From 0f33be323ede1c4684d684355c1b86471a13c82c Mon Sep 17 00:00:00 2001 From: Akshay Chawla Date: Thu, 16 Oct 2025 15:52:58 +0100 Subject: [PATCH 1/6] validating the value against regex --- internal/config/config.go | 15 ++++++++++++++- internal/config/config_test.go | 4 ++-- internal/config/testdata/nginx-agent.conf | 2 +- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/internal/config/config.go b/internal/config/config.go index cc72af59c7..d21a46bde4 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -931,7 +931,9 @@ func resolveLabels() map[string]interface{} { result[trimmedKey] = parseJSON(trimmedValue) default: // String - result[trimmedKey] = trimmedValue + if validateLabel(trimmedValue) { + result[trimmedKey] = trimmedValue + } } } @@ -940,6 +942,17 @@ func resolveLabels() map[string]interface{} { return result } +func validateLabel(labelValue string) bool { + const maxLength = 256 + labelPattern := regexp.MustCompile("^[a-zA-Z0-9]([a-zA-Z0-9-_]{0,254}[a-zA-Z0-9])?$") + if len(labelValue) > maxLength || !labelPattern.MatchString(labelValue) { + slog.Warn("Label value contains unsupported character ", "label_value", labelValue) + return false + } + + return true +} + func resolveEnvironmentVariableLabels() map[string]string { envLabels := make(map[string]string) envInput := viperInstance.GetString(LabelsRootKey) diff --git a/internal/config/config_test.go b/internal/config/config_test.go index f55afee23e..925dc760f4 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -1234,7 +1234,7 @@ func createConfig() *Config { { Action: "insert", Key: "label1", - Value: "label 1", + Value: "label-1", }, { Action: "insert", @@ -1314,7 +1314,7 @@ func createConfig() *Config { }, }, Labels: map[string]any{ - "label1": "label 1", + "label1": "label-1", "label2": "new-value", "label3": 123, }, diff --git a/internal/config/testdata/nginx-agent.conf b/internal/config/testdata/nginx-agent.conf index 9df36198d6..1444daeef6 100644 --- a/internal/config/testdata/nginx-agent.conf +++ b/internal/config/testdata/nginx-agent.conf @@ -13,7 +13,7 @@ watchers: - \.*log$ labels: - label1: label 1 + label1: label-1 label2: new-value label3: 123 From fd57d2e0d7a822bb8896a6cd1253d141b48e940b Mon Sep 17 00:00:00 2001 From: Akshay Chawla Date: Thu, 16 Oct 2025 19:39:52 +0100 Subject: [PATCH 2/6] regex pattern as constant --- internal/config/config.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/internal/config/config.go b/internal/config/config.go index d21a46bde4..359adca673 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -46,7 +46,8 @@ const ( // Regular expression to match invalid characters in paths. // It matches whitespace, control characters, non-printable characters, and specific Unicode characters. - regexInvalidPath = "\\s|[[:cntrl:]]|[[:space:]]|[[^:print:]]|ㅤ|\\.\\.|\\*" + regexInvalidPath = "\\s|[[:cntrl:]]|[[:space:]]|[[^:print:]]|ㅤ|\\.\\.|\\*" + regexLabelPattern = "^[a-zA-Z0-9]([a-zA-Z0-9-_]{0,254}[a-zA-Z0-9])?$" ) var viperInstance = viper.NewWithOptions(viper.KeyDelimiter(KeyDelimiter)) @@ -944,7 +945,7 @@ func resolveLabels() map[string]interface{} { func validateLabel(labelValue string) bool { const maxLength = 256 - labelPattern := regexp.MustCompile("^[a-zA-Z0-9]([a-zA-Z0-9-_]{0,254}[a-zA-Z0-9])?$") + labelPattern := regexp.MustCompile(regexLabelPattern) if len(labelValue) > maxLength || !labelPattern.MatchString(labelValue) { slog.Warn("Label value contains unsupported character ", "label_value", labelValue) return false From f943c588c0678ddd1bd9049859cf344d4f0c934f Mon Sep 17 00:00:00 2001 From: Aphral Griffin Date: Thu, 16 Oct 2025 15:54:09 +0100 Subject: [PATCH 3/6] fix pipeline --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b21cbe935d..2a270ad8d2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,7 +20,7 @@ permissions: env: NFPM_VERSION: 'v2.35.3' - GOPROXY: "direct" + GOPROXY: "https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@azr.artifactory.f5net.com/artifactory/api/go/f5-nginx-go-dev" jobs: proxy-sanity-check: From 3f71582c57c6fa95b093c4c76c8288243e08869b Mon Sep 17 00:00:00 2001 From: Akshay Chawla Date: Fri, 17 Oct 2025 16:38:07 +0100 Subject: [PATCH 4/6] unit-test cases --- internal/config/config_test.go | 51 ++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/internal/config/config_test.go b/internal/config/config_test.go index 925dc760f4..5a20b7e9d9 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -1410,3 +1410,54 @@ func createDefaultCollectorConfig() *Collector { }, } } + +func TestValidateLabel(t *testing.T) { + tests := []struct { + name string + input string + wantValid bool + }{ + { + name: "Test 1: Valid label - simple", + input: "label123", + wantValid: true, + }, + { + name: "Test 2: Valid label - with dash and underscore", + input: "label-123_abc", + wantValid: true, + }, + { + name: "Test 3: Invalid label - too long", + input: strings.Repeat("a", 257), + wantValid: false, + }, + { + name: "Test 4: Invalid label - special char", + input: "label$", + wantValid: false, + }, + { + name: "Test 5: Invalid label - starts with dash", + input: "-label", + wantValid: false, + }, + { + name: "Test 6: Invalid label - ends with dash", + input: "label-", + wantValid: false, + }, + { + name: "Test 7: Invalid label - empty", + input: "", + wantValid: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got := validateLabel(tt.input) + assert.Equal(t, tt.wantValid, got) + }) + } +} From df5fd434323399e71c2d34139e32e447f7e1b5b9 Mon Sep 17 00:00:00 2001 From: Akshay Chawla Date: Wed, 22 Oct 2025 16:34:09 +0100 Subject: [PATCH 5/6] worked on PR comments --- internal/config/config.go | 4 ++- internal/config/config_test.go | 57 ++++++++++++++++++---------------- 2 files changed, 34 insertions(+), 27 deletions(-) diff --git a/internal/config/config.go b/internal/config/config.go index 359adca673..f0f5489e20 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -947,7 +947,9 @@ func validateLabel(labelValue string) bool { const maxLength = 256 labelPattern := regexp.MustCompile(regexLabelPattern) if len(labelValue) > maxLength || !labelPattern.MatchString(labelValue) { - slog.Warn("Label value contains unsupported character ", "label_value", labelValue) + slog.Warn("Label value contains unsupported character or exceed maximum length of 256 characters ", + "label_value", labelValue) + return false } diff --git a/internal/config/config_test.go b/internal/config/config_test.go index 5a20b7e9d9..b47e022537 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -1413,51 +1413,56 @@ func createDefaultCollectorConfig() *Collector { func TestValidateLabel(t *testing.T) { tests := []struct { - name string - input string - wantValid bool + name string + input string + expected bool }{ { - name: "Test 1: Valid label - simple", - input: "label123", - wantValid: true, + name: "Test 1: Valid label - simple", + input: "label123", + expected: true, }, { - name: "Test 2: Valid label - with dash and underscore", - input: "label-123_abc", - wantValid: true, + name: "Test 2: Valid label - with dash and underscore", + input: "label-123_abc", + expected: true, }, { - name: "Test 3: Invalid label - too long", - input: strings.Repeat("a", 257), - wantValid: false, + name: "Test 3: Invalid label - too long", + input: strings.Repeat("a", 257), + expected: false, }, { - name: "Test 4: Invalid label - special char", - input: "label$", - wantValid: false, + name: "Test 4: Invalid label - special char", + input: "label$", + expected: false, }, { - name: "Test 5: Invalid label - starts with dash", - input: "-label", - wantValid: false, + name: "Test 5: Invalid label - starts with dash", + input: "-label", + expected: false, }, { - name: "Test 6: Invalid label - ends with dash", - input: "label-", - wantValid: false, + name: "Test 6: Invalid label - ends with dash", + input: "label-", + expected: false, }, { - name: "Test 7: Invalid label - empty", - input: "", - wantValid: false, + name: "Test 7: Invalid label - empty", + input: "", + expected: false, + }, + { + name: "Test 8: Invalid label - contains spaces", + input: "label 123", + expected: false, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got := validateLabel(tt.input) - assert.Equal(t, tt.wantValid, got) + actual := validateLabel(tt.input) + assert.Equal(t, tt.expected, actual) }) } } From 77a5582c5927ce2a722db3192bccb2dcf780782b Mon Sep 17 00:00:00 2001 From: Akshay Chawla Date: Mon, 3 Nov 2025 10:27:14 +0000 Subject: [PATCH 6/6] reverted the fix done for git pipeline issue --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2a270ad8d2..b21cbe935d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,7 +20,7 @@ permissions: env: NFPM_VERSION: 'v2.35.3' - GOPROXY: "https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@azr.artifactory.f5net.com/artifactory/api/go/f5-nginx-go-dev" + GOPROXY: "direct" jobs: proxy-sanity-check: