diff options
| author | W. Trevor King <wking@tremily.us> | 2018-05-24 13:18:52 -0700 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-05-24 21:27:05 +0000 |
| commit | a7180cd5459ca063c14a60965b4487f04c0af439 (patch) | |
| tree | e003197bc5a423b0b5cb60aa9377cd66df2dd5c3 /pkg/hooks/1.0.0 | |
| parent | b09fca74afd12b25f18ae92cbdce19fc625704b1 (diff) | |
| download | podman-a7180cd5459ca063c14a60965b4487f04c0af439.tar.gz podman-a7180cd5459ca063c14a60965b4487f04c0af439.tar.bz2 podman-a7180cd5459ca063c14a60965b4487f04c0af439.zip | |
hooks/1.0.0: Error on empty process.args instead of panicking
The process property is optional [1], which this package already
handled appropriately, although I've added a new test here to guard
against regressions.
The process.args entry is required when process is set [2], and it's
also required to contain at least one entry [3]. The previous
implementation here assumed that would always be satisfied, and
panicked on empty process.args. With this commit, we avoid the panic
and instead return an error message explaining why the input was
invalid.
[1]: https://github.com/opencontainers/runtime-spec/blame/v1.0.1/config.md#L145
[2]: https://github.com/opencontainers/runtime-spec/blame/v1.0.1/config.md#L157
[3]: https://github.com/opencontainers/runtime-spec/blame/v1.0.1/config.md#L158
Reported-by: Brent Baude <bbaude@redhat.com>
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #829
Approved by: mheon
Diffstat (limited to 'pkg/hooks/1.0.0')
| -rw-r--r-- | pkg/hooks/1.0.0/when.go | 3 | ||||
| -rw-r--r-- | pkg/hooks/1.0.0/when_test.go | 42 |
2 files changed, 36 insertions, 9 deletions
diff --git a/pkg/hooks/1.0.0/when.go b/pkg/hooks/1.0.0/when.go index 3d2a5fd72..c23223ec0 100644 --- a/pkg/hooks/1.0.0/when.go +++ b/pkg/hooks/1.0.0/when.go @@ -75,6 +75,9 @@ func (when *When) Match(config *rspec.Spec, annotations map[string]string, hasBi } if config.Process != nil { + if len(config.Process.Args) == 0 { + return false, errors.New("process.args must have at least one entry") + } command := config.Process.Args[0] for _, cmdPattern := range when.Commands { match, err := regexp.MatchString(cmdPattern, command) diff --git a/pkg/hooks/1.0.0/when_test.go b/pkg/hooks/1.0.0/when_test.go index 9047f4c9f..5a73270ac 100644 --- a/pkg/hooks/1.0.0/when_test.go +++ b/pkg/hooks/1.0.0/when_test.go @@ -142,25 +142,33 @@ func TestCommands(t *testing.T) { "^/bin/sh$", }, } - config := &rspec.Spec{Process: &rspec.Process{}} + config := &rspec.Spec{} for _, test := range []struct { - name string - args []string - match bool + name string + process *rspec.Process + match bool }{ { - name: "good", - args: []string{"/bin/sh", "a", "b"}, + name: "good", + process: &rspec.Process{ + Args: []string{"/bin/sh", "a", "b"}, + }, match: true, }, { - name: "extra characters", - args: []string{"/bin/shell", "a", "b"}, + name: "extra characters", + process: &rspec.Process{ + Args: []string{"/bin/shell", "a", "b"}, + }, + match: false, + }, + { + name: "process unset", match: false, }, } { t.Run(test.name, func(t *testing.T) { - config.Process.Args = test.args + config.Process = test.process match, err := when.Match(config, map[string]string{}, false) if err != nil { t.Fatal(err) @@ -170,6 +178,22 @@ func TestCommands(t *testing.T) { } } +func TestCommandsEmptyProcessArgs(t *testing.T) { + when := When{ + Commands: []string{ + "^/bin/sh$", + }, + } + config := &rspec.Spec{ + Process: &rspec.Process{}, + } + _, err := when.Match(config, map[string]string{}, false) + if err == nil { + t.Fatal("unexpected success") + } + assert.Regexp(t, "^process\\.args must have at least one entry$", err.Error()) +} + func TestHasBindMountsAndCommands(t *testing.T) { hasBindMounts := true when := When{ |