fix(plugin): prevent nil pointer dereference when validating manifest without auth#2717
fix(plugin): prevent nil pointer dereference when validating manifest without auth#2717nankingjing wants to merge 1 commit into
Conversation
Review: fix-plugin-manifest-nil-auth (#2717)Verdict: LGTM The fix adds a nil check for mf.Auth before mf.Auth.Type is accessed in Validate(). Without this, a manifest with no auth field would panic on mf.Auth.Type instead of returning a descriptive error. Note that validateAuthInfo() already has an identical nil guard, but it is only reached AFTER the mf.Auth.Type check in Validate() -- so it never gets a chance to fire when mf.Auth is nil. The fix correctly places the guard before any Auth dereference. Observation: The validation treats Auth as required for all manifests. If there is a legitimate use case for manifests without any auth configuration, that should be handled separately (e.g., treat nil as equivalent to AuthzTypeOfNone). But as a defensive nil-safety fix, this is the correct approach -- it replaces a panic with a clear error. No issues found. Merge-ready. |
Summary
PluginManifest.Validatedereferencesmf.Auth.Typebefore any nil check onmf.Auth, so a manifest whose JSON omits theauthfield (or sets it tonull) causes a nil pointer dereference (panic) instead of a validation error.Root cause
Authis a nilable pointer field (Auth *AuthV2). Two other methods in the same file already guard it:EncryptAuthPayloadreturns early onmf == nil || mf.Auth == nil.validateAuthInforeturns an"auth is required"validation error whenmf.Auth == nil.However,
Validatereachesif mf.Auth.Type == consts.AuthzTypeOfNone(theauth.type == noneshort-circuit) before it ever callsvalidateAuthInfo, so that existing nil guard is dead code for the "auth omitted" path.Trigger
PluginApplicationService.RegisterPluginunmarshals the caller-suppliedai_pluginJSON straight into the manifest and then callsCreateDraftPluginWithCode->Manifest.Validate(false):backend/application/plugin/registration.go:sonic.UnmarshalString(req.AiPlugin, &mf)(onlyLogoURLis set afterwards)backend/domain/plugin/service/plugin_draft.go:req.Manifest.Validate(false)A manifest that sets
schema_version, the name/description fields and a validapi.typebut has noauthkey passes every check up to themf.Auth.Typeaccess and then panics. The same path is reachable viaUpdateDraftPluginWithCodeand the startup config loader (Validate(true)).Fix
Add a nil check for
mf.Authbefore theauth.type == noneshort-circuit, returning the same"auth is required"error thatvalidateAuthInfoalready returns for a nilAuth. This turns the panic into the intended validation error and preserves existing behavior for every non-nil case.Verification
Verified by reading and tracing the call path; not executed (no Go toolchain was available in my environment). The change is a small guard that reuses the
errorx/errnosymbols already imported and used in this file.