From beec79b7ec9df4cc60c324275623b1d345641931 Mon Sep 17 00:00:00 2001 From: Nikita Skrynnik <93182827+NikitaSkrynnik@users.noreply.github.com> Date: Tue, 20 Dec 2022 02:26:52 +1100 Subject: [PATCH] [qfix] fix empty path panic in Registry Authorize chain elements (#1403) Signed-off-by: Nikita Skrynnik Signed-off-by: Nikita Skrynnik --- pkg/registry/common/authorize/common.go | 13 +++++++++++++ pkg/registry/common/authorize/ns_server.go | 14 ++------------ pkg/registry/common/authorize/nse_server.go | 14 ++------------ 3 files changed, 17 insertions(+), 24 deletions(-) diff --git a/pkg/registry/common/authorize/common.go b/pkg/registry/common/authorize/common.go index e9e96530e..c8b2a3552 100644 --- a/pkg/registry/common/authorize/common.go +++ b/pkg/registry/common/authorize/common.go @@ -104,3 +104,16 @@ func getSpiffeIDFromPath(ctx context.Context, path *grpcmetadata.Path) spiffeid. } return id } + +func getLeftSideOfPath(path *grpcmetadata.Path) *grpcmetadata.Path { + if len(path.PathSegments) == 0 { + return &grpcmetadata.Path{ + Index: 0, + PathSegments: []*grpcmetadata.PathSegment{}, + } + } + return &grpcmetadata.Path{ + Index: path.Index, + PathSegments: path.PathSegments[:path.Index+1], + } +} diff --git a/pkg/registry/common/authorize/ns_server.go b/pkg/registry/common/authorize/ns_server.go index 5cc17c364..080fce7ad 100644 --- a/pkg/registry/common/authorize/ns_server.go +++ b/pkg/registry/common/authorize/ns_server.go @@ -57,12 +57,7 @@ func (s *authorizeNSServer) Register(ctx context.Context, ns *registry.NetworkSe path := grpcmetadata.PathFromContext(ctx) spiffeID := getSpiffeIDFromPath(ctx, path) - - index := path.Index - var leftSide = &grpcmetadata.Path{ - Index: index, - PathSegments: path.PathSegments[:index+1], - } + leftSide := getLeftSideOfPath(path) rawMap := getRawMap(s.nsPathIdsMap) input := RegistryOpaInput{ @@ -91,12 +86,7 @@ func (s *authorizeNSServer) Unregister(ctx context.Context, ns *registry.Network path := grpcmetadata.PathFromContext(ctx) spiffeID := getSpiffeIDFromPath(ctx, path) - - index := path.Index - var leftSide = &grpcmetadata.Path{ - Index: index, - PathSegments: path.PathSegments[:index+1], - } + leftSide := getLeftSideOfPath(path) rawMap := getRawMap(s.nsPathIdsMap) input := RegistryOpaInput{ diff --git a/pkg/registry/common/authorize/nse_server.go b/pkg/registry/common/authorize/nse_server.go index a85c2ff7c..69a9af4e0 100644 --- a/pkg/registry/common/authorize/nse_server.go +++ b/pkg/registry/common/authorize/nse_server.go @@ -57,12 +57,7 @@ func (s *authorizeNSEServer) Register(ctx context.Context, nse *registry.Network path := grpcmetadata.PathFromContext(ctx) spiffeID := getSpiffeIDFromPath(ctx, path) - - index := path.Index - var leftSide = &grpcmetadata.Path{ - Index: index, - PathSegments: path.PathSegments[:index+1], - } + leftSide := getLeftSideOfPath(path) rawMap := getRawMap(s.nsePathIdsMap) input := RegistryOpaInput{ @@ -92,12 +87,7 @@ func (s *authorizeNSEServer) Unregister(ctx context.Context, nse *registry.Netwo path := grpcmetadata.PathFromContext(ctx) spiffeID := getSpiffeIDFromPath(ctx, path) - - index := path.Index - var leftSide = &grpcmetadata.Path{ - Index: index, - PathSegments: path.PathSegments[:index+1], - } + leftSide := getLeftSideOfPath(path) rawMap := getRawMap(s.nsePathIdsMap) input := RegistryOpaInput{