io/kubectl/pkg/scale/BUILD | 1 + staging/src/k8s.io/kubectl/pkg/scale/scale.go | 17 ++++++++++++++++- 3 files changed, 26 insertions(+), 2 deletions(-) diff --git a/staging/src/k8s.io/apimachinery/pkg/runtime/codec_check.go b/staging/src/k8s.io/apimachinery/pkg/runtime/codec_check.go index 510444a4dec..00022806171 100644 --- a/staging/src/k8s.io/apimachinery/pkg/runtime/codec_check.go +++ b/staging/src/k8s.io/apimachinery/pkg/runtime/codec_check.go @@ -21,6 +21,7 @@ import ( "reflect" "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/util/json" ) // CheckCodec makes sure that the codec can encode objects like internalType, @@ -32,7 +33,14 @@ func CheckCodec(c Codec, internalType Object, externalTypes ...schema.GroupVersi return fmt.Errorf("Internal type not encodable: %v", err) } for _, et := range externalTypes { - exBytes := []byte(fmt.Sprintf(`{"kind":"%v","apiVersion":"%v"}`, et.Kind, et.GroupVersion().String())) + typeMeta := TypeMeta{ + Kind: et.Kind, + APIVersion: et.GroupVersion().String(), + } + exBytes, err := json.Marshal(&typeMeta) + if err != nil { + return err + } obj, err := Decode(c, exBytes) if err != nil { return fmt.Errorf("external type %s not interpretable: %v", et, err) diff --git a/staging/src/k8s.io/kubectl/pkg/scale/BUILD b/staging/src/k8s.io/kubectl/pkg/scale/BUILD index 62ab8a0bf3f..f928601661c 100644 --- a/staging/src/k8s.io/kubectl/pkg/scale/BUILD +++ b/staging/src/k8s.io/kubectl/pkg/scale/BUILD @@ -12,6 +12,7 @@ go_library( "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", + "//staging/src/k8s.io/apimachinery/pkg/util/json:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library", "//staging/src/k8s.io/client-go/scale:go_default_library", ], diff --git a/staging/src/k8s.io/kubectl/pkg/scale/scale.go b/staging/src/k8s.io/kubectl/pkg/scale/scale.go index 4054d09ddf7..04df94ff695 100644 --- a/staging/src/k8s.io/kubectl/pkg/scale/scale.go +++ b/staging/src/k8s.io/kubectl/pkg/scale/scale.go @@ -27,6 +27,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/json" "k8s.io/apimachinery/pkg/util/wait" scaleclient "k8s.io/client-go/scale" ) @@ -136,7 +137,21 @@ func (s *genericScaler) ScaleSimple(namespace, name string, preconditions *Scale return updatedScale.ResourceVersion, nil } - patch := []byte(fmt.Sprintf(`{"spec":{"replicas":%d}}`, newSize)) + // objectForReplicas is used for encoding scale patch + type objectForReplicas struct { + Replicas uint `json:"replicas"` + } + // objectForSpec is used for encoding scale patch + type objectForSpec struct { + Spec objectForReplicas `json:"spec"` + } + spec := objectForSpec{ + Spec: objectForReplicas{Replicas: newSize}, + } + patch, err := json.Marshal(&spec) + if err != nil { + return "", err + } patchOptions := metav1.PatchOptions{} if dryRun { patchOptions.DryRun = []string{metav1.DryRunAll}