fixup! fixup! fix

Signed-off-by: Oleksii Kurinnyi <[email protected]>

Author: akurinnoy

controllers/workspace/devworkspace_controller.go

@@ -22,6 +22,7 @@ import (
 	"strconv"
 	"strings"
 	"time"
+	"unicode/utf8"
 
 	"github.com/devfile/devworkspace-operator/pkg/library/initcontainers"
 	"github.com/devfile/devworkspace-operator/pkg/library/ssh"
@@ -69,6 +70,16 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 )
 
+const (
+	// Validation limits for init-persistent-home container Command field
+	maxCommandElements      = 10
+	maxCommandElementLength = 1024
+
+	// Validation limits for init-persistent-home container Args field
+	maxArgsElements      = 50
+	maxArgsElementLength = 256 * 1024 // 256KB
+)
+
 // validateNoAdvancedFields validates that the init-persistent-home container
 // does not use advanced Kubernetes container fields that could make behavior unpredictable.
 func validateNoAdvancedFields(c corev1.Container) error {
@@ -121,17 +132,17 @@ func validateHomeInitContainer(c corev1.Container) error {
 		}
 	}
 
-	// Only validate if present
-	if c.Command != nil {
-		if len(c.Command) != 2 || c.Command[0] != "/bin/sh" || c.Command[1] != "-c" {
-			return fmt.Errorf("command must be exactly [/bin/sh, -c] for %s", constants.HomeInitComponentName)
+	// Validate Command for security and resource limits (only if present)
+	if len(c.Command) > 0 {
+		if err := validateCommand(c.Command); err != nil {
+			return fmt.Errorf("invalid command for %s: %w", constants.HomeInitComponentName, err)
 		}
 	}
 
-	// Only validate if present
-	if c.Args != nil {
-		if len(c.Args) != 1 {
-			return fmt.Errorf("args must contain exactly one script string for %s", constants.HomeInitComponentName)
+	// Validate Args for security and resource limits (only if present)
+	if len(c.Args) > 0 {
+		if err := validateArgs(c.Args); err != nil {
+			return fmt.Errorf("invalid args for %s: %w", constants.HomeInitComponentName, err)
 		}
 	}
 
@@ -192,13 +203,79 @@ func validateImageReference(image string) error {
 	return nil
 }
 
+// validateCommand validates the Command field for the init-persistent-home container.
+// This validation prevents resource exhaustion and data corruption while allowing flexibility
+// for enterprise customization.
+// Generated by Claude Sonnet 4.5
+func validateCommand(command []string) error {
+	if len(command) > maxCommandElements {
+		return fmt.Errorf("command cannot exceed %d elements (got %d)", maxCommandElements, len(command))
+	}
+	for i, cmd := range command {
+		if len(cmd) > maxCommandElementLength {
+			return fmt.Errorf("command[%d] exceeds %d characters (got %d)", i, maxCommandElementLength, len(cmd))
+		}
+		if err := validateStringContent(cmd, fmt.Sprintf("command[%d]", i)); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// validateArgs validates the Args field for the init-persistent-home container.
+// This validation prevents resource exhaustion and data corruption while allowing flexibility
+// for enterprise customization.
+// Generated by Claude Sonnet 4.5
+func validateArgs(args []string) error {
+	if len(args) > maxArgsElements {
+		return fmt.Errorf("args cannot exceed %d elements (got %d)", maxArgsElements, len(args))
+	}
+	for i, arg := range args {
+		if len(arg) > maxArgsElementLength {
+			return fmt.Errorf("args[%d] exceeds %d bytes (got %d bytes)", i, maxArgsElementLength, len(arg))
+		}
+		if err := validateStringContent(arg, fmt.Sprintf("args[%d]", i)); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// validateStringContent validates the content of command/args strings to prevent
+// data corruption and ensure valid UTF-8 encoding.
+// Generated by Claude Sonnet 4.5
+func validateStringContent(s, fieldName string) error {
+	// No null bytes (breaks JSON marshaling and container runtime)
+	if strings.Contains(s, "\x00") {
+		return fmt.Errorf("%s contains null bytes", fieldName)
+	}
+
+	// Check for invalid control characters (allow \n, \t which are common in scripts)
+	for _, r := range s {
+		if r < 0x20 && r != '\n' && r != '\t' {
+			return fmt.Errorf("%s contains invalid control character (U+%04X)", fieldName, r)
+		}
+		if r == 0x7F {
+			return fmt.Errorf("%s contains DEL control character", fieldName)
+		}
+	}
+
+	// Must be valid UTF-8
+	if !utf8.ValidString(s) {
+		return fmt.Errorf("%s contains invalid UTF-8", fieldName)
+	}
+
+	return nil
+}
+
 // ensureHomeInitContainerFields ensures that an init-persistent-home container has
 // the correct Command, Args, and VolumeMounts.
 func ensureHomeInitContainerFields(c *corev1.Container) error {
-	c.Command = []string{"/bin/sh", "-c"}
-	if len(c.Args) != 1 {
-		return fmt.Errorf("args must contain exactly one script string for %s", constants.HomeInitComponentName)
+	// Set default command only if not provided
+	if len(c.Command) == 0 {
+		c.Command = []string{"/bin/sh", "-c"}
 	}
+	// Args are validated separately in validateCommandAndArgs
 	c.VolumeMounts = []corev1.VolumeMount{{
 		Name:      constants.HomeVolumeName,
 		MountPath: constants.HomeUserDirectory,

