You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Preferably applying invalid CRs should not be possible. There might be shemas for CRDs.
Validate all user input from CRs in code before using it (e.g. is this really valid container-image string? is this a injection attack? do the timeout values make sense?, ...)
Cluster provider
No response
Version
No response
Additional information
No response
The text was updated successfully, but these errors were encountered:
Since apiextensions.k8s.io/v1, preserveUnknownFields should be set to false by default, which leads to automatic pruning of unknown fields. So I assume that we do not have to care about these 😊
Describe the bug
Invalid values in the custom resources may lead to crash loops or open attack vectors.
Resources:
https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation
https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-rules
Reproducer Session
theia-cloud branch osweek23-1
theia-cloud-helm branch osweek23-1
terraform test-configuration 2-01_try-now
kubectl apply -f osweek23/empty-session.yaml
Reproducer Workspace
theia-cloud branch osweek23-1
theia-cloud-helm branch osweek23-1
terraform test-configuration 2-01_try-now
kubectl apply -f osweek23/empty-workspace.yaml
Reproducer AppDefinition
theia-cloud branch osweek23-2
theia-cloud-helm branch osweek23-1
terraform test-configuration 2-01_try-now
kubectl apply -f osweek23/coffee-session.yaml
Expected behavior
Cluster provider
No response
Version
No response
Additional information
No response
The text was updated successfully, but these errors were encountered: