feat: strictly validate the input of core resources (#10233)

Sn0rt · web-flow · commit a98f1ca7a4b3 · 2023-09-20T14:28:41.000+08:00
diff --git a/apisix/schema_def.lua b/apisix/schema_def.lua
@@ -283,6 +283,7 @@ local health_checker = {
         {required = {"active"}},
         {required = {"active", "passive"}},
     },
+    additionalProperties = false,
 }
 
 
@@ -501,7 +502,8 @@ local upstream_schema = {
     oneOf = {
         {required = {"nodes"}},
         {required = {"service_name", "discovery_type"}},
-    }
+    },
+    additionalProperties = false
 }
 
 -- TODO: add more nginx variable support
@@ -662,6 +664,7 @@ _M.route = {
             {required = {"script", "plugin_config_id"}},
         }
     },
+    additionalProperties = false,
 }
 
 
@@ -689,6 +692,7 @@ _M.service = {
             uniqueItems = true,
         },
     },
+    additionalProperties = false,
 }
 
 
@@ -707,6 +711,7 @@ _M.consumer = {
         desc = desc_def,
     },
     required = {"username"},
+    additionalProperties = false,
 }
 
 
@@ -817,7 +822,8 @@ _M.ssl = {
             {required = {"snis", "key", "cert"}}
         }
     },
-    ["else"] = {required = {"key", "cert"}}
+    ["else"] = {required = {"key", "cert"}},
+    additionalProperties = false,
 }
 
 
@@ -834,6 +840,7 @@ _M.proto = {
         }
     },
     required = {"content"},
+    additionalProperties = false,
 }
 
 
@@ -846,6 +853,7 @@ _M.global_rule = {
         update_time = timestamp_def
     },
     required = {"id", "plugins"},
+    additionalProperties = false,
 }
 
 
@@ -879,6 +887,7 @@ local xrpc_protocol_schema = {
                 dependencies = {
                     name = {"conf"},
                 },
+                additionalProperties = false,
             },
         },
 
@@ -913,7 +922,8 @@ _M.stream_route = {
         upstream_id = id_schema,
         plugins = plugins_schema,
         protocol = xrpc_protocol_schema,
-    }
+    },
+    additionalProperties = false,
 }
 
 
@@ -929,6 +939,7 @@ _M.plugins = {
             stream = {
                 type = "boolean"
             },
+            additionalProperties = false,
         },
         required = {"name"}
     }
@@ -946,6 +957,7 @@ _M.plugin_config = {
         update_time = timestamp_def
     },
     required = {"id", "plugins"},
+    additionalProperties = false,
 }
 
 
@@ -960,6 +972,7 @@ _M.consumer_group = {
         update_time = timestamp_def
     },
     required = {"id", "plugins"},
+    additionalProperties = false,
 }
 
 
diff --git a/t/admin/upstream-array-nodes.t b/t/admin/upstream-array-nodes.t
@@ -251,7 +251,7 @@ no valid upstream node
 
 
 
-=== TEST 9: additional properties is valid
+=== TEST 9: additional properties is invalid
 --- config
     location /t {
         content_by_lua_block {
@@ -277,8 +277,9 @@ no valid upstream node
     }
 --- request
 GET /t
---- response_body
-passed
+--- error_code: 400
+--- response_body eval
+qr/\{"error_msg":"invalid configuration: additional properties forbidden, found .*"\}/
 
 
 
diff --git a/t/admin/upstream.t b/t/admin/upstream.t
@@ -330,7 +330,7 @@ GET /t
 
 
 
-=== TEST 11: additional properties is valid
+=== TEST 11: additional properties is invalid
 --- config
     location /t {
         content_by_lua_block {
@@ -354,8 +354,9 @@ GET /t
     }
 --- request
 GET /t
---- response_body
-passed
+--- error_code: 400
+--- response_body eval
+qr/\{"error_msg":"invalid configuration: additional properties forbidden, found .*"\}/
 
 
 
diff --git a/t/wasm/global-rule.t b/t/wasm/global-rule.t
@@ -57,13 +57,6 @@ __DATA__
             local code, body = t('/apisix/admin/global_rules/1',
                 ngx.HTTP_PUT,
                 [[{
-                    "uri": "/hello",
-                    "upstream": {
-                        "type": "roundrobin",
-                        "nodes": {
-                            "127.0.0.1:1980": 1
-                        }
-                    },
                     "plugins": {
                         "wasm_log": {
                             "conf": "blahblah"

