From f3e5ac97bd7f7ab3c1d726921492f17a82b5024d Mon Sep 17 00:00:00 2001
From: Anthony Weems <amlweems@gmail.com>
Date: Mon, 18 Oct 2021 14:45:23 -0500
Subject: [PATCH] fix #22: check for nil ptr in destination rule auditor (#24)

---
 _fixtures/destinationrule-empty-tls.yaml            | 8 ++++++++
 _fixtures/destinationrule-empty-traffic-policy.yaml | 7 +++++++
 auditors/destinationrule/cacerts.go                 | 3 +++
 3 files changed, 18 insertions(+)
 create mode 100644 _fixtures/destinationrule-empty-tls.yaml
 create mode 100644 _fixtures/destinationrule-empty-traffic-policy.yaml

diff --git a/_fixtures/destinationrule-empty-tls.yaml b/_fixtures/destinationrule-empty-tls.yaml
new file mode 100644
index 0000000..5a075f7
--- /dev/null
+++ b/_fixtures/destinationrule-empty-tls.yaml
@@ -0,0 +1,8 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  name: empty-tls-policy
+  namespace: default
+spec:
+  host: example.com
+  trafficPolicy: {}
diff --git a/_fixtures/destinationrule-empty-traffic-policy.yaml b/_fixtures/destinationrule-empty-traffic-policy.yaml
new file mode 100644
index 0000000..0b02edb
--- /dev/null
+++ b/_fixtures/destinationrule-empty-traffic-policy.yaml
@@ -0,0 +1,7 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  name: empty-traffic-policy
+  namespace: default
+spec:
+  host: example.com
diff --git a/auditors/destinationrule/cacerts.go b/auditors/destinationrule/cacerts.go
index 521f187..1bc06c0 100644
--- a/auditors/destinationrule/cacerts.go
+++ b/auditors/destinationrule/cacerts.go
@@ -44,6 +44,9 @@ func (a *auditor) Audit(_ types.Discovery, resources types.Resources) ([]types.A
 	var results []types.AuditResult
 
 	for _, rule := range resources.DestinationRules {
+		if rule.Spec.TrafficPolicy == nil {
+			continue
+		}
 		if !isClientTLSSettingSafe(rule.Spec.TrafficPolicy.Tls) {
 			results = append(results, types.AuditResult{
 				Name:        a.Name(),