From 916968fc13cd0898c7bcec3140a24207fc688694 Mon Sep 17 00:00:00 2001
From: Christoph Barbian <christoph.barbian@sap.com>
Date: Sun, 3 Mar 2024 13:00:55 +0100
Subject: [PATCH] add remarks

---
 pkg/manifests/helm/generator.go      | 1 +
 pkg/manifests/kustomize/generator.go | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/pkg/manifests/helm/generator.go b/pkg/manifests/helm/generator.go
index 8a643ff..8dc4c20 100644
--- a/pkg/manifests/helm/generator.go
+++ b/pkg/manifests/helm/generator.go
@@ -297,6 +297,7 @@ func (g *HelmGenerator) Generate(ctx context.Context, namespace string, name str
 			}(t.Name()),
 		}
 		var buf bytes.Buffer
+		// TODO: templates (accidentally or intentionally) could modify data,e.g. by deep-copying things upfront
 		if err := t0.ExecuteTemplate(&buf, t.Name(), data); err != nil {
 			return nil, err
 		}
diff --git a/pkg/manifests/kustomize/generator.go b/pkg/manifests/kustomize/generator.go
index 8ff15f2..7f35e8f 100644
--- a/pkg/manifests/kustomize/generator.go
+++ b/pkg/manifests/kustomize/generator.go
@@ -191,6 +191,9 @@ func (g *KustomizeGenerator) Generate(ctx context.Context, namespace string, nam
 				Funcs(funcMapForGenerateContext(serverInfo, component, namespace, name))
 		}
 		var buf bytes.Buffer
+		// TODO: templates (accidentally or intentionally) could modify data, or even some of the objects supplied through builtin functions;
+		// such as serverInfo or component; this should be hardened, e.g. by deep-copying things upfront, or serializing them; see the comment in
+		// funcMapForGenerateContext()
 		if err := t0.ExecuteTemplate(&buf, t.Name(), data); err != nil {
 			return nil, err
 		}