Merge pull request #86 from ekristen/fix-nil-pointer-2

fix(config): protect against nil pointer for misconfigured account
ekristen · Nov 13, 2024 · 585b852 · 585b852
2 parents 4a2e370 + 487a6e2
commit 585b852
Show file tree

Hide file tree

Showing 4 changed files with 71 additions and 0 deletions.
diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -204,6 +204,11 @@ func (c *Config) Filters(accountID string) (filter.Filters, error) {
 	}
 
 	account := c.Accounts[accountID]
+
+	if account == nil {
+		return nil, errors.ErrAccountNotConfigured
+	}
+
 	filters := account.Filters
 
 	if filters == nil {

diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go
@@ -9,6 +9,8 @@ import (
 
 	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
+
+	"github.com/ekristen/libnuke/pkg/errors"
 )
 
 func init() {
@@ -242,3 +244,34 @@ func TestIncomplete(t *testing.T) {
 	assert.NoError(t, err)
 	_ = c
 }
+
+// TestBroken tests a broken configuration file with an incomplete account that is not properly
+// configured. This should return an error when trying to get the filters for the account.
+func TestBroken(t *testing.T) {
+	opts := Options{
+		Path: "testdata/broken.yaml",
+	}
+	c, err := New(opts)
+	assert.NoError(t, err)
+	_ = c
+
+	_, err = c.Filters("000000000000")
+	assert.ErrorIs(t, err, errors.ErrAccountNotConfigured)
+}
+
+// TestBrokenFixed tests a fixed broken configuration where there is at minimum an empty object provided for the
+// account. This should return an empty set of filters and no errors.
+func TestBrokenFixed(t *testing.T) {
+	opts := Options{
+		Path: "testdata/broken-fixed.yaml",
+	}
+	c, err := New(opts)
+	assert.NoError(t, err)
+	_ = c
+
+	_, err = c.Filters("000000000000")
+	assert.NoError(t, err)
+
+	_, err = c.Filters("111111111111")
+	assert.NoError(t, err)
+}
diff --git a/pkg/config/testdata/broken-fixed.yaml b/pkg/config/testdata/broken-fixed.yaml
@@ -0,0 +1,17 @@
+regions:
+- global
+- us-east-1
+- ap-southeast-2
+
+blocklist:
+- "000000000000"
+
+accounts:
+  "000000000000": {}
+  "111111111111":
+    filters:
+      __global__:
+        - property: tag:aws-nuke
+          value: "Disable"
+        - property: tag:aws-nuke
+          value: "disable"
diff --git a/pkg/config/testdata/broken.yaml b/pkg/config/testdata/broken.yaml
@@ -0,0 +1,16 @@
+regions:
+- global
+- us-east-1
+- ap-southeast-2
+
+blocklist:
+- "000000000000"
+
+accounts:
+  "000000000000":
+  filters:
+    __global__:
+      - property: tag:aws-nuke
+        value: "Disable"
+      - property: tag:aws-nuke
+        value: "disable"