From eda35334c81fa641fb6864ec44492d44e6410605 Mon Sep 17 00:00:00 2001
From: "Adam D. Cornett" <adc@redhat.com>
Date: Fri, 17 Apr 2026 14:28:55 -0700
Subject: [PATCH] enhancing crd check to disallow more permutations

Signed-off-by: Adam D. Cornett <adc@redhat.com>
---
 .../chart-0.1.0-v3.with-crd-in-charts.tgz     | Bin 0 -> 5816 bytes
 .../chart-0.1.0-v3.with-crd-in-root.tgz       | Bin 0 -> 404 bytes
 ...art-0.1.0-v3.with-crd-in-subchart-crds.tgz | Bin 0 -> 394 bytes
 .../chart-0.1.0-v3.with-crd-in-templates.tgz  | Bin 0 -> 5678 bytes
 .../chart-0.1.0-v3.with-crd-quoted-kind.tgz   | Bin 0 -> 462 bytes
 internal/chartverifier/checks/checks.go       |  96 +++++++++++++++++-
 internal/chartverifier/checks/checks_test.go  |   5 +
 7 files changed, 100 insertions(+), 1 deletion(-)
 create mode 100644 internal/chartverifier/checks/chart-0.1.0-v3.with-crd-in-charts.tgz
 create mode 100644 internal/chartverifier/checks/chart-0.1.0-v3.with-crd-in-root.tgz
 create mode 100644 internal/chartverifier/checks/chart-0.1.0-v3.with-crd-in-subchart-crds.tgz
 create mode 100644 internal/chartverifier/checks/chart-0.1.0-v3.with-crd-in-templates.tgz
 create mode 100644 internal/chartverifier/checks/chart-0.1.0-v3.with-crd-quoted-kind.tgz

diff --git a/internal/chartverifier/checks/chart-0.1.0-v3.with-crd-in-charts.tgz b/internal/chartverifier/checks/chart-0.1.0-v3.with-crd-in-charts.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..856c72eb6a0843f3c1b9a93564008a2bfd041a4a
GIT binary patch
literal 5816
zcmV;p7DwqHiwFP!000001MNL)bK5qy`OIH|RlMV*H=-Vv?Tlu!bG=Ts_1?tx#A$Xq
zolb`)A)7TtYDvnEy1sLN`aK5#Nq__&vScaV61$Vi<iWwgdE-IA?7evM(ucCYyZhq*
z@Q?rA@{|Aev+`oFJJ|2<4t9n+J1_c!!KlCcg6uv$X)j*Pqu2@wd12W>=+ihZgR6W0
zOpDn&ytKmDytAg>Q?-Et-W!cd<v$#bUJOP%`}?E4;b3nF^55A3aMFJ&g5>fim%lZ0
zztS*r1Ak1ehlVwqrGF00!JgSS92(i7JB!(~1M&m)ro={_A(J2^|1&?Q$QK$JSMW2f
zy#2R#19R9n``d<ZP3f2bM9iug@!bsmhL$|nwh*mxoz&`^188y6Joz&fvv+NIa~eIR
z1E{h8ozY;JxBtC<YyWF0FUfm4vF2V(xE?U0PHojRUXm}DZbab!7WwJm)5k8npIUKD
z9Wrq}iU9Aa?O7oO1fgr4dw?Sj$T=l5D~bTj_2JLEV2)^~GtUC#reTDXng3xh_hWE1
zhT%@F3pzFkfj2?q#zA;DCjN!%-@>!m-1ANYr~uE7CdWa18q$dRF}!+7PQZPHu7mAf
zQo`_%*t#G$mqA2{Bf97E*W7buZq5W006Zq0j-cTb+B&0lNaJWse*T5IucQeEHUWUb
zLnET$wQJJ@+h$#2l%36}?M_^v?B<d}>me{vz!8fBlISv+dk*pongr%JP?P@xpBc_6
zLv-N#LCkz5W3J^m_#f;~4jn*S8SI$cKd|~=01`<i!9-UJk<BA&GT5UD0R#X7Z1NpJ
z3u7Np^9Fjr5W(LU)Tbd*40T=qf+0?Llgb)Ua{rG!ngz~5jyik>+@6PSe0Lc5F};mb
zswdI+VKASK$q>8*a##;$TQlq2_1qX3&G}A<69%*7cb6P|{K$SoSDX{yyZamj@jpO&
zqq_*`l=vLZ{e$Q@@DU*Y_(xzGXsRHE@ef<z(d^IzKSIN!Q&iR<gvxIL47dV%%7~&q
znuaqb6U&RJR!rE^RT@rBH|UA_CfFBXNv)v>7<*CIvKgC^=nepZ^2e-YWB~p#=DOdd
zw-$(onqFXA9(xZYTk$2=cIc3o{CbI1BW4Q6Ooj@AE&vJ+XN|q&_`2G*!003J12)YR
z^IsH{XKs1k9SFw`rc(+khw29!88Pd*OD#C9&GZrgJZfEorlEhb&_CJ0OWO_RoGkk?
zKow{H>=K)yp~;;YNFV^Wgqj@zHXzlv`G3PWLSd7@2Z3F?Vc-Kn@a)EoF9~Q^><NWP
zNO?n|xqXSve{y{ng<_%sfx9D4KyEBw>4{Wr?(^Qp+-w5R3vNK%47=z02x2+Efl}f7
zDK_9!s2Ew{-5b{bkWK^EdvF}{5cqc<T8uXn&_lAFv3lDSNT+TlBYQSyx;zzsPXQY`
z+`;heCs%aw-w+O()-bGj97G^w=z~_>r>_5*yZi{<Jv^{(r3YYC=!e4#8Xuni_+t#_
z{5vy_Qwp8%V~h=GQrI>J`^4HWhcx`ap=Z>iHiQ!HYU02{hs8|}G~BQz6OdYb$6jwb
z5^tuY`Cnv%o>}H^QQ)t-jq3bwv_BZ_=kmYZ{@#9@|E;6kvk1`H;^OZ>0J)6g*|^t3
zMd%8p2*Qh=6M|>y_V;@N@{OqII#Q*?--B;Ue<Pv<8iOT*2j{<mU8YZ6@T>S3)08m4
z<U?sg8i8t{!0k_Gp&N<(4_tr?$>=}NPL9C^+jI1>W`>D{k`5ZYcqGV-;Mvb28WM7!
z{$en4vI=m6H|lGaHX=^taZ*zxvq(7$;GH)`uq?ktFge53L4%L$u!Kr}`k*69%4M;C
zzvN)#ES6!+z0YU5Iv6$Y)pLR8kR6^;X*wk3LXv0-q}F#@O)xdMI>mHT2Ng8|Vg1&3
zIMMSoEz}Af^2CmaYUN!LIiS8B5oS9g&OVN{EO}GZUoOQ~m5SI)O|GZuZ`N;2HajB6
zES87D(_eHp;Av3gd6y<ZIsr-<%VU`<B{fC2z#+0Mr^C`5tvOevJ@pzQCpx;0N@<VI
z2_#8SCmn{cM%XU_+reZIysD#UiRu<Jtim7WAIQE)dZ+jo>3PBTNbhn!M|zWU0P35(
z;VT#`UU5U0`y*`fjm(Qg)ue~AipgD;1tvY01tnui1f+;$1|wV=;+R*_-h8aeMKTet
zU-q)<y%I5Ul7u63fh`v_EWB1Cw}eNH;3<4Ak{`e@>vrZ@KI=5G&VxB056$M`3@2~c
zbOla7`H-c-Ak8cyOagk&vh;C1DFfw6=0qL}THJ_(d4*S4r{p?%&ha^`wX>|?DJprU
z4+IS}90s~jmczNE%XF})K_c(cwC+kradj$Il6qA(U1FBH#&z!*OsR_HthT%toK~TL
zQ5>ocNQKIout2KU#<bR|wNgTyXlFjtOhGEOG=<`tsC{3|J9KH0qOHqFs#2pEnny?~
zL;CC`r8t5m1je1kGLk|Js}m8fK|FWaG?qtYhH5#Ei(Rt3Q`tR=`Sn5_-PpBh6xL^%
ztWF|AD-5l?DQe=eglYYuxsat-iYqq^DrER6`;THeO*o$)XNp&vnAL>YJzif`1Fdj#
z6ABFkTQUq_@RfF{N>xU)eu)+)PAVmuGdz8Us+pc?z|D$*)uJ5Dqxz5FYR!a}mZzly
zQiY=pMgl6LXF4RPneJmS_485;Oh4_1WtkCxAh2e-tZWu?sr*0X%>sFfsuc2@(vC1(
ziQb(Dfk!RBQPLuo`!}AqluWrXs79%al3d88Su&Z^&s7MkTDKU&N>7nN$pVwGZeD7o
zcHBs0_r<ASESl+GhEuljGMFZrXHqJb9abWLhHG`h3%1Q>;}U<C<BQ@lQGJLnomplz
z76|bwqHjLLH;=RB!;Z#M(Jak1l1%x`{v)K5L)J<th1V>LHpz`wC7Y-fOsQb>i_ujP
zYWY#hH!pzdSX;F?&j9rc^jMY|e6Z$q^Uc`WQez9zvBi@WWe!wNp4`Aflb}%L*=H%4
zrYtd{5ZbhybQqEv>FC#LGcYyWg(ZG8g<pesG`k`gL?h{F%oEF#&rz4`%hAu47B&np
z&_$MrIfiHIa%;EJa1k_{6RO^?R8ED0ptJD4C04a&?-G{92C>?GOhq({g_wlhi%)QI
z-s%?DylA=Ll&QcXD|B4z<wxax<8(e^&P$-&ydPY8(kt0*Uo1~N>!lG?JKgpCrn?f?
