From e6bd4373915b3d2ac95d8bfdbfb6af202a203c33 Mon Sep 17 00:00:00 2001 From: Nicolas Soto Date: Sun, 4 May 2025 11:28:42 -0700 Subject: [PATCH 1/2] Update resource-validation.md Readability checked on Datayze.com, returned a Flesch-Kincaid Score of 7.87. Text was edited for "Rare Words" and sentence length to bring reported score to 7.82. --- content/ngf/overview/resource-validation.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/ngf/overview/resource-validation.md b/content/ngf/overview/resource-validation.md index 547ce8b55..aa3ed6607 100644 --- a/content/ngf/overview/resource-validation.md +++ b/content/ngf/overview/resource-validation.md @@ -62,9 +62,9 @@ More information on CEL in Kubernetes can be found [here](https://kubernetes.io/ This step catches the following cases of invalid values: - Valid values from the Gateway API perspective but not supported by NGINX Gateway Fabric yet. For example, a feature in an HTTPRoute routing rule. For the list of supported features see [Gateway API Compatibility]({{< relref "./gateway-api-compatibility.md" >}}) doc. -- Valid values from the Gateway API perspective, but invalid for NGINX, because NGINX has stricter validation requirements for certain fields. These values will cause NGINX to fail to reload or operate erroneously. -- Invalid values (both from the Gateway API and NGINX perspectives) that were not rejected because Step 1 was bypassed. Similar to the previous case, these values will cause NGINX to fail to reload or operate erroneously. -- Malicious values that inject unrestricted NGINX config into the NGINX configuration (similar to an SQL injection attack). +- Valid values from the Gateway API perspective, but invalid for NGINX. NGINX has stricter validation requirements for certain fields. These values will cause NGINX to fail to reload or operate erroneously. +- Invalid values (both from the Gateway API and NGINX perspectives) that were not rejected because Step 1 was bypassed. These values will cause NGINX to fail to reload or operate incorrectly. +- Malicious values that inject unchecked NGINX config into the NGINX configuration (similar to an SQL injection attack). Below is an example of how NGINX Gateway Fabric rejects an invalid resource. The validation error is reported via the status: From 7a507d88652fd72a0f4859facfbb148f67f3199f Mon Sep 17 00:00:00 2001 From: Nicolas Soto Date: Sun, 4 May 2025 13:25:40 -0700 Subject: [PATCH 2/2] Update content/ngf/overview/resource-validation.md Co-authored-by: Mike Jang <3287976+mjang@users.noreply.github.com> --- content/ngf/overview/resource-validation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ngf/overview/resource-validation.md b/content/ngf/overview/resource-validation.md index aa3ed6607..f7c7fbb85 100644 --- a/content/ngf/overview/resource-validation.md +++ b/content/ngf/overview/resource-validation.md @@ -64,7 +64,7 @@ This step catches the following cases of invalid values: - Valid values from the Gateway API perspective but not supported by NGINX Gateway Fabric yet. For example, a feature in an HTTPRoute routing rule. For the list of supported features see [Gateway API Compatibility]({{< relref "./gateway-api-compatibility.md" >}}) doc. - Valid values from the Gateway API perspective, but invalid for NGINX. NGINX has stricter validation requirements for certain fields. These values will cause NGINX to fail to reload or operate erroneously. - Invalid values (both from the Gateway API and NGINX perspectives) that were not rejected because Step 1 was bypassed. These values will cause NGINX to fail to reload or operate incorrectly. -- Malicious values that inject unchecked NGINX config into the NGINX configuration (similar to an SQL injection attack). +- Malicious values that inject unrestricted NGINX config into the NGINX configuration (similar to an SQL injection attack). Below is an example of how NGINX Gateway Fabric rejects an invalid resource. The validation error is reported via the status: