Backport of Add input validation to getRuleInfo to prevent panic into…

… release/1.8.x (#14736) * backport of commit 156bfc1 * backport of commit 38f51cc Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
hashicorp · Mar 28, 2022 · 82eade3 · 82eade3
1 parent 951e33b
commit 82eade3
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 0 deletions.
diff --git a/changelog/14501.txt b/changelog/14501.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core: Fix panic caused by parsing policies with empty slice values.
+```
diff --git a/helper/random/parser.go b/helper/random/parser.go
@@ -126,6 +126,11 @@ func getRuleInfo(rule map[string]interface{}) (data ruleInfo, err error) {
 		if err != nil {
 			return data, fmt.Errorf("unable to get rule data: %w", err)
 		}
+
+		if len(slice) == 0 {
+			return data, fmt.Errorf("rule info cannot be empty")
+		}
+
 		data = ruleInfo{
 			ruleType: key,
 			data:     slice[0],

diff --git a/helper/random/parser_test.go b/helper/random/parser_test.go
@@ -297,6 +297,15 @@ func TestParser_ParsePolicy(t *testing.T) {
 			expected:  StringGenerator{},
 			expectErr: true,
 		},
+		"config value with empty slice": {
+			registry: defaultRuleNameMapping,
+			rawConfig: `
+                rule {
+                    n = []
+                }`,
+			expected:  StringGenerator{},
+			expectErr: true,
+		},
 	}
 
 	for name, test := range tests {