From 19dfb15d31fd58cfdf731895f3c250db48eae0f8 Mon Sep 17 00:00:00 2001 From: fcomte Date: Wed, 18 Dec 2024 22:28:44 +0000 Subject: [PATCH] sanitize namespace --- .../service/HelmInstallService.java | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/helm-wrapper/src/main/java/io/github/inseefrlab/helmwrapper/service/HelmInstallService.java b/helm-wrapper/src/main/java/io/github/inseefrlab/helmwrapper/service/HelmInstallService.java index c679bbb0..39a15f9e 100644 --- a/helm-wrapper/src/main/java/io/github/inseefrlab/helmwrapper/service/HelmInstallService.java +++ b/helm-wrapper/src/main/java/io/github/inseefrlab/helmwrapper/service/HelmInstallService.java @@ -175,6 +175,12 @@ public HelmInstaller installChart( } command.append(chart + " "); command.append("-n "); + if (namespace.length() > 63 || !rfc1123Pattern.matcher(namespace).matches()) { + throw new IllegalArgumentException( + "Invalid namespace " + + namespace + + ". Must be 63 or fewer characters and be a valid RFC 1123 string."); + } safeConcat(command, namespace); if (StringUtils.isNotBlank(version)) { if (!semverPattern.matcher(version).matches()) { @@ -211,6 +217,12 @@ public int uninstaller(HelmConfiguration configuration, String name, String name + name + ". Must be 53 or fewer characters and be a valid RFC 1123 string."); } + if (namespace.length() > 63 || !rfc1123Pattern.matcher(namespace).matches()) { + throw new IllegalArgumentException( + "Invalid namespace " + + namespace + + ". Must be 63 or fewer characters and be a valid RFC 1123 string."); + } StringBuilder command = new StringBuilder("helm uninstall "); safeConcat(command, name); command.append(" -n "); @@ -221,6 +233,12 @@ public int uninstaller(HelmConfiguration configuration, String name, String name public HelmLs[] listChartInstall(HelmConfiguration configuration, String namespace) throws InvalidExitValueException, IOException, InterruptedException, TimeoutException { StringBuilder command = new StringBuilder("helm ls -a"); + if (namespace.length() > 63 || !rfc1123Pattern.matcher(namespace).matches()) { + throw new IllegalArgumentException( + "Invalid namespace " + + namespace + + ". Must be 63 or fewer characters and be a valid RFC 1123 string."); + } if (namespace != null) { command.append(" -n "); safeConcat(command, namespace); @@ -253,6 +271,12 @@ public HelmReleaseInfo getAll(HelmConfiguration configuration, String id, String + id + ". Must be 53 or fewer characters and be a valid RFC 1123 string."); } + if (namespace.length() > 63 || !rfc1123Pattern.matcher(namespace).matches()) { + throw new IllegalArgumentException( + "Invalid namespace " + + namespace + + ". Must be 63 or fewer characters and be a valid RFC 1123 string."); + } safeConcat(command, id); command.append(" --namespace "); safeConcat(command, namespace); @@ -278,6 +302,12 @@ private String getReleaseInfo( + id + ". Must be 53 or fewer characters and be a valid RFC 1123 string."); } + if (namespace.length() > 63 || !rfc1123Pattern.matcher(namespace).matches()) { + throw new IllegalArgumentException( + "Invalid namespace " + + namespace + + ". Must be 63 or fewer characters and be a valid RFC 1123 string."); + } StringBuilder command = new StringBuilder("helm get " + infoType + " "); try { safeConcat(command, id); @@ -324,6 +354,12 @@ public HelmLs getAppById(HelmConfiguration configuration, String appId, String n + appId + ". Must be 53 or fewer characters and be a valid RFC 1123 string."); } + if (namespace.length() > 63 || !rfc1123Pattern.matcher(namespace).matches()) { + throw new IllegalArgumentException( + "Invalid namespace " + + namespace + + ". Must be 63 or fewer characters and be a valid RFC 1123 string."); + } StringBuilder command = new StringBuilder("helm list --filter "); safeConcat(command, appId); command.append(" -n ");