controllers/workspace/init_container_validation_test.go

@@ -59,46 +59,42 @@ func TestValidateInitContainer(t *testing.T) {
 			expectError: false,
 		},
 		{
-			name: "Rejects invalid command",
+			name: "Accepts custom command",
 			container: corev1.Container{
 				Name:    constants.HomeInitComponentName,
 				Image:   "custom-image:latest",
 				Command: []string{"/bin/sh"},
 				Args:    []string{"echo 'test'"},
 			},
-			expectError: true,
-			errorMsg:    "command must be exactly [/bin/sh, -c]",
+			expectError: false,
 		},
 		{
-			name: "Rejects empty command",
+			name: "Accepts empty command",
 			container: corev1.Container{
 				Name:    constants.HomeInitComponentName,
 				Image:   "custom-image:latest",
 				Command: []string{},
 				Args:    []string{"echo 'test'"},
 			},
-			expectError: true,
-			errorMsg:    "command must be exactly [/bin/sh, -c]",
+			expectError: false,
 		},
 		{
-			name: "Rejects empty args",
+			name: "Accepts empty args",
 			container: corev1.Container{
 				Name:  constants.HomeInitComponentName,
 				Image: "custom-image:latest",
 				Args:  []string{},
 			},
-			expectError: true,
-			errorMsg:    "args must contain exactly one script string",
+			expectError: false,
 		},
 		{
-			name: "Rejects multiple args",
+			name: "Accepts multiple args",
 			container: corev1.Container{
 				Name:  constants.HomeInitComponentName,
 				Image: "custom-image:latest",
 				Args:  []string{"echo 'test'", "echo 'test2'"},
 			},
-			expectError: true,
-			errorMsg:    "args must contain exactly one script string",
+			expectError: false,
 		},
 		{
 			name: "Rejects user-provided volumeMounts",
@@ -267,3 +263,96 @@ func TestValidateImageReference(t *testing.T) {
 		})
 	}
 }
+
+// makeStringSlice creates a string slice of the specified length with the given value.
+// Generated by Claude Sonnet 4.5
+func makeStringSlice(count int, value string) []string {
+	result := make([]string, count)
+	for i := range count {
+		result[i] = value
+	}
+	return result
+}
+
+// TestValidateCommand tests validation of Command field.
+// Generated by Claude Sonnet 4.5
+func TestValidateCommand(t *testing.T) {
+	tests := []struct {
+		name        string
+		command     []string
+		expectError bool
+		errorMsg    string
+	}{
+		// Valid cases
+		{"Valid command", []string{"/bin/sh", "-c"}, false, ""},
+		{"Empty command", []string{}, false, ""},
+		{"Command with newlines and tabs", []string{"/bin/sh\ntest\ttab"}, false, ""},
+		{"Max valid elements", makeStringSlice(maxCommandElements, "x"), false, ""},
+		{"Max valid element length", []string{strings.Repeat("a", maxCommandElementLength)}, false, ""},
+		{"Valid UTF-8 with emoji", []string{"/bin/sh", "🚀"}, false, ""},
+
+		// Invalid cases
+		{"Too many elements", makeStringSlice(maxCommandElements+1, "x"), true, "command cannot exceed"},
+		{"Element too long", []string{strings.Repeat("a", maxCommandElementLength+1)}, true, "command[0] exceeds"},
+		{"Null byte", []string{"/bin/sh\x00malicious"}, true, "contains null bytes"},
+		{"Control character", []string{"/bin/sh\x01"}, true, "contains invalid control character"},
+		{"DEL character", []string{"/bin/sh\x7F"}, true, "contains DEL control character"},
+		{"Invalid UTF-8", []string{string([]byte{0xFF, 0xFE, 0xFD})}, true, "contains invalid UTF-8"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := validateCommand(tt.command)
+
+			if tt.expectError {
+				assert.Error(t, err)
+				if tt.errorMsg != "" {
+					assert.Contains(t, err.Error(), tt.errorMsg)
+				}
+			} else {
+				assert.NoError(t, err)
+			}
+		})
+	}
+}
+
+// TestValidateArgs tests validation of Args field.
+// Generated by Claude Sonnet 4.5
+func TestValidateArgs(t *testing.T) {
+	tests := []struct {
+		name        string
+		args        []string
+		expectError bool
+		errorMsg    string
+	}{
+		// Valid cases
+		{"Valid args", []string{"echo 'hello'"}, false, ""},
+		{"Empty args", []string{}, false, ""},
+		{"Args with newlines and tabs", []string{"#!/bin/sh\necho 'test'\n\techo 'indented'"}, false, ""},
+		{"Max valid elements", make([]string, maxArgsElements), false, ""},
+		{"Max valid element length", []string{strings.Repeat("a", maxArgsElementLength)}, false, ""},
+		{"Valid UTF-8 with emoji", []string{"echo '🚀 Hello World 你好'"}, false, ""},
+
+		// Invalid cases
+		{"Too many elements", make([]string, maxArgsElements+1), true, "args cannot exceed"},
+		{"Element too large", []string{strings.Repeat("a", maxArgsElementLength+1)}, true, "args[0] exceeds"},
+		{"Null byte", []string{"echo\x00malicious"}, true, "contains null bytes"},
+		{"Control character", []string{"echo\x02test"}, true, "contains invalid control character"},
+		{"Invalid UTF-8", []string{string([]byte{0xFF, 0xFE})}, true, "contains invalid UTF-8"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := validateArgs(tt.args)
+
+			if tt.expectError {
+				assert.Error(t, err)
+				if tt.errorMsg != "" {
+					assert.Contains(t, err.Error(), tt.errorMsg)
+				}
+			} else {
+				assert.NoError(t, err)
+			}
+		})
+	}
+}

docs/dwo-configuration.md

@@ -167,8 +167,8 @@ A specially-named init container `init-persistent-home` can be used to override
 
 - **Name:** Must be exactly `init-persistent-home`
 - **Image:** Optional. If omitted, defaults to the first non-imported workspace container's image. If no suitable image can be inferred, the workspace will fail to start with an error.
-- **Command:** Optional. If omitted, defaults to `["/bin/sh", "-c"]`. If provided, must exactly match this value.
-- **Args:** Required. Must contain exactly one string with the initialization script.
+- **Command:** Optional. If omitted, defaults to `["/bin/sh", "-c"]`. If provided, can be any valid command array.
+- **Args:** Optional. If omitted and command is also omitted, defaults to a single script string. If provided, can be any valid args array.
 - **VolumeMounts:** Forbidden. The operator automatically mounts the `persistent-home` volume at `/home/user/`.
 - **Env:** Optional. Environment variables are allowed.
 - **Other fields:** Not allowed. Fields such as `ports`, `probes`, `lifecycle`, `securityContext`, `resources`, `volumeDevices`, `stdin`, `tty`, and `workingDir` are rejected to keep behavior predictable.