Update valiadation for annotation

AlexFenlon · AlexFenlon · commit 24bd39aec0bd · 2025-12-19T17:04:39.000Z
diff --git a/internal/configs/annotations.go b/internal/configs/annotations.go
@@ -505,11 +505,7 @@ func parseAnnotations(ingEx *IngressEx, baseCfgParams *ConfigParams, isPlus bool
 	}
 
 	if appRoot, exists := ingEx.Ingress.Annotations["nginx.org/app-root"]; exists {
-		if !VerifyPath(appRoot) {
-			nl.Errorf(l, "Ingress %s/%s: Invalid value nginx.org/app-root: got %q. Must start with '/'", ingEx.Ingress.GetNamespace(), ingEx.Ingress.GetName(), appRoot)
-		} else {
-			cfgParams.AppRoot = appRoot
-		}
+		cfgParams.AppRoot = appRoot
 	}
 
 	if useClusterIP, exists, err := GetMapKeyAsBool(ingEx.Ingress.Annotations, UseClusterIPAnnotation, ingEx.Ingress); exists {
diff --git a/internal/k8s/validation.go b/internal/k8s/validation.go
@@ -363,6 +363,7 @@ var (
 		},
 		appRootAnnotation: {
 			validateAppRootAnnotation,
+			validateRewriteTargetAnnotation,
 		},
 	}
 	annotationNames = sortedAnnotationNames(annotationValidations)
@@ -394,9 +395,9 @@ func validateAppRootAnnotation(context *annotationValidationContext) field.Error
 		return allErrs
 	}
 
-	if !configs.VerifyPath(path) {
-		allErrs = append(allErrs, field.Invalid(context.fieldPath, path, "path must start with '/' and must not include any special character, '{', '}', ';' or '$'"))
-		return allErrs
+	validPath := regexp.MustCompile(`^/[a-zA-Z0-9\-_./]*$`)
+	if !validPath.MatchString(path) {
+		allErrs = append(allErrs, field.Invalid(context.fieldPath, path, "contains invalid characters, only alphanumeric, hyphens, underscores, dots, and forward slashes are allowed"))
 	}
 
 	// Ensure path doesn't end with /

Original file line number	Diff line number	Diff line change
`@@ -505,11 +505,7 @@ func parseAnnotations(ingEx IngressEx, baseCfgParams ConfigParams, isPlus bool`
`505`	`505`	`}`
`506`	`506`
`507`	`507`	`if appRoot, exists := ingEx.Ingress.Annotations["nginx.org/app-root"]; exists {`
`508`		`- if !VerifyPath(appRoot) {`
`509`		`- nl.Errorf(l, "Ingress %s/%s: Invalid value nginx.org/app-root: got %q. Must start with '/'", ingEx.Ingress.GetNamespace(), ingEx.Ingress.GetName(), appRoot)`
`510`		`- } else {`
`511`		`- cfgParams.AppRoot = appRoot`
`512`		`- }`
	`508`	`+ cfgParams.AppRoot = appRoot`
`513`	`509`	`}`
`514`	`510`
`515`	`511`	`if useClusterIP, exists, err := GetMapKeyAsBool(ingEx.Ingress.Annotations, UseClusterIPAnnotation, ingEx.Ingress); exists {`
Original file line number	Diff line number	Diff line change
`@@ -363,6 +363,7 @@ var (`
`363`	`363`	`},`
`364`	`364`	`appRootAnnotation: {`
`365`	`365`	`validateAppRootAnnotation,`
	`366`	`+ validateRewriteTargetAnnotation,`
`366`	`367`	`},`
`367`	`368`	`}`
`368`	`369`	`annotationNames = sortedAnnotationNames(annotationValidations)`
`@@ -394,9 +395,9 @@ func validateAppRootAnnotation(context *annotationValidationContext) field.Error`
`394`	`395`	`return allErrs`
`395`	`396`	`}`
`396`	`397`
`397`		`- if !configs.VerifyPath(path) {`
`398`		`- allErrs = append(allErrs, field.Invalid(context.fieldPath, path, "path must start with '/' and must not include any special character, '{', '}', ';' or '$'"))`
`399`		`- return allErrs`
	`398`	+ validPath := regexp.MustCompile(`^/[a-zA-Z0-9\-_./]*$`)
	`399`	`+ if !validPath.MatchString(path) {`
	`400`	`+ allErrs = append(allErrs, field.Invalid(context.fieldPath, path, "contains invalid characters, only alphanumeric, hyphens, underscores, dots, and forward slashes are allowed"))`
`400`	`401`	`}`
`401`	`402`
`402`	`403`	`// Ensure path doesn't end with /`