fix: do not panic on an invalid image name regexp

IsImageMatched interpolates the image name from kustomization images[].name
straight into a regexp and discarded the compile error. When the name is not
a valid regexp (for example "["), regexp.Compile returns a nil *Regexp and
the following MatchString call dereferences it, so kustomize build crashes with
a SIGSEGV.

Capture the compile error and return false when it is set. A name that can't
compile matches no image, which leaves the resource untouched (the same result
you get for any name that doesn't match). Adds a unit test for the invalid name
and a krusty end-to-end case that builds without panicking.

Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
This commit is contained in:
Arpit Jain
2026-07-11 05:50:05 +09:00
parent ecf3669e96
commit d32ba3f38c
3 changed files with 55 additions and 1 deletions

View File

@@ -401,3 +401,42 @@ spec:
image: solsa-echo:foo
`)
}
// An images[].name value that is not a valid regexp (here "[") used to crash
// the build with a nil-pointer panic. It should be treated as matching no
// container image, so the resource passes through untouched.
func TestTransfomersImageInvalidNameRegexp(t *testing.T) {
th := kusttest_test.MakeHarness(t)
th.WriteK(".", `
resources:
- deploy.yaml
images:
- name: "["
newTag: v2
`)
th.WriteF("deploy.yaml", `
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy
spec:
template:
spec:
containers:
- name: nginx
image: nginx:1.7.9
`)
m := th.Run(".", th.MakeDefaultOptions())
th.AssertActualEqualsExpected(m, `
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy
spec:
template:
spec:
containers:
- image: nginx:1.7.9
name: nginx
`)
}