zx}4<8oCw2FwF;X7$s%XyHZSZ_rZ*CH`5P?N0gJWr_@KqAHwau<^eTx(U$0&f%a@!}
z;PR#C6l4+26HC$MOaV7{cQUCI7nTM>S)8mMYrEHPBC|&BQLUk@&bncQ-*7^E)z+h+
zcq&WEHB#q774SwDCYO5ArMQ=~s}xN``$|f=oh7BjvXn+Evp{VP*4t*?5?xvep*6{2
zIjK#dS&heAWB&Cbl5aFAqOX~ca?Q;&#jy@^l^Uy?P|;Rf*nHEPI-_iip`j%%WDOh8
zN8a!w6tXJA(pOYwhOpV^qmX6UnYP-a6|$js$Fc}Li)2e$1oat|w%Q66RJZ@Hs?-O-
zW>8Jihebw3&025z<(hVzvbX#Q3vsM$d<Dp!{pjjhj81^jRc4}5ALYriGuF!2kSZ$u
zXJN%J+8FQxv)0*>9pC!A_4?LotG+wc3PS%C;i96Duzd5vDDec177=Q{$>mV>-{o=^
zF8FOOmM5CImpi6=E%itjb*ej3N%E6S?MwRDPVcX2dSA7T<%LzPk__8p7NsS$n-|(r
zYtw^egr&Hs6$q=+K`?BO5>|%xxeKe`cqhT)4t5n1tZ8C}LalD;nag=Y8%FZSbkrw)
zCFevi_ysaQ8O=AJ`mHYySC2($AP)WU9EvpRKP{Dzv|p80vAFpMrSbtb4MtN5^b$iU
zf#T0@Ook+h${K&x!xf)FF?;E$%ujX`!~*v}4EINP|HIB`&~NX5SVxiNe|+-g!<iZ1
zuDXwP=fCd^i|2oWy0qtiuAvM}@;&A8NV<`M{P_7JIlsfRkbQBqHv}p?vDosRXl&fy
zcZoY8=2w1pY;sO@GSl+#z#u})hrz-YTiG7JD?syoT@M&WGH8>pJF=&EsObGYHnf$m
zi)$7S4-ve@1EU`v#=Rc=W=%1?@Cg1kGwdA9$p7@9TY%pVU|<9BmvoLHSw6*0_9?ky
z7rx29WMKFpoa46n<CFIvemy<;{N>%&D?Itxjy(dSCerQVr<u{rvME6#K11$pMbtb_
zpFTX0Zb0y0RP61$&b^5zM4N~;`nms$=?fwrI?1Ot5n^(E+nYNSvXS(B{^SIP4(sdd
z9C1gdInoeu^e6&ZHioo;xy19xgm907pzN9W<DtU{urC85&V$_&WQ?~`W|i>$V_-Rd
zw>->$!YbZFK{qufM=_aNcQ8`D0?j28dV|wO^EkP|0Q6Z#Nsdm%tpwJ!<$9>5rkwHo
z6wHZj`Q*j|#_}WbSwAs3lk8x7VL3<FHtF6plHPVEy|WLWzaAZG1jx`eX}3v(fGKhQ
zq;r1{{})F1%Jm(3OA=Xo5+f4}B>mUS#!O~t+@v}W8V$(0GDc!^f@QreHOB0_n|f<J
zJ$e7@@xiALIfl&wr>Vkwki^brrh2kIR(z*tX2!@j#d=9H|1RGi@~PCgrZl!3E4CPJ
z!A#!0!;|AL2S>*rKI=RVbh23=w-PRC{f}Tg4H+$|H%cFKmy}Al^VN;qI1x0YZe}0;
zHyFR|zwL_~CHTD`QeeUHTtayxijfMubL7Sf9f^EwW4xs@MRx9+4y(_m$ob!|m(+ui
z8${RHO0NQ1{QjTa{n4P!|JG6N?|a`FA8u#tN{!qtG2#lK?|Q;PJ9GkWpy&d-*?V?T
zhsm#$W8N<D+sZLff8ex$Z<D<p_S2o7%_kH0mUOzET#{xm`VRS_G*;RI#<4r{@44mS
z^*RoE7)H5i{EKqj3_ivdkkSYuzipvIiUJ@iyR?k=7jSqGCh!s?c1;Eq*Xy_uc?HoQ
zdGY@E3}M;oIrz%grg1bOA@^7uNgB5J6+`@%oS59Wo`-qI9PdJ6*OVafg4zn!W}!M^
zuas~X4&D+VrSF??9K)~py~U`9oV~F~Ga6Gqa3uNQ$LUlaE=b%gbp3cjI)9D2e~mgh
zT)ffd3a0<5sGTHFv=VVy9m<l)R453Cg3OY7m2zeOW<t$(M&>jBEiS5pj^F{y7#2JK
z)ghf<JBynUjNbqeqcN(Ykwb7IAtp@C=(5M&j7#!L(J7NRtAmKd0>npw+LSa#bo3y-
zlndV#Q>yfqKui`2RsH~X5X3as@gf!&!CDv8>7L(>m8|1ToN1tAT)KKv&$@g+yILan
zl~{FYrKVz%R*nl9Q<Vni9lQSeuj+2ery3oX`6U(16o-lB!o#cTfywJKY`)w}$sZ(m
z(|Phn2nsg8=}5epBIkb&_?O_0U6``c+aPQ6zrDR&{<k;UZ|{FxOOfw?1$Ptmt_Q{y
z4FAXEeX0#cGAzZLy{cT7I=ukE++Xrr=$NZ0*74GS@CWg6-U0m42y0`SH5RjXF29p7
zv1@66ggoa+k}C)z?j8lSaxX!CLXeQeV{<B}I05ugBD<9EVnoY2u*Xp+rX^5ITukt?
zi{%nRb0>o(^IghSf$5|b){cXpz)qEx-)7a6USjc-Zau1FDf&b@+Kv>?PfkfF+_1S!
ze~Lk=Ofhxg%ajqRH%n@X%7m0ZAWTbbHkp#4>t@y?CwdR^I&CQ}CG_ME#ma~o3{}kh
zhE<&DQw3#8r~W@Yj0>;v9P>Z&BLO8@>*QNGmF{aT;FFH7SLkCCPHKM>hT$AjZh2do
zmD23PorOUh*nu}DUk*>Dcb<DqeHullVQ@~>*07cDX^!Rma?CO5<)5-<bA;gqqwW)8
zPwsTAQ;KZgy<Qy(7OU(LO2L#X6qm8oLVM{Jip<F+cQLNC9eKM=3MJnI`MB0L9ko|i
z<oxe)W<AL@;5GT*U~i`||JSbnuBqe(a3z_Qk|j!;Q?G~Tkklj@;}1dT{*G=L+`Dri
zz-YMH^pVl<h3#kkOeY+dF6qVRg~XRR!9^%muDO*WpUhWzdpoZrUxiy%N!n)3E73S~
zZJ9ZGDb{S|72d5Y?y>$X0*9eSoXkyfZrHPV`h+)da1Ac?f=Z2)cBL6bIp1E}!;1TW
zAK6KM!|}5HY(Up0=ObkQpKPvJbquKS|HJ;MUs(UyZP$O+QfhYcBy)UQ=;@BdqCkx!
zOzT9~HYVrt-XCS%Uz$LS=oAd=FqqD85vKFEcLQ@U>h^I$+?rYEU_7{=)Wn4w;knK4
z-8dP6baNpJ<a85+S7?M+Z~5HufCs8{?l4~khECLv*v4Z8mfIo^3`d+f`goRcXz9?U
z8&M0nSo!&Z!rVYf9xEXheag+R=yzD*B!=7#u}P~87JV$+)}`jvqL#Gbi<d5Qo$}PZ
zTq`%$$N7SEjBjRtYXgSzM>zLrZ66fkcrSQMY&%(jM7HZ8C6{ellSgIx4Q*M!`KT}3
zqL!6&%f152^TR}8IL9UGrUB*SVgya>P=VCMR~`2@?VsB6v_+2piF00a{D-k#VgK*`
z?y!yj>nL&zOsD?ETIgm6Zai1l>>13q{z)^2T`^@=vBywO<4^PRYr5$|W$sa3CV0fu
z`RJQ;ryBbgtHP^u1GV<wALZ<Se`m1Y+W$IAqXqnYvYdAm0=%)ms926!ao(Kk&kED$
z|BxI>wtr;tQ+x%s`1fC<U5x+j_g_z6it@*QyLRCF5Xo?yy?hv`^Z$GOf$IN<kP_~-
z{(l`s>();LN8`&oO_INEPJKE{`}Bf~?j&0hFN5F;KQRU@Y1Wuuc28E2Zy@QD_aKbP
z`8>Ki4{p=tdiHJGnEbqrpxeo}?~pA<_^?UeD?V^x_(F=h7AFhi$Ml+pn+_gk&qQ{*
z7k&`ZCu*ZM|J&Kk<$pV^{jaIKB&Sv!(-0D(I3QdN$jv47!9HBi!Ts(t%f14OiA>`q
z`GR}mqxp=DyhsG9<B<z5IOqGO0QwDXiU(`G<|oKX&%wF?fln{^7pAXfA)UCl)Zq!+
zUtXK!#P{w<;Io=Y5}DDEcwo$?VZJ~6^$Z496i|q5%wG@Bh~tKlVP3d#kNwNZH_Y?j
z!yfxLd2o5r!+(-LqiesHA;KBA`HW0lk4DCKW^^-yf6uKe_&1*7?*Q-^-~BJt_-ci2
zFptR5`w!4Aj2ZE)2*Y$8YV|lcJTlDd$POIZ+q7*rDJI|8{d6DyzgQ^$+v)G4{SWu{
z+x%}WC6&J&I_%eG^Z!x5&+`A#?tUx(b(Es~#R9|%XMt<u|1dxQv$wyy)5iaG6rS)O
z0vCd5vM=I2Wn1weN*n5)Wu8i-f?#@^CArA~{g6Z(*~Z|DFqqHAL<fYg#pgVl?XlPL
zv58onI)&4^f!>g%@#%Ajxj12*em(4@Buh=qym@GOQXkSc5hN*d&kD15=_}5ozvmxE
zmyiS<tN6R*JbDgcKP^T3=lgqCxdv2c|HI)<&j0U?`tAOYwG?IiKg2K2(mx00V9)Fu
z(s5>EazK87(W3a+5f9qPKBYCTvdtM|vW;6fhJCZYZHO&nLca{Yt|OfZV5A@R_00h^
zxM`NOr7dk~OIzB~mbSE|Ep2H_TiVi=wzQ=!ZD~te+R~P`w52W2w){We+6{XE$N&J^
Cg^Mi!

literal 0
HcmV?d00001

diff --git a/internal/chartverifier/checks/chart-0.1.0-v3.with-crd-in-root.tgz b/internal/chartverifier/checks/chart-0.1.0-v3.with-crd-in-root.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..f599136fd231ab9fa844fbf5e48546d0814b3dc4
GIT binary patch
literal 404
zcmV;F0c-vriwFP!000001MSv9Z-Ous0ASAiiXL{xQm8DPmgsqhW!b%hw~YvGLyOVd
ze)?LCqDEtupqtzK4nQdd!s{!~g0aPiXzeJt80uu42cN$2a3?o=+6!VHXOuI>6Bf`o
zar=Pq%e_*sGgh>O1fo!_1Zz)Scdq|N*=_t^MKJ?eMoZDu!#=|Yc$}su<Il3}ApV>u
zX+Y?(uW{TzkH65>3$&(EGAHgB78ay$nP_%zqDqbCaX71FnUjh8QmT0Zqq??$DZEv(
zvhK>T0V_&jMII6&MFTnUlPZFRXmkxxp_<TWD17&Ot2&*N-LCZ*<9i8NKk3;GUo~~z
zwW40%&$u(DP}<%8(GSp~fHM5)&v*0s{Ga&k1+xEq{!>0a%zs8>%>QfH&Hp(I`}|!^
zig3Q^qfs1DOt(L$&wmSUO%|>_cqRD#`j0anWBqpx$KqdtuGO*uIneLm?E0Uj`|)Qq
