From b30404fff187f15f3d6871fc928878116a56c628 Mon Sep 17 00:00:00 2001
From: Soule BA <bah.soule@gmail.com>
Date: Mon, 22 Apr 2024 15:04:15 +0200
Subject: [PATCH] Bind cached helm index to the maximum index size

Signed-off-by: Soule BA <bah.soule@gmail.com>
---
 internal/helm/repository/chart_repository.go  | 24 +++++++++++++++----
 .../helm/repository/chart_repository_test.go  | 18 ++++++++++----
 2 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/internal/helm/repository/chart_repository.go b/internal/helm/repository/chart_repository.go
index 79f8a136a..bb279713e 100644
--- a/internal/helm/repository/chart_repository.go
+++ b/internal/helm/repository/chart_repository.go
@@ -292,13 +292,20 @@ func (r *ChartRepository) CacheIndex() error {
 		return fmt.Errorf("failed to create temp file to cache index to: %w", err)
 	}
 
-	if err = r.DownloadIndex(f); err != nil {
+	if err = r.DownloadIndex(f, helm.MaxIndexSize); err != nil {
 		f.Close()
-		os.Remove(f.Name())
+		removeErr := os.Remove(f.Name())
+		if removeErr != nil {
+			err = errors.Join(err, removeErr)
+		}
 		return fmt.Errorf("failed to cache index to temporary file: %w", err)
 	}
+
 	if err = f.Close(); err != nil {
-		os.Remove(f.Name())
+		removeErr := os.Remove(f.Name())
+		if removeErr != nil {
+			err = errors.Join(err, removeErr)
+		}
 		return fmt.Errorf("failed to close cached index file '%s': %w", f.Name(), err)
 	}
 
@@ -355,8 +362,10 @@ func (r *ChartRepository) LoadFromPath() error {
 
 // DownloadIndex attempts to download the chart repository index using
 // the Client and set Options, and writes the index to the given io.Writer.
-// It returns an url.Error if the URL failed to parse.
-func (r *ChartRepository) DownloadIndex(w io.Writer) (err error) {
+// Upon download, the index is copied to the writer if the index size
+// does not exceed the maximum index file size. Otherwise, it returns an error.
+// A url.Error is returned if the URL failed to parse.
+func (r *ChartRepository) DownloadIndex(w io.Writer, maxSize int64) (err error) {
 	r.RLock()
 	defer r.RUnlock()
 
@@ -376,6 +385,11 @@ func (r *ChartRepository) DownloadIndex(w io.Writer) (err error) {
 	if err != nil {
 		return err
 	}
+
+	if int64(res.Len()) > maxSize {
+		return fmt.Errorf("index exceeds the maximum index file size of %d bytes", maxSize)
+	}
+
 	if _, err = io.Copy(w, res); err != nil {
 		return err
 	}
diff --git a/internal/helm/repository/chart_repository_test.go b/internal/helm/repository/chart_repository_test.go
index d67fe0eac..1fcf5682e 100644
--- a/internal/helm/repository/chart_repository_test.go
+++ b/internal/helm/repository/chart_repository_test.go
@@ -444,11 +444,19 @@ func TestChartRepository_DownloadIndex(t *testing.T) {
 		RWMutex: &sync.RWMutex{},
 	}
 
-	buf := bytes.NewBuffer([]byte{})
-	g.Expect(r.DownloadIndex(buf)).To(Succeed())
-	g.Expect(buf.Bytes()).To(Equal(b))
-	g.Expect(mg.LastCalledURL).To(Equal(r.URL + "/index.yaml"))
-	g.Expect(err).To(BeNil())
+	t.Run("download index", func(t *testing.T) {
+		buf := bytes.NewBuffer([]byte{})
+		g.Expect(r.DownloadIndex(buf, helm.MaxIndexSize)).To(Succeed())
+		g.Expect(buf.Bytes()).To(Equal(b))
+		g.Expect(mg.LastCalledURL).To(Equal(r.URL + "/index.yaml"))
+		g.Expect(err).To(BeNil())
+	})
+
+	t.Run("download index size error", func(t *testing.T) {
+		buf := bytes.NewBuffer([]byte{})
+		g.Expect(r.DownloadIndex(buf, int64(len(b)-1))).To(HaveOccurred())
+		g.Expect(mg.LastCalledURL).To(Equal(r.URL + "/index.yaml"))
+	})
 }
 
 func TestChartRepository_StrategicallyLoadIndex(t *testing.T) {