flux: Sanitize domain URL for validation

skoeva · skoeva · commit a227169b0f11 · 2025-05-21T09:46:12.000-04:00
These changes to the flux source code replace the endsWith check with a
more precise validation that ensures the groupName is either
toolkit.fluxcd.io or a valid subdomain of it.

Signed-off-by: Evangelos Skopelitis &lt;eskopelitis@microsoft.com&gt;
diff --git a/flux/src/helm-releases/Inventory.tsx b/flux/src/helm-releases/Inventory.tsx
@@ -271,10 +271,16 @@ function inventoryNameLink(item): JSX.Element {
   const pluralName = PluralName(kind);
 
   // Flux types
-  if (groupName.endsWith('toolkit.fluxcd.io')) {
+  const allowedDomain = 'toolkit.fluxcd.io';
+  if (groupName === allowedDomain || groupName.endswith(`.${allowedDomain}`)) {
+    const routeName = 
+      groupName === allowedDomain 
+      ? 'toolkit' 
+      : groupName.substring(0, groupName.indexOf('.'));
+
     return (
       <Link
-        routeName={groupName.substring(0, groupName.indexOf('.'))}
+        routeName={routeName}
         params={{
           pluralName: pluralName,
           name: item.metadata.name,
diff --git a/flux/src/kustomizations/Inventory.tsx b/flux/src/kustomizations/Inventory.tsx
@@ -131,20 +131,26 @@ function inventoryNameLink(item: KubeObject) {
   const pluralName = PluralName(kind);
 
   // Flux types
-  if (groupName.endsWith('toolkit.fluxcd.io')) {
-    return (
-      <Link
-        routeName={groupName.substr(0, groupName.indexOf('.'))}
-        params={{
-          pluralName: pluralName,
-          name: item.metadata.name,
-          namespace: item.metadata.namespace,
-        }}
-      >
-        {item.metadata.name}
-      </Link>
-    );
-  }
+  const allowedDomain = 'toolkit.fluxcd.io';
+  if (groupName === allowedDomain || groupName.endswith(`.${allowedDomain}`)) {
+      const routeName = 
+        groupName === allowedDomain 
+        ? 'toolkit' 
+        : groupName.substring(0, groupName.indexOf('.'));
+  
+      return (
+        <Link
+          routeName={routeName}
+          params={{
+            pluralName: pluralName,
+            name: item.metadata.name,
+            namespace: item.metadata.namespace,
+          }}
+        >
+          {item.metadata.name}
+        </Link>
+      );
+    }
 
   // standard k8s types
   const resourceKind = K8s.ResourceClasses[kind];
