Uploaded image for project: 'OpenShift Windows Containers'
  1. OpenShift Windows Containers
  2. WINC-1412

Implement comprehensive input validation across the operator

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • 5
    • None
    • None
    • WINC - Sprint 279

      User or Developer story

      As a WMCO developer, I want to implement comprehensive input validation across the operator so that malformed or malicious data from external resources like ConfigMaps cannot cause unexpected behavior or security vulnerabilities.

      Description

      Several parts of the codebase, particularly in the controllers, read data from Kubernetes resources (like the `windows-instances` ConfigMap) and process it without sufficient validation. For example, in `controllers/configmap_controller.go`, the data from the instance ConfigMap is parsed, but the resulting `instance.Info` objects are not validated for correctness (e.g., valid IP addresses, non-empty usernames). This could lead to panics, incorrect behavior, or be exploited by a user with permissions to edit the ConfigMap.

      A systematic review and implementation of input validation is needed wherever external data is consumed.

      Required

      • Audit all data inputs from external Kubernetes resources (ConfigMaps, Secrets, CRDs).
      • Add validation logic immediately after parsing or retrieving the data.
      • Ensure the operator handles invalid data gracefully (e.g., logs an error, requeues the request).

      Nice to have

      • Create a reusable validation library for common types used in the operator.

      Engineering Details

      • Repository: `https://github.com/openshift/windows-machine-config-operator/`
      • Files to audit:
      • `controllers/configmap_controller.go` (parsing of `windows-instances` ConfigMap)
      • `pkg/wiparser/wiparser.go` (the parsing logic itself)
      • `controllers/secret_controller.go` (processing of secrets)
      • All other controllers that consume external data.
      • Validation to add:
      • Check for empty or malformed strings where they are not expected.
      • Validate that IP addresses are in the correct format.
      • Ensure that required fields in parsed data structures are present.

      Acceptance Criteria

      • Data parsed from the `windows-instances` ConfigMap is validated, and malformed entries result in a clear error log and a failed reconciliation for that instance.
      • Other key data inputs throughout the controllers are identified and have appropriate validation applied.
      • The operator is resilient to malformed input and does not crash or enter an undefined state.
      • Unit tests are added to the parsing and processing logic to test various forms of invalid input and ensure they are handled correctly.

              Unassigned Unassigned
              jvaldes@redhat.com Jose Valdes
              None
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: