fix: add parsing of json pointers to support special chars (kyverno#3578

kyverno#3616) (kyverno#4767) * Added jsonpointer package that supports parsing of paths and JSON pointers that can yield either a JSON pointer string or JMESPath string. * Replaced the use of `strings.Split` and `strings.Join` in places where paths are converted to JMESPaths. Signed-off-by: Tobias Dahlberg <[email protected]> Signed-off-by: Tobias Dahlberg <[email protected]> Co-authored-by: shuting <[email protected]> Co-authored-by: Prateek Pandey <[email protected]> Co-authored-by: Vyankatesh Kudtarkar <[email protected]>
infracloudio · Nov 10, 2022 · 19f0e7e · 19f0e7e
1 parent 977dcc3
commit 19f0e7e
Show file tree

Hide file tree

Showing 9 changed files with 848 additions and 74 deletions.
diff --git a/pkg/engine/imageVerify.go b/pkg/engine/imageVerify.go
@@ -14,11 +14,11 @@ import (
 	"github.com/kyverno/kyverno/pkg/cosign"
 	"github.com/kyverno/kyverno/pkg/engine/context"
 	"github.com/kyverno/kyverno/pkg/engine/response"
-	engineUtils "github.com/kyverno/kyverno/pkg/engine/utils"
 	"github.com/kyverno/kyverno/pkg/engine/variables"
 	"github.com/kyverno/kyverno/pkg/logging"
 	"github.com/kyverno/kyverno/pkg/registryclient"
 	apiutils "github.com/kyverno/kyverno/pkg/utils/api"
+	"github.com/kyverno/kyverno/pkg/utils/jsonpointer"
 	"github.com/kyverno/kyverno/pkg/utils/wildcard"
 	"github.com/pkg/errors"
 	"go.uber.org/multierr"
@@ -170,8 +170,8 @@ func (iv *imageVerifier) verify(imageVerify kyvernov1.ImageVerification, images
 				continue
 			}
 
-			jmespath := engineUtils.JsonPointerToJMESPath(imageInfo.Pointer)
-			changed, err := iv.policyContext.JSONContext.HasChanged(jmespath)
+			pointer := jsonpointer.ParsePath(imageInfo.Pointer).JMESPath()
+			changed, err := iv.policyContext.JSONContext.HasChanged(pointer)
 			if err == nil && !changed {
 				iv.logger.V(4).Info("no change in image, skipping check", "image", image)
 				continue

diff --git a/pkg/engine/jsonutils/traverse.go b/pkg/engine/jsonutils/traverse.go
@@ -3,6 +3,7 @@ package jsonutils
 import (
 	"fmt"
 	"strconv"
+	"strings"
 
 	"github.com/kyverno/kyverno/pkg/utils"
 )
@@ -101,7 +102,7 @@ func (t *Traversal) traverseObject(object map[string]interface{}, path string) (
 			}
 		}
 
-		value, err := t.traverseJSON(element, path+"/"+key)
+		value, err := t.traverseJSON(element, path+"/"+strings.ReplaceAll(key, "/", `\/`))
 		if err != nil {
 			return nil, err
 		}