From 31b78bf40c0e1d4550a03e041fc7af79c34ce156 Mon Sep 17 00:00:00 2001
From: Yang <940129520@qq.com>
Date: Fri, 4 Nov 2022 15:31:34 +0800
Subject: [PATCH] Fix int convertion cve (#25)

---
 ingress/kube/annotations/default_backend.go  |  2 +-
 ingress/kube/annotations/local_rate_limit.go | 16 +++---
 ingress/kube/annotations/parser.go           | 55 ++++++++++++++++++++
 ingress/kube/annotations/retry.go            |  4 +-
 4 files changed, 66 insertions(+), 11 deletions(-)

diff --git a/ingress/kube/annotations/default_backend.go b/ingress/kube/annotations/default_backend.go
index 1c3b248aa..da08e4daf 100644
--- a/ingress/kube/annotations/default_backend.go
+++ b/ingress/kube/annotations/default_backend.go
@@ -95,7 +95,7 @@ func (f fallback) Parse(annotations Annotations, config *Ingress, globalContext
 		codesStr := splitBySeparator(codes, ",")
 		var codesUint32 []uint32
 		for _, rawCode := range codesStr {
-			code, err := strconv.Atoi(rawCode)
+			code, err := strconv.ParseUint(rawCode, 10, 32)
 			if err != nil {
 				IngressLog.Errorf("Custom HTTP code %s within ingress %s/%s is invalid", rawCode, config.Namespace, config.Name)
 				continue
diff --git a/ingress/kube/annotations/local_rate_limit.go b/ingress/kube/annotations/local_rate_limit.go
index 2069217ef..aeced1b69 100644
--- a/ingress/kube/annotations/local_rate_limit.go
+++ b/ingress/kube/annotations/local_rate_limit.go
@@ -61,21 +61,21 @@ func (l localRateLimit) Parse(annotations Annotations, config *Ingress, _ *Globa
 		config.localRateLimit = local
 	}()
 
-	multiplier := defaultBurstMultiplier
-	if m, err := annotations.ParseIntForMSE(limitBurstMultiplier); err == nil {
+	var multiplier uint32 = defaultBurstMultiplier
+	if m, err := annotations.ParseUint32ForMSE(limitBurstMultiplier); err == nil {
 		multiplier = m
 	}
 
-	if rpm, err := annotations.ParseIntForMSE(limitRPM); err == nil {
+	if rpm, err := annotations.ParseUint32ForMSE(limitRPM); err == nil {
 		local = &localRateLimitConfig{
-			MaxTokens:     uint32(rpm * multiplier),
-			TokensPerFill: uint32(rpm),
+			MaxTokens:     rpm * multiplier,
+			TokensPerFill: rpm,
 			FillInterval:  minute,
 		}
-	} else if rps, err := annotations.ParseIntForMSE(limitRPS); err == nil {
+	} else if rps, err := annotations.ParseUint32ForMSE(limitRPS); err == nil {
 		local = &localRateLimitConfig{
-			MaxTokens:     uint32(rps * multiplier),
-			TokensPerFill: uint32(rps),
+			MaxTokens:     rps * multiplier,
+			TokensPerFill: rps,
 			FillInterval:  second,
 		}
 	}
diff --git a/ingress/kube/annotations/parser.go b/ingress/kube/annotations/parser.go
index b29678b6c..3313fedd5 100644
--- a/ingress/kube/annotations/parser.go
+++ b/ingress/kube/annotations/parser.go
@@ -166,6 +166,54 @@ func (a Annotations) ParseIntForMSE(key string) (int, error) {
 	return 0, ErrMissingAnnotations
 }
 
+func (a Annotations) ParseInt32(key string) (int32, error) {
+	if len(a) == 0 {
+		return 0, ErrMissingAnnotations
+	}
+
+	val, ok := a[buildNginxAnnotationKey(key)]
+	if ok {
+		i, err := strconv.ParseInt(val, 10, 32)
+		if err != nil {
+			return 0, ErrInvalidAnnotationValue
+		}
+		return int32(i), nil
+	}
+	return 0, ErrMissingAnnotations
+}
+
+func (a Annotations) ParseInt32ForMSE(key string) (int32, error) {
+	if len(a) == 0 {
+		return 0, ErrMissingAnnotations
+	}
+
+	val, ok := a[buildMSEAnnotationKey(key)]
+	if ok {
+		i, err := strconv.ParseInt(val, 10, 32)
+		if err != nil {
+			return 0, ErrInvalidAnnotationValue
+		}
+		return int32(i), nil
+	}
+	return 0, ErrMissingAnnotations
+}
+
+func (a Annotations) ParseUint32ForMSE(key string) (uint32, error) {
+	if len(a) == 0 {
+		return 0, ErrMissingAnnotations
+	}
+
+	val, ok := a[buildMSEAnnotationKey(key)]
+	if ok {
+		i, err := strconv.ParseUint(val, 10, 32)
+		if err != nil {
+			return 0, ErrInvalidAnnotationValue
+		}
+		return uint32(i), nil
+	}
+	return 0, ErrMissingAnnotations
+}
+
 func (a Annotations) ParseIntASAP(key string) (int, error) {
 	if result, err := a.ParseInt(key); err == nil {
 		return result, nil
@@ -173,6 +221,13 @@ func (a Annotations) ParseIntASAP(key string) (int, error) {
 	return a.ParseIntForMSE(key)
 }
 
+func (a Annotations) ParseInt32ASAP(key string) (int32, error) {
+	if result, err := a.ParseInt32(key); err == nil {
+		return result, nil
+	}
+	return a.ParseInt32ForMSE(key)
+}
+
 func (a Annotations) Has(key string) bool {
 	if len(a) == 0 {
 		return false
diff --git a/ingress/kube/annotations/retry.go b/ingress/kube/annotations/retry.go
index bff194f35..be4f64a1b 100644
--- a/ingress/kube/annotations/retry.go
+++ b/ingress/kube/annotations/retry.go
@@ -60,8 +60,8 @@ func (r retry) Parse(annotations Annotations, config *Ingress, _ *GlobalContext)
 		config.Retry = retryConfig
 	}()
 
-	if count, err := annotations.ParseIntASAP(retryCount); err == nil {
-		retryConfig.retryCount = int32(count)
+	if count, err := annotations.ParseInt32ASAP(retryCount); err == nil {
+		retryConfig.retryCount = count
 	}
 
 	if timeout, err := annotations.ParseIntASAP(perRetryTimeout); err == nil {