Sanitize helm names and namespace (#542)

olevitt · fcomte · web-flow · commit bc9627ad1254 · 2024-12-19T10:54:08.000+01:00
Co-authored-by: fcomte &lt;frederic.comte@insee.fr&gt;
diff --git a/helm-wrapper/src/main/java/io/github/inseefrlab/helmwrapper/service/HelmInstallService.java b/helm-wrapper/src/main/java/io/github/inseefrlab/helmwrapper/service/HelmInstallService.java
@@ -175,6 +175,12 @@ public HelmInstaller installChart(
         }
         command.append(chart + " ");
         command.append("-n ");
+        if (namespace.length() > 63 || !rfc1123Pattern.matcher(namespace).matches()) {
+            throw new IllegalArgumentException(
+                    "Invalid namespace "
+                            + namespace
+                            + ". Must be 63 or fewer characters and be a valid RFC 1123 string.");
+        }
         safeConcat(command, namespace);
         if (StringUtils.isNotBlank(version)) {
             if (!semverPattern.matcher(version).matches()) {
@@ -205,6 +211,18 @@ public HelmInstaller installChart(
 
     public int uninstaller(HelmConfiguration configuration, String name, String namespace)
             throws InvalidExitValueException, IOException, InterruptedException, TimeoutException {
+        if (name.length() > 53 || !rfc1123Pattern.matcher(name).matches()) {
+            throw new IllegalArgumentException(
+                    "Invalid release "
+                            + name
+                            + ". Must be 53 or fewer characters and be a valid RFC 1123 string.");
+        }
+        if (namespace.length() > 63 || !rfc1123Pattern.matcher(namespace).matches()) {
+            throw new IllegalArgumentException(
+                    "Invalid namespace "
+                            + namespace
+                            + ". Must be 63 or fewer characters and be a valid RFC 1123 string.");
+        }
         StringBuilder command = new StringBuilder("helm uninstall ");
         safeConcat(command, name);
         command.append(" -n ");
@@ -215,6 +233,12 @@ public int uninstaller(HelmConfiguration configuration, String name, String name
     public HelmLs[] listChartInstall(HelmConfiguration configuration, String namespace)
             throws InvalidExitValueException, IOException, InterruptedException, TimeoutException {
         StringBuilder command = new StringBuilder("helm ls -a");
+        if (namespace.length() > 63 || !rfc1123Pattern.matcher(namespace).matches()) {
+            throw new IllegalArgumentException(
+                    "Invalid namespace "
+                            + namespace
+                            + ". Must be 63 or fewer characters and be a valid RFC 1123 string.");
+        }
         if (namespace != null) {
             command.append(" -n ");
             safeConcat(command, namespace);
@@ -241,6 +265,18 @@ public String getNotes(HelmConfiguration configuration, String id, String namesp
 
     public HelmReleaseInfo getAll(HelmConfiguration configuration, String id, String namespace) {
         StringBuilder command = new StringBuilder("helm get all ");
+        if (id.length() > 53 || !rfc1123Pattern.matcher(id).matches()) {
+            throw new IllegalArgumentException(
+                    "Invalid release "
+                            + id
+                            + ". Must be 53 or fewer characters and be a valid RFC 1123 string.");
+        }
+        if (namespace.length() > 63 || !rfc1123Pattern.matcher(namespace).matches()) {
+            throw new IllegalArgumentException(
+                    "Invalid namespace "
+                            + namespace
+                            + ". Must be 63 or fewer characters and be a valid RFC 1123 string.");
+        }
         safeConcat(command, id);
         command.append(" --namespace ");
         safeConcat(command, namespace);
@@ -260,6 +296,18 @@ private String getReleaseInfo(
             throw new IllegalArgumentException(
                     "Invalid info type " + infoType + ", should be manifest, notes or values");
         }
+        if (id.length() > 53 || !rfc1123Pattern.matcher(id).matches()) {
+            throw new IllegalArgumentException(
+                    "Invalid release "
+                            + id
+                            + ". Must be 53 or fewer characters and be a valid RFC 1123 string.");
+        }
+        if (namespace.length() > 63 || !rfc1123Pattern.matcher(namespace).matches()) {
+            throw new IllegalArgumentException(
+                    "Invalid namespace "
+                            + namespace
+                            + ". Must be 63 or fewer characters and be a valid RFC 1123 string.");
+        }
         StringBuilder command = new StringBuilder("helm get " + infoType + " ");
         try {
             safeConcat(command, id);
@@ -306,7 +354,12 @@ public HelmLs getAppById(HelmConfiguration configuration, String appId, String n
                             + appId
                             + ". Must be 53 or fewer characters and be a valid RFC 1123 string.");
         }
-
+        if (namespace.length() > 63 || !rfc1123Pattern.matcher(namespace).matches()) {
+            throw new IllegalArgumentException(
+                    "Invalid namespace "
+                            + namespace
+                            + ". Must be 63 or fewer characters and be a valid RFC 1123 string.");
+        }
         StringBuilder command = new StringBuilder("helm list --filter ");
         safeConcat(command, appId);
         command.append(" -n ");