Original file line number	Diff line number	Diff line change
`@@ -283,6 +283,7 @@ local health_checker = {`
`283`	`283`	`{required = {"active"}},`
`284`	`284`	`{required = {"active", "passive"}},`
`285`	`285`	`},`
	`286`	`+ additionalProperties = false,`
`286`	`287`	`}`
`287`	`288`
`288`	`289`
`@@ -501,7 +502,8 @@ local upstream_schema = {`
`501`	`502`	`oneOf = {`
`502`	`503`	`{required = {"nodes"}},`
`503`	`504`	`{required = {"service_name", "discovery_type"}},`
`504`		`- }`
	`505`	`+ },`
	`506`	`+ additionalProperties = false`
`505`	`507`	`}`
`506`	`508`
`507`	`509`	`-- TODO: add more nginx variable support`
`@@ -662,6 +664,7 @@ _M.route = {`
`662`	`664`	`{required = {"script", "plugin_config_id"}},`
`663`	`665`	`}`
`664`	`666`	`},`
	`667`	`+ additionalProperties = false,`
`665`	`668`	`}`
`666`	`669`
`667`	`670`
`@@ -689,6 +692,7 @@ _M.service = {`
`689`	`692`	`uniqueItems = true,`
`690`	`693`	`},`
`691`	`694`	`},`
	`695`	`+ additionalProperties = false,`
`692`	`696`	`}`
`693`	`697`
`694`	`698`
`@@ -707,6 +711,7 @@ _M.consumer = {`
`707`	`711`	`desc = desc_def,`
`708`	`712`	`},`
`709`	`713`	`required = {"username"},`
	`714`	`+ additionalProperties = false,`
`710`	`715`	`}`
`711`	`716`
`712`	`717`
`@@ -817,7 +822,8 @@ _M.ssl = {`
`817`	`822`	`{required = {"snis", "key", "cert"}}`
`818`	`823`	`}`
`819`	`824`	`},`
`820`		`- ["else"] = {required = {"key", "cert"}}`
	`825`	`+ ["else"] = {required = {"key", "cert"}},`
	`826`	`+ additionalProperties = false,`
`821`	`827`	`}`
`822`	`828`
`823`	`829`
`@@ -834,6 +840,7 @@ _M.proto = {`
`834`	`840`	`}`
`835`	`841`	`},`
`836`	`842`	`required = {"content"},`
	`843`	`+ additionalProperties = false,`
`837`	`844`	`}`
`838`	`845`
`839`	`846`
`@@ -846,6 +853,7 @@ _M.global_rule = {`
`846`	`853`	`update_time = timestamp_def`
`847`	`854`	`},`
`848`	`855`	`required = {"id", "plugins"},`
	`856`	`+ additionalProperties = false,`
`849`	`857`	`}`
`850`	`858`
`851`	`859`
`@@ -879,6 +887,7 @@ local xrpc_protocol_schema = {`
`879`	`887`	`dependencies = {`
`880`	`888`	`name = {"conf"},`
`881`	`889`	`},`
	`890`	`+ additionalProperties = false,`
`882`	`891`	`},`
`883`	`892`	`},`
`884`	`893`
`@@ -913,7 +922,8 @@ _M.stream_route = {`
`913`	`922`	`upstream_id = id_schema,`
`914`	`923`	`plugins = plugins_schema,`
`915`	`924`	`protocol = xrpc_protocol_schema,`
`916`		`- }`
	`925`	`+ },`
	`926`	`+ additionalProperties = false,`
`917`	`927`	`}`
`918`	`928`
`919`	`929`
`@@ -929,6 +939,7 @@ _M.plugins = {`
`929`	`939`	`stream = {`
`930`	`940`	`type = "boolean"`
`931`	`941`	`},`
	`942`	`+ additionalProperties = false,`
`932`	`943`	`},`
`933`	`944`	`required = {"name"}`
`934`	`945`	`}`
`@@ -946,6 +957,7 @@ _M.plugin_config = {`
`946`	`957`	`update_time = timestamp_def`
`947`	`958`	`},`
`948`	`959`	`required = {"id", "plugins"},`
	`960`	`+ additionalProperties = false,`
`949`	`961`	`}`
`950`	`962`
`951`	`963`
`@@ -960,6 +972,7 @@ _M.consumer_group = {`
`960`	`972`	`update_time = timestamp_def`
`961`	`973`	`},`
`962`	`974`	`required = {"id", "plugins"},`
	`975`	`+ additionalProperties = false,`
`963`	`976`	`}`
`964`	`977`
`965`	`978`