Fix leaking slices

2025-09-27 04:16:25 +08:00 · 2025-07-09 14:37:58 +02:00
parent ede6debf71
commit 2beb9d529e
3 changed files with 29 additions and 9 deletions
--- a/iam/policy/access.go
+++ b/iam/policy/access.go
@@ -2,6 +2,7 @@ package policy

 import (
 	"fmt"
+	"slices"
 	"strings"
 )

@@ -17,6 +18,16 @@ func (p Policy) String() string {
 	return fmt.Sprintf("%s@%s (%s):%s %s", p.Name, p.Domain, strings.Join(p.Types, "|"), p.Resource, strings.Join(p.Actions, "|"))
 }

+func (p Policy) Clone() Policy {
+	return Policy{
+		Name:     p.Name,
+		Domain:   p.Domain,
+		Types:    slices.Clone(p.Types),
+		Resource: p.Resource,
+		Actions:  slices.Clone(p.Actions),
+	}
+}
+
 type Enforcer interface {
 	Enforce(name, domain, rtype, resource, action string) (bool, Policy)

--- a/iam/policy/manager.go
+++ b/iam/policy/manager.go
@@ -2,6 +2,7 @@ package policy

 import (
 	"fmt"
+	"slices"

 	"github.com/datarhei/core/v16/log"
 )
@@ -51,9 +52,9 @@ func (am *policyaccess) HasPolicy(name, domain string, types []string, resource
 	return am.enforcer.HasPolicy(Policy{
 		Name:     name,
 		Domain:   domain,
-		Types:    types,
+		Types:    slices.Clone(types),
 		Resource: resource,
-		Actions:  actions,
+		Actions:  slices.Clone(actions),
 	})
 }

@@ -61,9 +62,9 @@ func (am *policyaccess) AddPolicy(name, domain string, types []string, resource
 	policy := Policy{
 		Name:     name,
 		Domain:   domain,
-		Types:    types,
+		Types:    slices.Clone(types),
 		Resource: resource,
-		Actions:  actions,
+		Actions:  slices.Clone(actions),
 	}

 	return am.enforcer.AddPolicy(policy)
--- a/iam/policy/model.go
+++ b/iam/policy/model.go
@@ -91,7 +91,7 @@ func (m *model) addPolicy(policy Policy) error {
 		policies = []Policy{}
 	}

-	policies = append(policies, policy)
+	policies = append(policies, policy.Clone())
 	m.policies[key] = policies

 	return nil
@@ -152,7 +152,9 @@ func (m *model) GetFilteredPolicy(name, domain string) []Policy {

 	if len(name) == 0 && len(domain) == 0 {
 		for _, policies := range m.policies {
-			filteredPolicies = append(filteredPolicies, policies...)
+			for _, p := range policies {
+				filteredPolicies = append(filteredPolicies, p.Clone())
+			}
 		}
 	} else if len(name) != 0 && len(domain) == 0 {
 		for key, policies := range m.policies {
@@ -160,7 +162,9 @@ func (m *model) GetFilteredPolicy(name, domain string) []Policy {
 				continue
 			}

-			filteredPolicies = append(filteredPolicies, policies...)
+			for _, p := range policies {
+				filteredPolicies = append(filteredPolicies, p.Clone())
+			}
 		}
 	} else if len(name) == 0 && len(domain) != 0 {
 		for key, policies := range m.policies {
@@ -168,7 +172,9 @@ func (m *model) GetFilteredPolicy(name, domain string) []Policy {
 				continue
 			}

-			filteredPolicies = append(filteredPolicies, policies...)
+			for _, p := range policies {
+				filteredPolicies = append(filteredPolicies, p.Clone())
+			}
 		}
 	} else {
 		for key, policies := range m.policies {
@@ -178,7 +184,9 @@ func (m *model) GetFilteredPolicy(name, domain string) []Policy {
 				continue
 			}

-			filteredPolicies = append(filteredPolicies, policies...)
+			for _, p := range policies {
+				filteredPolicies = append(filteredPolicies, p.Clone())
+			}
 		}
 	}