From 223866fc0f6cea23f3361154ebd5f234615043ea Mon Sep 17 00:00:00 2001 From: Gleb Date: Tue, 5 Mar 2024 10:21:16 +0200 Subject: [PATCH 1/4] work around NPE in signer.Add() --- internal/httputil/signer.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/internal/httputil/signer.go b/internal/httputil/signer.go index d13589e4a7..59983c94c7 100644 --- a/internal/httputil/signer.go +++ b/internal/httputil/signer.go @@ -76,8 +76,10 @@ func (s *Signer) Add(ctx context.Context, uri string) error { if err != nil { return err } - a := u.Host - s.use[a] = struct{}{} + if s.use != nil { + a := u.Host + s.use[a] = struct{}{} + } return nil } From d559ac13780de3a9ed8b81830eb890e8f25cd3b9 Mon Sep 17 00:00:00 2001 From: Gleb Date: Wed, 6 Mar 2024 10:37:43 +0200 Subject: [PATCH 2/4] httputil: add test for signer.Add() with empty config --- internal/httputil/signer_test.go | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 internal/httputil/signer_test.go diff --git a/internal/httputil/signer_test.go b/internal/httputil/signer_test.go new file mode 100644 index 0000000000..ba70583a0f --- /dev/null +++ b/internal/httputil/signer_test.go @@ -0,0 +1,25 @@ +package httputil + +import ( + "context" + "github.com/quay/clair/config" + "github.com/quay/zlog" + "gopkg.in/square/go-jose.v2/jwt" + "testing" +) + +func TestNewSigner(t *testing.T) { + ctx := zlog.Test(context.Background(), t) + cfg := config.Config{} + signer, err := NewSigner(ctx, &cfg, jwt.Claims{}) + if err != nil { + t.Error("signer initialization with empty config should succeed") + } + if signer.use != nil { + t.Error("signed request authority map should be non-initialized") + } + err = signer.Add(ctx, "http://test-url") + if err != nil { + t.Error("Adding host to non-initialized signed request authority map should not fail") + } +} From 867bd963baa82b7f4713648bec455f7c2d22cb88 Mon Sep 17 00:00:00 2001 From: Gleb Date: Mon, 18 Mar 2024 11:42:15 +0200 Subject: [PATCH 3/4] httputil: changed err raising logic in singer.Add() --- internal/httputil/signer.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/internal/httputil/signer.go b/internal/httputil/signer.go index 59983c94c7..59db9f7e23 100644 --- a/internal/httputil/signer.go +++ b/internal/httputil/signer.go @@ -76,10 +76,11 @@ func (s *Signer) Add(ctx context.Context, uri string) error { if err != nil { return err } - if s.use != nil { - a := u.Host - s.use[a] = struct{}{} + if s.use == nil { + return errors.New("authority map not initialized, perhaps missing auth section in config") } + a := u.Host + s.use[a] = struct{}{} return nil } From b9e2c5b808e6be2da2c6b7e75df53edd8fc122cd Mon Sep 17 00:00:00 2001 From: Gleb Date: Mon, 18 Mar 2024 11:42:44 +0200 Subject: [PATCH 4/4] httputil: update test for signer.Add() with empty config --- internal/httputil/signer_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/httputil/signer_test.go b/internal/httputil/signer_test.go index ba70583a0f..27b589c0c0 100644 --- a/internal/httputil/signer_test.go +++ b/internal/httputil/signer_test.go @@ -19,7 +19,7 @@ func TestNewSigner(t *testing.T) { t.Error("signed request authority map should be non-initialized") } err = signer.Add(ctx, "http://test-url") - if err != nil { - t.Error("Adding host to non-initialized signed request authority map should not fail") + if err == nil { + t.Error("Adding host to non-initialized signed request authority map should fail") } }