13
0
Fork 0
mirror of https://github.com/yannh/kubeconform.git synced 2026-06-29 00:10:45 +00:00
kubeconform/pkg
Nikolai Emil Damm d3ae574bf2
fix: copy scanner bytes in FromStream to prevent aliasing data race
FromStream set each Resource's Bytes to scanner.Bytes(), which aliases
the bufio.Scanner's internal buffer. Resources are emitted on a channel
and retained/parsed by the consumer concurrently with the producer
goroutine; when the scanner refills its buffer for later documents it
overwrites the slices earlier Resources still point at. Consumers that
parse resources as they arrive (e.g. ValidateWithContext) then read
corrupted bytes — a later document spliced into the one being parsed —
surfacing as non-deterministic YAML parse errors on large multi-document
streams (a different resource fails on each run).

Clone the scanner bytes so each Resource owns its slice. Adds a
regression test that streams >4MB (forcing the scanner to refill) and
asserts every resource's bytes are intact after draining.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-25 02:50:27 +02:00
..
cache Update jsonschema library to v6 (#324) 2025-05-11 02:05:01 +02:00
config Sanitize csv strings (#258) 2024-05-09 14:21:36 +02:00
loader Invalid JSON should not be considered an error - see https://github.com/yannh/kubeconform/issues/67 (#327) 2025-05-12 10:21:02 +02:00
output Fix junit output, also ensure junit output is deterministic (#253) 2023-12-24 18:06:03 +01:00
registry Add tests for the HTTP loader (#325) 2025-05-11 04:13:07 +02:00
resource fix: copy scanner bytes in FromStream to prevent aliasing data race 2026-06-25 02:50:27 +02:00
validator Small fixes, better sanitization (#359) 2026-06-04 21:55:22 +02:00