Fix nil pointer dereference in pdbminavailable check (#1041) (#1043)

janisz · claude · web-flow · commit f8f179550407 · 2025-10-28T12:18:53.000+01:00
The pdbminavailable check crashed with a panic when it encountered a PodDisruptionBudget that has spec.minAvailable defined but is missing the required spec.selector field. The code attempted to access pdb.Spec.Selector.MatchLabels and pdb.Spec.Selector.MatchExpressions without checking if Selector was nil, causing a nil pointer dereference. This fix adds a nil check for pdb.Spec.Selector before accessing its fields. If the selector is missing, the check now returns a clear diagnostic message with a link to Kubernetes documentation instead of panicking. Also added a unit test TestPDBWithMinAvailableButNoSelector to verify the fix handles this edge case correctly. Fixes #1041 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude <noreply@anthropic.com>
diff --git a/pkg/templates/pdbminavailable/template.go b/pkg/templates/pdbminavailable/template.go
@@ -76,6 +76,15 @@ func minAvailableCheck(lintCtx lintcontext.LintContext, object lintcontext.Objec
 		}
 	}
 
+	// Check if selector is present - it's a required field for PDB
+	if pdb.Spec.Selector == nil {
+		return []diagnostic.Diagnostic{
+			{
+				Message: "PDB is missing required selector field: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget",
+			},
+		}
+	}
+
 	// Build the label selector for the PDB to use for comparison
 	labelSelector, err := metaV1.LabelSelectorAsSelector(&metaV1.LabelSelector{
 		MatchLabels:      pdb.Spec.Selector.MatchLabels,
diff --git a/pkg/templates/pdbminavailable/template_test.go b/pkg/templates/pdbminavailable/template_test.go
@@ -296,3 +296,25 @@ func (p *PDBTestSuite) TestPDBWithMinAvailableAndKedaScaledObjectHasMinReplicas(
 		},
 	})
 }
+
+// test that the check handles PDB with minAvailable but no selector (should not panic)
+func (p *PDBTestSuite) TestPDBWithMinAvailableButNoSelector() {
+	p.ctx.AddMockPodDisruptionBudget(p.T(), "test-pdb")
+	p.ctx.ModifyPodDisruptionBudget(p.T(), "test-pdb", func(pdb *v1.PodDisruptionBudget) {
+		pdb.Namespace = "test"
+		pdb.Spec.Selector = nil // Missing required selector field
+		pdb.Spec.MinAvailable = &intstr.IntOrString{StrVal: "40%", Type: intstr.String}
+	})
+
+	p.Validate(p.ctx, []templates.TestCase{
+		{
+			Param: params.Params{},
+			Diagnostics: map[string][]diagnostic.Diagnostic{
+				"test-pdb": {
+					{Message: "PDB is missing required selector field: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget"},
+				},
+			},
+			ExpectInstantiationError: false,
+		},
+	})
+}
