add more validation on rewrite-target #8740

vepatel · 2025-12-17T11:59:44Z

Proposed changes

Update validation for rewrite-target annotation
Add unit tests

Checklist

Before creating a PR, run through this checklist and mark each as complete.

I have read the CONTRIBUTING doc
I have added tests that prove my fix is effective or that my feature works
I have checked that all unit tests pass after adding my changes
I have updated necessary documentation
I have rebased my branch onto main
I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

Copilot

Pull request overview

This PR enhances security validation for the rewrite-target annotation in NGINX Ingress Controller by preventing potential configuration injection attacks through malicious annotation values.

Adds validation to reject NGINX configuration syntax characters (;{}[]|<>,^~`) in rewrite targets
Adds validation to reject control characters and line breaks that could break NGINX configuration
Adds comprehensive unit tests covering various injection attack scenarios

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
internal/k8s/validation.go	Implements two new validation checks: one for NGINX syntax characters and one for control characters in rewrite-target annotations
internal/k8s/validation_test.go	Adds four new test cases covering NGINX syntax injection, control characters, backtick injection, and pipe character scenarios

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

internal/k8s/validation.go

codecov · 2025-12-17T12:06:24Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.81%. Comparing base (e0dd341) to head (443dbd2).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8740      +/-   ##
==========================================
+ Coverage   53.80%   53.81%   +0.01%     
==========================================
  Files          91       91              
  Lines       18564    18569       +5     
==========================================
+ Hits         9988     9993       +5     
  Misses       8049     8049              
  Partials      527      527

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

github-actions · 2025-12-17T12:19:06Z

Package Report

Details

gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx, 1.29.4-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-module-njs, 1.29.4+0.9.4-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-module-otel, 1.29.4+0.1.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-agent, 3.6.1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx, 1.29.4-1~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-module-njs, 1.29.4+0.9.4-1~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-module-otel, 1.29.4+0.1.2-1~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-agent, 3.6.1~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus, 36-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-njs, 36+0.9.4-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-otel, 36+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-fips-check, 36+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-agent, 3.6.1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus, 36-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-njs, 36+0.9.4-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-otel, 36+0.1.2-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-fips-check, 36+0.1-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-agent, 3.6.1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus, 36-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-njs, 36+0.9.4-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-otel, 36+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-fips-check, 36+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-appprotect, 36+5.550.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, app-protect, 36+5.550.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, app-protect-attack-signatures, 2025.12.11-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, app-protect-threat-campaigns, 2025.12.09-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-agent, 2.45.0~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus, 36-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-njs, 36+0.9.4-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-otel, 36+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-fips-check, 36+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-appprotect, 36+5.550.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, app-protect-module-plus, 36+5.550.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, app-protect-plugin, 6.25.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-agent, 2.45.0~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus, 36-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-njs, 36+0.9.4-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-otel, 36+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-fips-check, 36+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-appprotectdos, 36+4.8.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, app-protect-dos, 36+4.8.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus, 36-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-njs, 36+0.9.4-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-otel, 36+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-fips-check, 36+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-appprotect, 36+5.550.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, app-protect, 36+5.550.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, app-protect-attack-signatures, 2025.12.11-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, app-protect-threat-campaigns, 2025.12.09-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-plus-module-appprotectdos, 36+4.8.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, app-protect-dos, 36+4.8.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e, nginx-agent, 2.45.0~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine, nginx, 1.29.4-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine, nginx-module-njs, 1.29.4.0.9.4-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine, nginx-module-otel, 1.29.4.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine, nginx-agent, 3.6.1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine, nginx, 1.29.4-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine, nginx-module-njs, 1.29.4.0.9.4-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine, nginx-module-otel, 1.29.4.0.1.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine, nginx-agent, 3.6.1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine, nginx-plus, 36-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine, nginx-plus-module-njs, 36.0.9.4-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine, nginx-plus-module-otel, 36.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine, nginx-plus-module-fips-check, 36.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine, nginx-agent, 3.6.1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine, nginx-plus, 36-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine, nginx-plus-module-njs, 36.0.9.4-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine, nginx-plus-module-otel, 36.0.1.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine, nginx-plus-module-fips-check, 36.0.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine, nginx-agent, 3.6.1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-plus, 36-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-plus-module-njs, 36.0.9.4-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-plus-module-otel, 36.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-plus-module-fips-check, 36.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-agent, 3.6.1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-plus, 36-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-plus-module-njs, 36.0.9.4-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-plus-module-otel, 36.0.1.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-plus-module-fips-check, 36.0.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-agent, 3.6.1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-plus, 36-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-plus-module-njs, 36.0.9.4-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-plus-module-otel, 36.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-plus-module-fips-check, 36.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-agent, 2.45.0, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-plus-module-appprotect, 36.5.550.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, app-protect, 36.5.550.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, app-protect-attack-signatures, 2025.12.11-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, app-protect-threat-campaigns, 2025.12.09-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-plus, 36-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-plus-module-njs, 36.0.9.4-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-plus-module-otel, 36.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-plus-module-fips-check, 36.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-agent, 2.45.0, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, nginx-plus-module-appprotect, 36.5.550.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, app-protect-module-plus, 36.5.550.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-alpine-fips, app-protect-plugin, 6.25.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx, 1.29.4-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-module-njs, 1.29.4+0.9.4-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-module-otel, 1.29.4+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-agent, 3.6.1-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx, 1.29.4-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-module-njs, 1.29.4+0.9.4-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-module-otel, 1.29.4+0.1.2-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-agent, 3.6.1-1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus, 36-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-njs, 36+0.9.4-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-otel, 36+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-fips-check, 36+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-agent, 3.6.1-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus, 36-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-njs, 36+0.9.4-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-otel, 36+0.1.2-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-fips-check, 36+0.1-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-agent, 3.6.1-1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus, 36-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-njs, 36+0.9.4-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-otel, 36+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-fips-check, 36+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-agent, 2.45.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-appprotect, 36+5.550.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, app-protect, 36+5.550.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, app-protect-attack-signatures, 2025.12.11-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, app-protect-threat-campaigns, 2025.12.09-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus, 36-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-njs, 36+0.9.4-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-otel, 36+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-fips-check, 36+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-agent, 2.45.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-appprotect, 36+5.550.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, app-protect-module-plus, 36+5.550.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, app-protect-plugin, 6.25.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi8, nginx-plus, 36-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi8, nginx-plus-module-njs, 36+0.9.4-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi8, nginx-plus-module-otel, 36+0.1.2-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi8, nginx-plus-module-fips-check, 36+0.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi8, nginx-agent, 2.45.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi8, nginx-plus-module-appprotect, 36+5.550.0-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi8, app-protect, 36+5.550.0-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi8, app-protect-attack-signatures, 2025.12.11-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi8, app-protect-threat-campaigns, 2025.12.09-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi8, nginx-plus, 36-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi8, nginx-plus-module-njs, 36+0.9.4-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi8, nginx-plus-module-otel, 36+0.1.2-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi8, nginx-plus-module-fips-check, 36+0.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi8, nginx-agent, 2.45.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi8, nginx-plus-module-appprotect, 36+5.550.0-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi8, app-protect-module-plus, 36+5.550.0-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi8, app-protect-plugin, 6.25.0-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus, 36-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-njs, 36+0.9.4-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-otel, 36+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-fips-check, 36+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-appprotectdos, 36+4.8.3-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, app-protect-dos, 36+4.8.3-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus, 36-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-njs, 36+0.9.4-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-otel, 36+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-fips-check, 36+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-appprotect, 36+5.550.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-plus-module-appprotectdos, 36+4.8.3-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, nginx-agent, 2.45.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, app-protect, 36+5.550.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, app-protect-attack-signatures, 2025.12.11-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, app-protect-threat-campaigns, 2025.12.09-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-33ce93fde372bd810a6b5474fa6f667e-ubi, app-protect-dos, 36+4.8.3-1.el9.ngx, x86_64

