From ad04205c0ce0979dcd0c18c4e5f28bf4222f51ec Mon Sep 17 00:00:00 2001 From: hc-github-team-secure-vault-core <82990506+hc-github-team-secure-vault-core@users.noreply.github.com> Date: Mon, 28 Mar 2022 11:50:56 -0400 Subject: [PATCH] Backport of Add input validation to getRuleInfo to prevent panic into release/1.9.x (#14734) * backport of commit 156bfc1c736598baf00e23b6ee5ca5679b50a84e * backport of commit 38f51cc51b6616995c4be8d0925def3a02a47749 Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com> --- changelog/14501.txt | 3 +++ helper/random/parser.go | 5 +++++ helper/random/parser_test.go | 9 +++++++++ 3 files changed, 17 insertions(+) create mode 100644 changelog/14501.txt diff --git a/changelog/14501.txt b/changelog/14501.txt new file mode 100644 index 0000000000000..5ed687e28ad70 --- /dev/null +++ b/changelog/14501.txt @@ -0,0 +1,3 @@ +```release-note:bug +core: Fix panic caused by parsing policies with empty slice values. +``` diff --git a/helper/random/parser.go b/helper/random/parser.go index 572767263e3b0..3184db8aa5c62 100644 --- a/helper/random/parser.go +++ b/helper/random/parser.go @@ -126,6 +126,11 @@ func getRuleInfo(rule map[string]interface{}) (data ruleInfo, err error) { if err != nil { return data, fmt.Errorf("unable to get rule data: %w", err) } + + if len(slice) == 0 { + return data, fmt.Errorf("rule info cannot be empty") + } + data = ruleInfo{ ruleType: key, data: slice[0], diff --git a/helper/random/parser_test.go b/helper/random/parser_test.go index 2ce1fde521e40..59cdb81430438 100644 --- a/helper/random/parser_test.go +++ b/helper/random/parser_test.go @@ -297,6 +297,15 @@ func TestParser_ParsePolicy(t *testing.T) { expected: StringGenerator{}, expectErr: true, }, + "config value with empty slice": { + registry: defaultRuleNameMapping, + rawConfig: ` + rule { + n = [] + }`, + expected: StringGenerator{}, + expectErr: true, + }, } for name, test := range tests {