-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
^ in MONGO_SERVER_URL password causes null pointer panic #1114
Comments
the panic should be fixed by #1113, specifically these lines in signing.go - b := o.Backends[backend]
+ logger.Infof("signable storage backends: %v", signableType.StorageBackend(cfg))
+ logger.Infof("o.Backends(): %v", o.Backends)
+
+ b, ok := o.Backends[backend]
+ if !ok {
+ backendErr := fmt.Errorf("could not find backend '%s' in configured backends (%v) while trying sign: %s/%s", backend, maps.Keys(o.Backends), tektonObj.GetKindName(), tektonObj.GetName())
+ logger.Error(backendErr)
+ merr = multierror.Append(merr, backendErr)
+ continue
+ }
+ however, it will not fix the underlying issue ( |
that said, chains doesn't really parse |
It appears that there may be an issue with |
The following assumes there is a MongoDB server running locally with a package main
import (
"context"
"fmt"
"go.mongodb.org/mongo-driver/bson"
"go.mongodb.org/mongo-driver/mongo"
"go.mongodb.org/mongo-driver/mongo/options"
)
func main() {
uri := "mongodb://tekton-chains:foo^bar@localhost:27017/?authSource=admin"
client, err := mongo.Connect(context.TODO(), options.Client().ApplyURI(uri))
if err != nil {
panic(err)
}
defer func() {
if err := client.Disconnect(context.TODO()); err != nil {
panic(err)
}
}()
names, err := client.Database("tekton-chains").ListCollectionNames(context.TODO(), bson.D{})
if err != nil {
panic(err)
}
for i, name := range names {
fmt.Printf("%d: %s\n", i, name)
}
} $ go get go.mongodb.org/mongo-driver@v1.13.1
...
$ go run main.go
panic: parse "mongodb://tekton-chains:foo^bar@localhost:27017/?authSource=admin": net/url: invalid userinfo
goroutine 1 [running]:
main.main()
/Users/bradbeck/github/bradbeck/mongo-client/main.go:16 +0x214
exit status 2
$ go get go.mongodb.org/mongo-driver@v1.13.2
go: upgraded go.mongodb.org/mongo-driver v1.13.1 => v1.13.2
$ go run main.go
0: bar |
Expected Behavior
The user should be able to have a MongoDB password that contains a
^
as part ofMONGO_SERVER_URL
without causing a panic.^
seems to be valid without encoding when usingmongosh
and is not listed as one of the characters that is required to be encoded in the MongoDB documentation.Actual Behavior
Having a password as part of
MONGO_SERVER_URL
that contains^
causes a null pointer access panic when attempting to store payloads.Steps to Reproduce the Problem
Configure Chains to use MongoDB for attestation storage for TaskRuns
Include a
^
in the MongoDB password used inMONGO_SERVER_URL
Run a TaskRun
Chains will panic:
Additional Info
Kubernetes version:
Tekton Pipeline version:
The text was updated successfully, but these errors were encountered: