Fix unsafe interface to string type assertions to prevent panic

Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
2026-02-14 18:09:55 +00:00 · 2026-01-22 12:37:43 +00:00
parent bd00d153e9
commit 837a50c903
2 changed files with 49 additions and 8 deletions
--- a/cmd/mcpserver/mcpserver.go
+++ b/cmd/mcpserver/mcpserver.go
@@ -294,11 +294,19 @@ func (ksServer *KubescapeMcpserver) CallTool(name string, arguments map[string]i
 		if !ok {
 			namespace = "kubescape"
 		}
+		namespaceStr, ok := namespace.(string)
+		if !ok {
+			return nil, fmt.Errorf("namespace must be a string")
+		}
 		manifestName, ok := arguments["manifest_name"]
 		if !ok {
 			return nil, fmt.Errorf("manifest_name is required")
 		}
-		manifest, err := ksServer.ksClient.VulnerabilityManifests(namespace.(string)).Get(context.Background(), manifestName.(string), metav1.GetOptions{})
+		manifestNameStr, ok := manifestName.(string)
+		if !ok {
+			return nil, fmt.Errorf("manifest_name must be a string")
+		}
+		manifest, err := ksServer.ksClient.VulnerabilityManifests(namespaceStr).Get(context.Background(), manifestNameStr, metav1.GetOptions{})
 		if err != nil {
 			return nil, fmt.Errorf("failed to get vulnerability manifest: %s", err)
 		}
@@ -323,21 +331,33 @@ func (ksServer *KubescapeMcpserver) CallTool(name string, arguments map[string]i
 		if !ok {
 			namespace = "kubescape"
 		}
+		namespaceStr, ok := namespace.(string)
+		if !ok {
+			return nil, fmt.Errorf("namespace must be a string")
+		}
 		manifestName, ok := arguments["manifest_name"]
 		if !ok {
 			return nil, fmt.Errorf("manifest_name is required")
 		}
+		manifestNameStr, ok := manifestName.(string)
+		if !ok {
+			return nil, fmt.Errorf("manifest_name must be a string")
+		}
 		cveID, ok := arguments["cve_id"]
 		if !ok {
 			return nil, fmt.Errorf("cve_id is required")
 		}
-		manifest, err := ksServer.ksClient.VulnerabilityManifests(namespace.(string)).Get(context.Background(), manifestName.(string), metav1.GetOptions{})
+		cveIDStr, ok := cveID.(string)
+		if !ok {
+			return nil, fmt.Errorf("cve_id must be a string")
+		}
+		manifest, err := ksServer.ksClient.VulnerabilityManifests(namespaceStr).Get(context.Background(), manifestNameStr, metav1.GetOptions{})
 		if err != nil {
 			return nil, fmt.Errorf("failed to get vulnerability manifest: %s", err)
 		}
 		var match []v1beta1.Match
 		for _, m := range manifest.Spec.Payload.Matches {
-			if m.Vulnerability.ID == cveID.(string) {
+			if m.Vulnerability.ID == cveIDStr {
 				match = append(match, m)
 			}
 		}
@@ -358,7 +378,11 @@ func (ksServer *KubescapeMcpserver) CallTool(name string, arguments map[string]i
 		if !ok {
 			namespace = "kubescape"
 		}
-		manifests, err := ksServer.ksClient.WorkloadConfigurationScans(namespace.(string)).List(context.Background(), metav1.ListOptions{})
+		namespaceStr, ok := namespace.(string)
+		if !ok {
+			return nil, fmt.Errorf("namespace must be a string")
+		}
+		manifests, err := ksServer.ksClient.WorkloadConfigurationScans(namespaceStr).List(context.Background(), metav1.ListOptions{})
 		if err != nil {
 			return nil, err
 		}
@@ -394,11 +418,19 @@ func (ksServer *KubescapeMcpserver) CallTool(name string, arguments map[string]i
 		if !ok {
 			namespace = "kubescape"
 		}
+		namespaceStr, ok := namespace.(string)
+		if !ok {
+			return nil, fmt.Errorf("namespace must be a string")
+		}
 		manifestName, ok := arguments["manifest_name"]
 		if !ok {
 			return nil, fmt.Errorf("manifest_name is required")
 		}
-		manifest, err := ksServer.ksClient.WorkloadConfigurationScans(namespace.(string)).Get(context.Background(), manifestName.(string), metav1.GetOptions{})
+		manifestNameStr, ok := manifestName.(string)
+		if !ok {
+			return nil, fmt.Errorf("manifest_name must be a string")
+		}
+		manifest, err := ksServer.ksClient.WorkloadConfigurationScans(namespaceStr).Get(context.Background(), manifestNameStr, metav1.GetOptions{})
 		if err != nil {
 			return nil, fmt.Errorf("failed to get configuration manifest: %s", err)
 		}
--- a/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/utils/utils.go
+++ b/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/utils/utils.go
@@ -144,14 +144,23 @@ func CheckShortTerminalWidth(rows []table.Row, headers table.Row) bool {
 	for _, row := range rows {
 		rowWidth := 0
 		for idx, cell := range row {
-			cellLen := len(cell.(string))
+			cellStr, ok := cell.(string)
+			if !ok {
+				// If cell is not a string, skip this calculation
+				continue
+			}
+			cellLen := len(cellStr)
 			if cellLen > 50 { // Take only 50 characters of each sentence for counting size
 				cellLen = 50
 			}
-			if cellLen > len(headers[idx].(string)) {
+			headerStr, ok := headers[idx].(string)
+			if !ok {
+				// If header is not a string, use cell length
+				rowWidth += cellLen
+			} else if cellLen > len(headerStr) {
 				rowWidth += cellLen
 			} else {
-				rowWidth += len(headers[idx].(string))
+				rowWidth += len(headerStr)
 			}
 			rowWidth += 2
 		}