Validate path types (#9967)

* Validate path types * Fix the year of header * Update internal/ingress/controller/config/config.go Co-authored-by: Jintao Zhang <tao12345666333@163.com> --------- Co-authored-by: Jintao Zhang <tao12345666333@163.com>
2023-05-20 08:58:18 -03:00 · 2023-05-20 08:58:18 -03:00 · c540b58474
commit c540b58474
parent 0dd1cf7460
7 changed files with 296 additions and 0 deletions
--- a/internal/ingress/controller/controller.go
+++ b/internal/ingress/controller/controller.go
@ -270,11 +270,13 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error {
 	if !ing.DeletionTimestamp.IsZero() {
 		return nil
 	}
+
 	if n.cfg.DeepInspector {
 		if err := inspector.DeepInspect(ing); err != nil {
 			return fmt.Errorf("invalid object: %w", err)
 		}
 	}
+
 	// Do not attempt to validate an ingress that's not meant to be controlled by the current instance of the controller.
 	if ingressClass, err := n.store.GetIngressClass(ing, n.cfg.IngressClassConfiguration); ingressClass == "" {
 		klog.Warningf("ignoring ingress %v in %v based on annotation %v: %v", ing.Name, ing.ObjectMeta.Namespace, ingressClass, err)
@ -293,6 +295,13 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error {
 	cfg := n.store.GetBackendConfiguration()
 	cfg.Resolver = n.resolver

+	// Adds the pathType Validation
+	if cfg.StrictValidatePathType {
+		if err := inspector.ValidatePathType(ing); err != nil {
+			return fmt.Errorf("ingress contains invalid paths: %w", err)
+		}
+	}
+
 	var arrayBadWords []string

 	if cfg.AnnotationValueWordBlocklist != "" {