fix(jsonfilter): Sanitize input when parsing filters#3205
Merged
Conversation
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request strengthens the security of JSON field path filtering in workflow queries by validating user-supplied field paths to prevent SQL injection. It introduces a strict allowlist for field path syntax, surfaces validation errors to the API, and adds comprehensive tests to ensure only safe paths are accepted.
Security improvements for JSON field path filtering:
fieldPathRegexp) inpkg/jsonfilter/jsonfilter.goto strictly validate JSON field paths, allowing only dot-separated identifiers and numeric array indices, and rejecting any unsafe characters that could lead to SQL injection.validateFieldPathfunction inpkg/jsonfilter/jsonfilter.goto enforce this validation before building SQL predicates. [1] [2]BuildEntSelectorFromJSONFilterto return an error if the field path is unsafe, preventing unsafe queries from being constructed.Workflow query logic and error handling:
applyWorkflowFiltersinapp/controlplane/pkg/data/workflow.goto return an error if any JSON filter is invalid, ensuring validation errors are surfaced instead of silently ignored. [1] [2] [3] [4]app/controlplane/pkg/biz/workflow_integration_test.goto verify that unsafe field paths are rejected with a validation error, and safe paths are accepted.Test coverage:
pkg/jsonfilter/jsonfilter_test.goto cover a wide range of valid and invalid field path scenarios, ensuring the validator correctly allows safe paths and rejects unsafe ones. [1] [2]Other:
pkg/jsonfilter/jsonfilter.go.jsonfilterin integration tests.