diff --git a/pkg/policies/policies.go b/pkg/policies/policies.go index 672b77798..393f75749 100644 --- a/pkg/policies/policies.go +++ b/pkg/policies/policies.go @@ -393,8 +393,8 @@ func getInputArguments(inputs map[string]string) map[string]any { args[k] = value } - // Single string, let's check for CSV - lines = strings.Split(s, ",") + // Single string, let's check for CSV and escaped commas `\,` + lines = splitArgs(s) value = getValue(lines) if value == nil { continue @@ -425,6 +425,42 @@ func getValue(values []string) any { return lines[0] } +func splitArgs(s string) []string { + var result []string + var current strings.Builder + escaped := false + + for i := 0; i < len(s); i++ { + c := s[i] + + if escaped { + current.WriteByte(c) + escaped = false + continue + } + + if c == '\\' { + escaped = true + continue + } + + if c == ',' { + // Unescaped comma: split here + result = append(result, strings.TrimSpace(current.String())) + current.Reset() + } else { + current.WriteByte(c) + } + } + + // Add the final part + if current.Len() > 0 { + result = append(result, strings.TrimSpace(current.String())) + } + + return result +} + func engineEvaluationsToAPIViolations(results []*engine.EvaluationResult) []*v12.PolicyEvaluation_Violation { res := make([]*v12.PolicyEvaluation_Violation, 0) for _, r := range results { diff --git a/pkg/policies/policies_test.go b/pkg/policies/policies_test.go index ec9641354..cf898e390 100644 --- a/pkg/policies/policies_test.go +++ b/pkg/policies/policies_test.go @@ -772,6 +772,11 @@ func (s *testSuite) TestGetInputArguments() { inputs: map[string]string{"foo": "bar1,bar2,bar3"}, expected: map[string]any{"foo": []string{"bar1", "bar2", "bar3"}}, }, + { + name: "csv input with escaped comma", + inputs: map[string]string{"foo": "bar1\\,bar2,bar3"}, + expected: map[string]any{"foo": []string{"bar1,bar2", "bar3"}}, + }, { name: "csv input with empty slots", inputs: map[string]string{"foo": ",bar1,,,bar2,bar3,,"},