Kong: Bug: Kong executes the content of declarative configuration

Created on 8 Oct 2019  路  3Comments  路  Source: Kong/kong

Summary

If Lua code is present in the config file, it is executed while the declarative configuration is processed.

Steps To Reproduce

$ cat kong.yaml
"_format_version": "1.1"
plugins:
- name: "pre-function"
  config:
    functions:
    - | 
        kong.log.err("foo")
        kong.response.exit(418)

$ http :8001/config [email protected]
HTTP/1.1 418 
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 0
Date: Tue, 08 Oct 2019 18:36:59 GMT
Server: kong/1.3.0

Additional Details & Logs

  • Kong version ($ kong version) Kong 1.3.0

  • Kong error logs (<KONG_PREFIX>/logs/error.log)

2019/10/08 18:41:27 [error] 31#0: *7173 [kong] [string "kong.log.err("foo")..."]:1 foo, client: 172.17.0.1, server: kong_admin, request: "POST /config HTTP/1.1", host: "localhost:8001"
tasbug
Source
picture hbagdi

Most helpful comment

@Tieske validation code should definitely not be specifying side-effectful operations like that (I _knew_ this was going to happen one day once we allowed for custom_validator :rofl: ). The validation code should at best run loadstring to verify that the input is valid Lua code, and nothing else. Anything else should be a runtime error at plugin _execution_ time. IMO the old version of this was the correct one: https://github.com/Kong/kong-plugin-serverless-functions/commit/46c5329745f1675a4a36cf9aff8abd7aaa3de433#diff-abccb4c9467df0780ca4dab20a798213L8

picture hishamhm on 9 Oct 2019
👍2

All 3 comments

Yep, that's a stupid bug. It's in the new version of the plugin. Wrap it in a function (such that the code returns a function when called)

Tieske picture Tieske on 8 Oct 2019

@Tieske validation code should definitely not be specifying side-effectful operations like that (I _knew_ this was going to happen one day once we allowed for custom_validator :rofl: ). The validation code should at best run loadstring to verify that the input is valid Lua code, and nothing else. Anything else should be a runtime error at plugin _execution_ time. IMO the old version of this was the correct one: https://github.com/Kong/kong-plugin-serverless-functions/commit/46c5329745f1675a4a36cf9aff8abd7aaa3de433#diff-abccb4c9467df0780ca4dab20a798213L8

hishamhm picture hishamhm on 9 Oct 2019
👍2

I'm working on a fix here:
https://github.com/Kong/kong-plugin-serverless-functions/pull/24

hishamhm picture hishamhm on 9 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sonicaghi picture sonicaghi  路  39Comments
sonicaghi picture sonicaghi  路  47Comments
marktopper picture marktopper  路  41Comments
timusketeers picture timusketeers  路  36Comments
jeremyjpj0916 picture jeremyjpj0916  路  81Comments