search

stakater / Forecastle

Forecastle is a control panel which dynamically discovers and provides a launchpad to access applications deployed on Kubernetes – [✩Star] if you're using it!
https://stakater.com
Apache License 2.0
600 stars 62 forks source link

Add Ingress TLS Hosts slice length check to avoid runtime panic #358

Closed hassaanakram closed 1 year ago

hassaanakram commented 1 year ago

Description

In pkg/kube/wrappers/ingress.go the tryGetTLSHost method accesses ingress.Spec.TLS[0].Hosts[0] without ensuring that the Hosts slice is non-empty. This causes a runtime panic if an Ingress object with empty TLS is encountered as given below:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    forecastle.stakater.com/expose: "true"
  labels:
    app.kubernetes.io/managed-by: Helm
  name: strange-ingress
  namespace: webcms-red-dev
spec:
  ingressClassName: intern
  rules:
  - host: webcms-red-dev.nomatter.com
    http:
      paths:
      - backend:
          service:
            name: management-server
            port:
              name: corba
        path: /
        pathType: ImplementationSpecific
  tls:
  - {}

This PR introduces a new method on the IngressWrapper to fetch TLS Hosts

func (iw *IngressWrapper) getTLSHosts() []string

The output of this method is used as a check in the tryGetTLSHosts method to ensure that out of index access panic does not occur.

Closes https://github.com/stakater/Forecastle/issues/345

Test cases

A new test case has been introduced to simulate an Ingress with empty TLS.

github-actions[bot] commented 1 year ago

@LilShah Image is available for testing. docker pull stakater/forecastle:SNAPSHOT-PR-358-96cf42be