File CVE-2024-26147.patch of Package helm.32773

From 764557c470533fa57aad99f865c9ff75a64d4163 Mon Sep 17 00:00:00 2001
From: Matt Farina <matt.farina@suse.com>
Date: Wed, 21 Feb 2024 09:45:58 -0500
Subject: [PATCH] Some fixes

Signed-off-by: Matt Farina <matt.farina@suse.com>
---
 pkg/plugin/plugin.go      | 4 ++++
 pkg/plugin/plugin_test.go | 6 ++++++
 pkg/repo/index.go         | 4 ++++
 pkg/repo/index_test.go    | 4 ++++
 4 files changed, 18 insertions(+)

Index: helm-3.13.3/pkg/plugin/plugin.go
===================================================================
--- helm-3.13.3.orig/pkg/plugin/plugin.go
+++ helm-3.13.3/pkg/plugin/plugin.go
@@ -175,6 +175,10 @@ var validPluginName = regexp.MustCompile
 
 // validatePluginData validates a plugin's YAML data.
 func validatePluginData(plug *Plugin, filepath string) error {
+	// When metadata section missing, initialize with no data
+	if plug.Metadata == nil {
+		plug.Metadata = &Metadata{}
+	}
 	if !validPluginName.MatchString(plug.Metadata.Name) {
 		return fmt.Errorf("invalid plugin name at %q", filepath)
 	}
Index: helm-3.13.3/pkg/plugin/plugin_test.go
===================================================================
--- helm-3.13.3.orig/pkg/plugin/plugin_test.go
+++ helm-3.13.3/pkg/plugin/plugin_test.go
@@ -350,6 +350,11 @@ func TestSetupEnvWithSpace(t *testing.T)
 }
 
 func TestValidatePluginData(t *testing.T) {
+	// A mock plugin missing any metadata.
+	mockMissingMeta := &Plugin{
+		Dir: "no-such-dir",
+	}
+
 	for i, item := range []struct {
 		pass bool
 		plug *Plugin
@@ -360,6 +365,7 @@ func TestValidatePluginData(t *testing.T
 		{false, mockPlugin("$foo -bar")}, // Test leading chars
 		{false, mockPlugin("foo -bar ")}, // Test trailing chars
 		{false, mockPlugin("foo\nbar")},  // Test newline
+		{false, mockMissingMeta},         // Test if the metadata section missing
 	} {
 		err := validatePluginData(item.plug, fmt.Sprintf("test-%d", i))
 		if item.pass && err != nil {
Index: helm-3.13.3/pkg/repo/index.go
===================================================================
--- helm-3.13.3.orig/pkg/repo/index.go
+++ helm-3.13.3/pkg/repo/index.go
@@ -359,6 +359,10 @@ func loadIndex(data []byte, source strin
 				log.Printf("skipping loading invalid entry for chart %q from %s: empty entry", name, source)
 				continue
 			}
+			// When metadata section missing, initialize with no data
+			if cvs[idx].Metadata == nil {
+				cvs[idx].Metadata = &chart.Metadata{}
+			}
 			if cvs[idx].APIVersion == "" {
 				cvs[idx].APIVersion = chart.APIVersionV1
 			}
Index: helm-3.13.3/pkg/repo/index_test.go
===================================================================
--- helm-3.13.3.orig/pkg/repo/index_test.go
+++ helm-3.13.3/pkg/repo/index_test.go
@@ -69,6 +69,10 @@ entries:
     name: grafana
   foo:
   -
+  bar:
+  - digest: "sha256:1234567890abcdef"
+    urls:
+    - https://charts.helm.sh/stable/alpine-1.0.0.tgz
 `
 )
Places

File CVE-2024-26147.patch of Package helm.32773

Places
