[Security] Unvalidated ImageStream annotation JSON persisted into ConfigMap (CWE-20)

[coderabbitai]

Summary

Unvalidated annotation JSON from ImageStream annotations is persisted into ConfigMap data without sufficient validation, which can lead to config poisoning or parser failures downstream.

Details

In components/odh-notebook-controller/controllers/notebook_runtime.go, the opendatahub.io/runtime-image-metadata annotation value from ImageStreams is read and parsed, but the parsed metadata is stored into the pipeline-runtime-images ConfigMap without:

• Enforcing a maximum payload size
• Validating required fields (e.g., display_name)
• Strict schema validation (only JSON parseability is checked)

A user who can edit ImageStream annotations can inject malformed or oversized payloads that propagate into notebook runtime configuration.

Affected file: components/odh-notebook-controller/controllers/notebook_runtime.go
Affected lines: ~80-88, 185-208
CWE: CWE-20 – Improper Input Validation

Suggested Remediation

1. Enforce a maximum size limit on the raw annotation JSON before parsing (e.g., 16 KB).
2. Validate required fields (e.g., display_name) after json.Unmarshal.
3. Return an error (and skip the entry) when validation fails, rather than silently storing invalid data.
4. Update parseRuntimeImageMetadata to return (string, error) and propagate errors to the call site.

References

• PR: [RHOAIENG-45876] Replace dynamic Kubernetes clients with typed clients in ODH Notebook Controller #738
• Review comment: [RHOAIENG-45876] Replace dynamic Kubernetes clients with typed clients in ODH Notebook Controller #738 (comment)
• Reported by: @jstourac