Add validation rules and security annotations for identifiers, CIDR ranges, and matcher inputs#141
Open
Add validation rules and security annotations for identifiers, CIDR ranges, and matcher inputs#141
Conversation
Signed-off-by: Sanjay Jangid <136222049+sanjay20m@users.noreply.github.com>
Signed-off-by: Sanjay Jangid <136222049+sanjay20m@users.noreply.github.com>
Signed-off-by: Sanjay Jangid <136222049+sanjay20m@users.noreply.github.com>
Signed-off-by: Sanjay Jangid <136222049+sanjay20m@users.noreply.github.com>
Signed-off-by: Sanjay Jangid <136222049+sanjay20m@users.noreply.github.com>
Signed-off-by: Sanjay Jangid <136222049+sanjay20m@users.noreply.github.com>
Signed-off-by: Sanjay Jangid <136222049+sanjay20m@users.noreply.github.com>
Signed-off-by: Sanjay Jangid <136222049+sanjay20m@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR introduces additional validation rules and security annotations across several xDS API definitions to improve resilience against malformed or adversarial inputs.
The changes focus on strengthening schema-level validation for fields that may be supplied via configuration or control-plane inputs and are therefore potentially exposed to untrusted data.
Key Improvements
Identifier validation
Resource identifiers and authority fields are restricted to URI-safe characters. These fields often participate in URI-style resource references and logging contexts. Restricting them to safe characters prevents malformed identifiers and avoids whitespace or control-character injection that could lead to ambiguous parsing.
Affected definitions:
• xds/core/v3/authority.proto
• xds/core/v3/resource_locator.proto
• xds/core/v3/resource_name.proto
The character set aligns with URI-safe characters defined in RFC 3986 and preserves compatibility with typical resource naming patterns.
⸻
CIDR validation
CidrRange.address_prefix now uses explicit IP address validation.
This ensures that the prefix represents a valid IPv4 or IPv6 address and prevents malformed inputs from propagating into networking logic that interprets CIDR ranges.
Affected definition:
• xds/core/v3/cidr.proto
⸻
Range integrity validation
Numeric range definitions now enforce end > start.
This prevents reversed or invalid intervals which could otherwise lead to undefined behavior or incorrect range-based logic.
Affected definition:
• xds/type/v3/range.proto
⸻
Security annotations for matcher inputs
Matcher fields and regular-expression inputs are annotated as potentially originating from untrusted downstream configuration.
This improves auditability for fields that may evaluate externally supplied values and helps security tooling identify configuration surfaces that require additional scrutiny.
Affected definitions:
• xds/type/matcher/v3/matcher.proto
• xds/type/matcher/v3/regex.proto
• xds/type/matcher/v3/string.proto
⸻
Security Impact
These changes strengthen schema-level validation without altering message structure or semantics. They reduce the risk of malformed identifiers, invalid CIDR inputs, and incorrect range logic propagating into runtime behavior.
By introducing explicit validation constraints and security annotations, the API becomes more robust against malformed or adversarial configuration inputs.