From 482fc1f21a40b7f2e11ddfc73e0b82027e68d345 Mon Sep 17 00:00:00 2001
From: Fernando Fernandez Mancera <ffmancera@riseup.net>
Date: Fri, 2 Sep 2022 15:35:06 +0200
Subject: json: fix json schema version verification

nft should ignore malformed or missing entries of `json_schema_version` but
check the value when it is integer.

Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1490
Fixes: 49e0f1dc6e52 ("JSON: Add metainfo object to all output")
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/shell/testcases/json/0003json_schema_version_0          |  9 +++++++++
 tests/shell/testcases/json/0004json_schema_version_1          | 11 +++++++++++
 .../shell/testcases/json/dumps/0003json_schema_version_0.nft  |  0
 .../shell/testcases/json/dumps/0004json_schema_version_1.nft  |  0
 4 files changed, 20 insertions(+)
 create mode 100755 tests/shell/testcases/json/0003json_schema_version_0
 create mode 100755 tests/shell/testcases/json/0004json_schema_version_1
 create mode 100644 tests/shell/testcases/json/dumps/0003json_schema_version_0.nft
 create mode 100644 tests/shell/testcases/json/dumps/0004json_schema_version_1.nft

(limited to 'tests/shell/testcases')

diff --git a/tests/shell/testcases/json/0003json_schema_version_0 b/tests/shell/testcases/json/0003json_schema_version_0
new file mode 100755
index 00000000..0ccf94c8
--- /dev/null
+++ b/tests/shell/testcases/json/0003json_schema_version_0
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -e
+
+$NFT flush ruleset
+
+RULESET='{"nftables": [{"metainfo": {"json_schema_version": 1}}]}'
+
+$NFT -j -f - <<< $RULESET
diff --git a/tests/shell/testcases/json/0004json_schema_version_1 b/tests/shell/testcases/json/0004json_schema_version_1
new file mode 100755
index 00000000..bc451ae7
--- /dev/null
+++ b/tests/shell/testcases/json/0004json_schema_version_1
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+
+$NFT flush ruleset
+
+RULESET='{"nftables": [{"metainfo": {"json_schema_version": 999}}]}'
+
+$NFT -j -f - <<< $RULESET && exit 1
+
+exit 0
diff --git a/tests/shell/testcases/json/dumps/0003json_schema_version_0.nft b/tests/shell/testcases/json/dumps/0003json_schema_version_0.nft
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/shell/testcases/json/dumps/0004json_schema_version_1.nft b/tests/shell/testcases/json/dumps/0004json_schema_version_1.nft
new file mode 100644
index 00000000..e69de29b
-- 
cgit v1.2.3