Copilot commented on code in PR #800:
URL: https://github.com/apache/solr-operator/pull/800#discussion_r2890960187
##########
controllers/solrcloud_controller_basic_auth_test.go:
##########
@@ -353,7 +353,7 @@ func expectPutSecurityJsonInZkCmd(g Gomega,
expInitContainer *corev1.Container)
g.Expect(expInitContainer).To(Not(BeNil()), "Didn't find the setup-zk
InitContainer in the sts!")
expCmd := "solr zk cp zk:/security.json /tmp/current_security.json -z
$ZK_HOST >/dev/null 2>&1; " +
"GET_CURRENT_SECURITY_JSON_EXIT_CODE=$?; if [
${GET_CURRENT_SECURITY_JSON_EXIT_CODE} -eq 0 ]; then " +
- "if [[ ! -s /tmp/current_security.json ]] || grep -q '^{}$'
/tmp/current_security.json ; then " +
+ "if [ ! -s /tmp/current_security.json ] || grep -q '^{}$'
/tmp/current_security.json ; then " +
"echo $SECURITY_JSON > /tmp/security.json; solr zk cp
/tmp/security.json zk:/security.json -z $ZK_HOST >/dev/null 2>&1; " +
" echo 'Blank security.json found. Put new security.json in
ZK'; fi; elif [ ${GET_CURRENT_SECURITY_JSON_EXIT_CODE} -eq 1 ]; then " +
" echo $SECURITY_JSON > /tmp/security.json; solr zk cp
/tmp/security.json zk:/security.json -z $ZK_HOST >/dev/null 2>&1; " +
Review Comment:
This test hard-codes `echo $SECURITY_JSON` in the expected initContainer
command. If the production command is adjusted to emit `SECURITY_JSON` safely
(quoted expansion / `printf` to avoid glob expansion and whitespace mangling),
update the expected command string here accordingly so the test continues to
validate the intended behavior.
```suggestion
"printf '%s' \"$SECURITY_JSON\" > /tmp/security.json; solr zk
cp /tmp/security.json zk:/security.json -z $ZK_HOST >/dev/null 2>&1; " +
" echo 'Blank security.json found. Put new security.json in
ZK'; fi; elif [ ${GET_CURRENT_SECURITY_JSON_EXIT_CODE} -eq 1 ]; then " +
" printf '%s' \"$SECURITY_JSON\" > /tmp/security.json; solr zk
cp /tmp/security.json zk:/security.json -z $ZK_HOST >/dev/null 2>&1; " +
```
##########
controllers/util/solr_security_util.go:
##########
@@ -243,7 +243,7 @@ func cmdToPutSecurityJsonInZk() string {
cmd := " solr zk cp zk:/security.json /tmp/current_security.json -z
$ZK_HOST >/dev/null 2>&1; " +
" GET_CURRENT_SECURITY_JSON_EXIT_CODE=$?; " +
"if [ ${GET_CURRENT_SECURITY_JSON_EXIT_CODE} -eq 0 ]; then " +
// JSON already exists
- "if [[ ! -s /tmp/current_security.json ]] || grep -q '^{}$'
/tmp/current_security.json ; then " + // File doesn't exist, is empty, or is
just '{}'
+ "if [ ! -s /tmp/current_security.json ] || grep -q '^{}$'
/tmp/current_security.json ; then " + // File doesn't exist, is empty, or is
just '{}'
" echo $SECURITY_JSON > /tmp/security.json;" +
" solr zk cp /tmp/security.json zk:/security.json -z $ZK_HOST
>/dev/null 2>&1; " +
Review Comment:
`SECURITY_JSON` is expanded unquoted in `echo $SECURITY_JSON >
/tmp/security.json`. Because the generated `security.json` contains characters
like `*` (e.g., `"collection": "*"`), `/bin/sh` will perform pathname expansion
and can corrupt the JSON (and also collapses newlines/whitespace). Write the
file using a quoted expansion (e.g., `printf '%s' "$SECURITY_JSON" >
/tmp/security.json`) or otherwise disable globbing before emitting the content.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
