CHAOS-787: Validate dns disruption hostname regex in webhook (#784)

ptnapoleon · web-flow · commit 572f91fd9e7b · 2023-09-28T11:15:10.000-04:00
* chaos-787: validate dns disruption hostname regexs

* Add a test

* fix test panic

* make tested spec valid
diff --git a/api/v1beta1/dns_disruption.go b/api/v1beta1/dns_disruption.go
@@ -8,6 +8,7 @@ package v1beta1
 import (
 	"errors"
 	"fmt"
+	"regexp"
 	"strings"
 
 	"github.com/hashicorp/go-multierror"
@@ -35,6 +36,10 @@ func (s DNSDisruptionSpec) Validate() (retErr error) {
 			retErr = multierror.Append(retErr, errors.New("no hostname specified in dns disruption"))
 		}
 
+		if _, err := regexp.Compile(pair.Hostname); err != nil {
+			retErr = multierror.Append(retErr, fmt.Errorf("hostname \"%s\" not a valid regular expression: %w", pair.Hostname, err))
+		}
+
 		if pair.Record.Type != "A" && pair.Record.Type != "CNAME" {
 			retErr = multierror.Append(retErr, fmt.Errorf("invalid record type specified in dns disruption, must be A or CNAME but found: %s", pair.Record.Type))
 		}
diff --git a/api/v1beta1/dns_disruption_test.go b/api/v1beta1/dns_disruption_test.go
@@ -0,0 +1,42 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package v1beta1
+
+import (
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("DNSDisruptionSpec", func() {
+	When("'Validate' method is called", func() {
+		Describe("test regex validation cases", func() {
+			It("errors only on invalid regex", func() {
+				disruptionSpec := DNSDisruptionSpec{
+					{
+						Hostname: "hostname.tld",
+						Record: DNSRecord{
+							Type:  "A",
+							Value: "1.2.3.4",
+						},
+					},
+				}
+
+				err := disruptionSpec.Validate()
+				Expect(err).ToNot(HaveOccurred())
+
+				disruptionSpec[0].Hostname = "*.hostname.tld"
+
+				err = disruptionSpec.Validate()
+				Expect(err).To(HaveOccurred())
+				Expect(err.Error()).Should(ContainSubstring("not a valid regular expression"))
+
+				disruptionSpec[0].Hostname = ".*.hostname.tld"
+				err = disruptionSpec.Validate()
+				Expect(err).ToNot(HaveOccurred())
+			})
+		})
+	})
+})