add more validation on rewrite-target (#8740) Co-authored-by: Venktesh Shivam Patel <[email protected]>

add more validation on rewrite-target

443dbd2

vepatel requested a review from a team as a code owner December 17, 2025 11:59

Copilot AI review requested due to automatic review settings December 17, 2025 11:59

vepatel added the needs cherry pick Cherry pick this PR into a release branch label Dec 17, 2025

github-actions bot added bug An issue reporting a potential bug go Pull requests that update Go code labels Dec 17, 2025

Copilot AI reviewed Dec 17, 2025

View reviewed changes

internal/k8s/validation.go Show resolved Hide resolved

AlexFenlon approved these changes Dec 17, 2025

View reviewed changes

javorszky approved these changes Dec 17, 2025

View reviewed changes

pdabelf5 approved these changes Dec 17, 2025

View reviewed changes

vepatel merged commit 616c4ce into main Dec 17, 2025
94 checks passed

vepatel deleted the fix/update-rewrite-target-validation branch December 17, 2025 12:42

github-actions bot pushed a commit that referenced this pull request Dec 17, 2025

add more validation on rewrite-target (#8740)

c2063a0

vepatel added a commit that referenced this pull request Dec 17, 2025

add more validation on rewrite-target (#8743)

987befc

add more validation on rewrite-target (#8740) Co-authored-by: Venktesh Shivam Patel <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

add more validation on rewrite-target #8740

add more validation on rewrite-target #8740

Uh oh!

vepatel commented Dec 17, 2025 •

edited

Loading

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

codecov bot commented Dec 17, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Dec 17, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

add more validation on rewrite-target #8740

add more validation on rewrite-target #8740

Uh oh!

Conversation

vepatel commented Dec 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Proposed changes

Checklist

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

codecov bot commented Dec 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

github-actions bot commented Dec 17, 2025

Package Report

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

vepatel commented Dec 17, 2025 •

edited

Loading

codecov bot commented Dec 17, 2025 •

edited

Loading