config: Verify that type assertions are valid

initialize/config.go

@@ -66,51 +66,62 @@ func warnOnUnrecognizedKeys(contents string, warn warner) {
 	}
 
 	// Check for unrecognized coreos options, if any are set
-	coreos, ok := c["coreos"]
+	if coreos, ok := c["coreos"]; ok {
-	if ok {
+		if set, ok := coreos.(map[interface{}]interface{}); ok {
-		set := coreos.(map[interface{}]interface{})
+			known := cc["coreos"].(map[interface{}]interface{})
-		known := cc["coreos"].(map[interface{}]interface{})
+			for k, _ := range set {
-		for k, _ := range set {
+				if key, ok := k.(string); ok {
-			key := k.(string)
+					if _, ok := known[key]; !ok {
-			if _, ok := known[key]; !ok {
+						warn("Warning: unrecognized key %q in coreos section of provided cloud config - ignoring", key)
-				warn("Warning: unrecognized key %q in coreos section of provided cloud config - ignoring", key)
+					}
+				} else {
+					warn("Warning: unrecognized key %q in coreos section of provided cloud config - ignoring", k)
+				}
 			}
 		}
 	}
 
 	// Check for any badly-specified users, if any are set
-	users, ok := c["users"]
+	if users, ok := c["users"]; ok {
-	if ok {
 		var known map[string]interface{}
 		b, _ := goyaml.Marshal(&system.User{})
 		goyaml.Unmarshal(b, &known)
 
-		set := users.([]interface{})
+		if set, ok := users.([]interface{}); ok {
-		for _, u := range set {
+			for _, u := range set {
-			user := u.(map[interface{}]interface{})
+				if user, ok := u.(map[interface{}]interface{}); ok {
-			for k, _ := range user {
+					for k, _ := range user {
-				key := k.(string)
+						if key, ok := k.(string); ok {
-				if _, ok := known[key]; !ok {
+							if _, ok := known[key]; !ok {
-					warn("Warning: unrecognized key %q in user section of cloud config - ignoring", key)
+								warn("Warning: unrecognized key %q in user section of cloud config - ignoring", key)
+							}
+						} else {
+							warn("Warning: unrecognized key %q in user section of cloud config - ignoring", k)
+						}
+					}
 				}
 			}
 		}
 	}
 
 	// Check for any badly-specified files, if any are set
-	files, ok := c["write_files"]
+	if files, ok := c["write_files"]; ok {
-	if ok {
 		var known map[string]interface{}
 		b, _ := goyaml.Marshal(&system.File{})
 		goyaml.Unmarshal(b, &known)
 
-		set := files.([]interface{})
+		if set, ok := files.([]interface{}); ok {
-		for _, f := range set {
+			for _, f := range set {
-			file := f.(map[interface{}]interface{})
+				if file, ok := f.(map[interface{}]interface{}); ok {
-			for k, _ := range file {
+					for k, _ := range file {
-				key := k.(string)
+						if key, ok := k.(string); ok {
-				if _, ok := known[key]; !ok {
+							if _, ok := known[key]; !ok {
-					warn("Warning: unrecognized key %q in file section of cloud config - ignoring", key)
+								warn("Warning: unrecognized key %q in file section of cloud config - ignoring", key)
+							}
+						} else {
+							warn("Warning: unrecognized key %q in file section of cloud config - ignoring", k)
+						}
+					}
 				}
 			}
 		}

initialize/config_test.go

@@ -8,6 +8,34 @@ import (
 	"github.com/coreos/coreos-cloudinit/system"
 )
 
+func TestCloudConfigInvalidKeys(t *testing.T) {
+	defer func() {
+		if r := recover(); r != nil {
+			t.Fatalf("panic while instantiating CloudConfig with nil keys: %v", r)
+		}
+	}()
+
+	for _, tt := range []struct {
+		contents string
+	}{
+		{"coreos:"},
+		{"ssh_authorized_keys:"},
+		{"ssh_authorized_keys:\n  -"},
+		{"ssh_authorized_keys:\n  - 0:"},
+		{"write_files:"},
+		{"write_files:\n  -"},
+		{"write_files:\n  - 0:"},
+		{"users:"},
+		{"users:\n  -"},
+		{"users:\n  - 0:"},
+	} {
+		_, err := NewCloudConfig(tt.contents)
+		if err != nil {
+			t.Fatalf("error instantiating CloudConfig with invalid keys: %v", err)
+		}
+	}
+}
+
 func TestCloudConfigUnknownKeys(t *testing.T) {
 	contents := `
 coreos: