source-controller/internal/reconcile/summarize
Florian Forster 8be37ef1d2
Fix incorrect use of format strings with the `conditions` package.
Many of the functions in the `conditions` package accept a format string and
(optional) arguments, just like `fmt.Printf` and friends.

In many places, the code passed an error message as the format string, causing
it to be interpreted by the `fmt` package. This leads to issues when the
message contains percent signs, e.g. URL-encoded values.

Consider the following code:

```go
// internal/controller/ocirepository_controller.go
revision, err := r.getRevision(ref, opts)
if err != nil {
	e := serror.NewGeneric(
		fmt.Errorf("failed to determine artifact digest: %w", err),
		ociv1.OCIPullFailedReason,
	)
	conditions.MarkTrue(obj, sourcev1.FetchFailedCondition, e.Reason, e.Err.Error())
	return sreconcile.ResultEmpty, e
}
```

Since `getRevision()` includes the URL in the error message and the error
message is used as a format string, the resulting condition reads:

```
failed to determine artifact digest: GET https://gitlab.com/jwt/auth?scope=repository%!A(MISSING)fforster%!F(MISSING)<REDACTED>%!F(MISSING)k8s-resource-manifests%!A(MISSING)pull&service=container_registry: DENIED: access forbidden
```

This adds an explicit format string and shortens `e.Error()` and
`e.Err.Error()` to `e`, which yields the same output.

To the best of my knowledge, Go is safe from format string attacks. I **don't**
think this is a security vulnerability, but I'm also not a security expert.

Signed-off-by: Florian Forster <fforster@gitlab.com>
2024-07-05 15:55:31 +02:00
..
matchers_test.go Make generic SummarizeAndPatch() 2022-02-23 12:35:30 +01:00
processor.go Remove event error 2023-09-15 17:41:43 +05:30
processor_test.go Make generic SummarizeAndPatch() 2022-02-23 12:35:30 +01:00
summary.go Fix incorrect use of format strings with the `conditions` package. 2024-07-05 15:55:31 +02:00
summary_test.go misc: remove redundant nil check 2023-10-11 11:03:55 +02:00