fix:enh: protect agg against empty gvks (open-policy-agent#3040)

Signed-off-by: Alex Pana <[email protected]>
sozercan · Oct 10, 2023 · d916017 · d916017
1 parent c2d133b
commit d916017
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 4 deletions.
diff --git a/pkg/cachemanager/aggregator/aggregator.go b/pkg/cachemanager/aggregator/aggregator.go
@@ -85,10 +85,15 @@ func (b *GVKAgreggator) Upsert(k Key, gvks []schema.GroupVersionKind) error {
 		}
 	}
 
-	b.store[k] = makeSet(gvks)
+	// protect against empty inputs
+	gvksSet := makeSet(gvks)
+	if len(gvksSet) == 0 {
+		return nil
+	}
 
+	b.store[k] = gvksSet
 	// add reverse links
-	for _, gvk := range gvks {
+	for gvk := range gvksSet {
 		if _, found := b.reverseStore[gvk]; !found {
 			b.reverseStore[gvk] = make(map[Key]struct{})
 		}
@@ -148,7 +153,9 @@ func (b *GVKAgreggator) pruneReverseStore(gvks map[schema.GroupVersionKind]struc
 func makeSet(gvks []schema.GroupVersionKind) map[schema.GroupVersionKind]struct{} {
 	gvkSet := make(map[schema.GroupVersionKind]struct{})
 	for _, gvk := range gvks {
-		gvkSet[gvk] = struct{}{}
+		if !gvk.Empty() {
+			gvkSet[gvk] = struct{}{}
+		}
 	}
 
 	return gvkSet

diff --git a/pkg/cachemanager/aggregator/aggregator_test.go b/pkg/cachemanager/aggregator/aggregator_test.go
@@ -16,6 +16,8 @@ const (
 
 var (
 	// test gvks.
+	emptyGVK = schema.GroupVersionKind{Group: "", Version: "", Kind: ""}
+
 	g1v1k1 = schema.GroupVersionKind{Group: "group1", Version: "v1", Kind: "Kind1"}
 	g1v1k2 = schema.GroupVersionKind{Group: "group1", Version: "v1", Kind: "Kind2"}
 
@@ -46,6 +48,20 @@ func Test_GVKAggregator_Upsert(t *testing.T) {
 		expectData map[Key]map[schema.GroupVersionKind]struct{}
 		expectRev  map[schema.GroupVersionKind]map[Key]struct{}
 	}{
+		{
+			name: "empty GVKs",
+			keyGVKs: []upsertKeyGVKs{
+				{
+					key: Key{
+						Source: syncset,
+						ID:     "foo",
+					},
+					gvks: []schema.GroupVersionKind{emptyGVK, emptyGVK},
+				},
+			},
+			expectData: map[Key]map[schema.GroupVersionKind]struct{}{},
+			expectRev:  map[schema.GroupVersionKind]map[Key]struct{}{},
+		},
 		{
 			name: "add one key and GVKs",
 			keyGVKs: []upsertKeyGVKs{
@@ -54,7 +70,7 @@ func Test_GVKAggregator_Upsert(t *testing.T) {
 						Source: syncset,
 						ID:     "foo",
 					},
-					gvks: []schema.GroupVersionKind{g1v1k1, g1v1k2},
+					gvks: []schema.GroupVersionKind{g1v1k1, g1v1k2, emptyGVK},
 				},
 			},
 			expectData: map[Key]map[schema.GroupVersionKind]struct{}{