File Coverage

blib/lib/IO/K8s/Api/Authorization/V1/FieldSelectorAttributes.pm
Criterion Covered Total %
statement 3 3 100.0
branch n/a
condition n/a
subroutine 1 1 100.0
pod n/a
total 4 4 100.0


line stmt bran cond sub pod time code
1             package IO::K8s::Api::Authorization::V1::FieldSelectorAttributes;
2             # ABSTRACT: FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
3             our $VERSION = '1.008';
4 1     1   1496 use IO::K8s::Resource;
  1         3  
  1         11  
5              
6             k8s rawSelector => Str;
7              
8              
9             k8s requirements => ['Meta::V1::FieldSelectorRequirement'];
10              
11              
12             1;
13              
14             __END__