mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-01 07:47:56 +00:00
Merge pull request #103457 from codearky/fix-yaml-terminator-wcomment
Add YAML separator validation and avoid silent ignoration
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
ace5482c9f
@ -291,8 +291,13 @@ func (r *YAMLReader) Read() ([]byte, error) {
|
|||||||
if i := bytes.Index(line, []byte(separator)); i == 0 {
|
if i := bytes.Index(line, []byte(separator)); i == 0 {
|
||||||
// We have a potential document terminator
|
// We have a potential document terminator
|
||||||
i += sep
|
i += sep
|
||||||
after := line[i:]
|
trimmed := strings.TrimSpace(string(line[i:]))
|
||||||
if len(strings.TrimRightFunc(string(after), unicode.IsSpace)) == 0 {
|
// We only allow comments and spaces following the yaml doc separator, otherwise we'll return an error
|
||||||
|
if len(trimmed) > 0 && string(trimmed[0]) != "#" {
|
||||||
|
return nil, YAMLSyntaxError{
|
||||||
|
err: fmt.Errorf("invalid Yaml document separator: %s", trimmed),
|
||||||
|
}
|
||||||
|
}
|
||||||
if buffer.Len() != 0 {
|
if buffer.Len() != 0 {
|
||||||
return buffer.Bytes(), nil
|
return buffer.Bytes(), nil
|
||||||
}
|
}
|
||||||
@ -300,7 +305,6 @@ func (r *YAMLReader) Read() ([]byte, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
if err == io.EOF {
|
if err == io.EOF {
|
||||||
if buffer.Len() != 0 {
|
if buffer.Len() != 0 {
|
||||||
// If we're at EOF, we have a final, non-terminated line. Return it.
|
// If we're at EOF, we have a final, non-terminated line. Return it.
|
||||||
|
|||||||
@ -211,6 +211,40 @@ stuff: 1
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestDecodeYAMLSeparatorValidation(t *testing.T) {
|
||||||
|
s := NewYAMLToJSONDecoder(bytes.NewReader([]byte(`---
|
||||||
|
stuff: 1
|
||||||
|
--- # Make sure termination happen with inline comment
|
||||||
|
stuff: 2
|
||||||
|
---
|
||||||
|
stuff: 3
|
||||||
|
--- Make sure uncommented content results YAMLSyntaxError
|
||||||
|
|
||||||
|
`)))
|
||||||
|
obj := generic{}
|
||||||
|
if err := s.Decode(&obj); err != nil {
|
||||||
|
t.Fatalf("unexpected error: %v", err)
|
||||||
|
}
|
||||||
|
if fmt.Sprintf("%#v", obj) != `yaml.generic{"stuff":1}` {
|
||||||
|
t.Errorf("unexpected object: %#v", obj)
|
||||||
|
}
|
||||||
|
obj = generic{}
|
||||||
|
if err := s.Decode(&obj); err != nil {
|
||||||
|
t.Fatalf("unexpected error: %v", err)
|
||||||
|
}
|
||||||
|
if fmt.Sprintf("%#v", obj) != `yaml.generic{"stuff":2}` {
|
||||||
|
t.Errorf("unexpected object: %#v", obj)
|
||||||
|
}
|
||||||
|
obj = generic{}
|
||||||
|
err := s.Decode(&obj)
|
||||||
|
if err == nil {
|
||||||
|
t.Fatalf("expected YamlSyntaxError, got nil instead")
|
||||||
|
}
|
||||||
|
if _, ok := err.(YAMLSyntaxError); !ok {
|
||||||
|
t.Fatalf("unexpected error: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestDecodeBrokenYAML(t *testing.T) {
|
func TestDecodeBrokenYAML(t *testing.T) {
|
||||||
s := NewYAMLOrJSONDecoder(bytes.NewReader([]byte(`---
|
s := NewYAMLOrJSONDecoder(bytes.NewReader([]byte(`---
|
||||||
stuff: 1
|
stuff: 1
|
||||||
@ -282,6 +316,10 @@ func TestYAMLOrJSONDecoder(t *testing.T) {
|
|||||||
{"foo": "bar"},
|
{"foo": "bar"},
|
||||||
{"baz": "biz"},
|
{"baz": "biz"},
|
||||||
}},
|
}},
|
||||||
|
{"---\nfoo: bar\n--- # with Comment\nbaz: biz", 100, false, false, []generic{
|
||||||
|
{"foo": "bar"},
|
||||||
|
{"baz": "biz"},
|
||||||
|
}},
|
||||||
{"foo: bar\n---\n", 100, false, false, []generic{
|
{"foo: bar\n---\n", 100, false, false, []generic{
|
||||||
{"foo": "bar"},
|
{"foo": "bar"},
|
||||||
}},
|
}},
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user