Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent empty string object name requests from being sent to the apiserver #1541

Merged
merged 1 commit into from
Jul 20, 2024

Conversation

xMAC94x
Copy link
Contributor

@xMAC94x xMAC94x commented Jul 20, 2024

Due to the URL-nature a get with an empty name is processed as a list call.

kube then fails to parse the result from the server. Other HTTP METHODS, like "DELETE" are also affected and e.g. cause the deletion of ALL objects. See the issue for more info.

Fixes #1540

Motivation

As described in #1540 I accidentally had a &str empty and was wondering about the weird serde error and though that something was broken somewhere else. Having a early on client-side validation makes the error clear.
During testing I found out that DELETE was also affected and might have quite some impact.

Solution

Many Requests have some kind of params validation, similar I introduced a validate_name fn for those requests that operator on a single instance (e.g. get delete patch replace). Requests like list and watch are unaffected.

I added a single test for the get, idk if its necessrary to check all, but I could also provide more checks

@clux clux added the changelog-fix changelog fix category for prs label Jul 20, 2024
@clux clux added this to the 0.93.0 milestone Jul 20, 2024
Copy link
Member

@clux clux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this. Easy implementation and good sanity test! Happy to send this through quickly if you fixup the DCO.

…rocessed as a list call.

kube then fails to parse the result from the server.
Other HTTP METHODS, like "DELETE" are also affected and e.g. cause the deletion of ALL objects. See the issue for more info.

Signed-off-by: Marcel Märtens <[email protected]>
@xMAC94x
Copy link
Contributor Author

xMAC94x commented Jul 20, 2024

Thank you , hopes the DCO works now :)

Copy link

codecov bot commented Jul 20, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 75.2%. Comparing base (e57b060) to head (dd45e6f).

Additional details and impacted files
@@           Coverage Diff           @@
##            main   #1541     +/-   ##
=======================================
+ Coverage   75.2%   75.2%   +0.1%     
=======================================
  Files         78      78             
  Lines       6989    7007     +18     
=======================================
+ Hits        5249    5267     +18     
  Misses      1740    1740             
Files Coverage Δ
kube-core/src/request.rs 98.9% <100.0%> (+0.1%) ⬆️

@clux clux changed the title Fix #1540 - due to the URL-nature a get with an empty name is processed as a list call. Prevent empty string object name requests from being sent to the apiserver Jul 20, 2024
@clux
Copy link
Member

clux commented Jul 20, 2024

Thanks again!

Edited your post ever so slightly for the generated release notes.

@clux clux merged commit 614792d into kube-rs:main Jul 20, 2024
17 checks passed
@clux clux mentioned this pull request Jul 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
changelog-fix changelog fix category for prs
Projects
None yet
2 participants