yiO0D9U&DU=r%hk)O}De)M1_Zc1B4Jl2qA<JLI@#*5JCu{U+4=U{6y*iC;$LT_sYxw

literal 0
HcmV?d00001

diff --git a/internal/chartverifier/checks/chart-0.1.0-v3.with-crd-in-subchart-crds.tgz b/internal/chartverifier/checks/chart-0.1.0-v3.with-crd-in-subchart-crds.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..ef55826b3e904f34ed33676de0c3890dab11f076
GIT binary patch
literal 394
zcmV;50d@W#iwFP!000001MSyAZ-Ous2k@Tx6g})ZY-xdo(-QXycG$gxx2#c$q1EVZ
zAAMy;nNCK`kj3r&4j`dK^xwV*4y?;xRqZC^Vwji4F?nka?r+R)&sv1XJY{hdF&PoY
zMI=)~<ICMrYiXUTDJ3eeY6H%7jq5vqrQAOMX|oMCs+<q~9ZkTAl%4r=pZQ__{(uw8
zhQ5(g{(1gtp`W0(x-uDEMS)QzWOP3%g4OOE3wg+b0v2EjFu4Ys1(e>>?FDxEyd6)y
zqicTq7ozX9>;GeGFVP0hum3U@0_*=6zU04K$^%Y>^Yc%HOfdg3bmu?Z^FUw!XMS!R
z<R7sp71;mBaI*jJ+c~!Kzpi`z=XEjA)4=)lKNXB){U1Y5{^iE+e%b{3-~W=M`p*TE
zSpUcHx&Hgluy$aYBOA`{Y^bZriU%`oii}SEKUI~FV5?=F!vnl%qn#fal;BjMoN8VO
o+xN#1)~a00A<U~18wWxNA%qY@2qA<JLI{oS9X3%G6#ysz04g!XZU6uP

literal 0
HcmV?d00001

diff --git a/internal/chartverifier/checks/chart-0.1.0-v3.with-crd-in-templates.tgz b/internal/chartverifier/checks/chart-0.1.0-v3.with-crd-in-templates.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..b3af07bc137095ca2436fb74f95756f76c763c9e
GIT binary patch
literal 5678
zcmV+}7SZV+iwFP!000001MNL)bK5wQ`K(`oQ@oXAE}|qqQ>x0=dF|}1?-JV;XR<Xl
zHI<@B$l{nHxg_Psczks~{kj2=1W529OP1mt_HJclve9UupLh^3`Y)aw1^@?pdoTVE
z|M;&hFZu5vgBQcS;lW_{V7R+8d@&dfcZY))Wbf%&d+}l(#b!vz3)AvLkH&EsUfug=
z3P%5EYKF0KXU^QGssjbQzq?y1|LyJF7a;h9gWdh@;r=$re`g2K$>6CNlHpG-e=~5t
z(lBy-Z$z%QJ7y51e-4e|zA@<7G_pb`h}pA4@(=3Hh=n>sCVoi%XFjIbFEr|0!Oyht
ztG~V<8ruV7@T%jPGdd!G5wl{Q_%49Ip(fX{OeEX6PD%}oA=J3(KKV0&(Z4p`IgOsu
z0o2(4&hBtKZ~yy)*8bN5FUc{Tm~%HKTo0I0r?zTzUXm|UCnE5Fll*-6>0=Mx&&)Wc
zHkmjsMTBE&xn@X#K<Job7ih#j8B-FNQ3Pm?2Y=rAb0j+pToZ^JolZ!Z`5*anF9uiB
z={Pg<l8!orz#BhuVn4ha5%1FRZsA!lcinRz3c$0I$*CWohcu#I46k02GjJcFV`IHj
zN*Emyo0sHf>PM8=qInK~%{^D<<_sVK$RpD23Leg(t_x~~G>%5(mtUFtN~&OJ6F?|D
z>_jxYb}V{mS*%Hnvx|UQ&cp%EZl)A!51|tU9x*v0iKhPCwXwgTO6VLLO7dUeGs8J$
zgbqE=kD0Gzoom`Q{s-HWBL~=KhC3qn53Kwbz(kgbKhc#!V)KX^4EJP0fB>LCH+i<;
zg>@fr^A=jb2*KZ%)T1GC3}qefk`Ye&CY3di<o+M~DDdsW9C!E(dV3x^@!gT{#q>5#
zxt>HnhW<Plk!|o2*u#1>%M8r1<2o^PH1Bsp?9dOA-#v2p@gw^UO|j2B_wKXr$A1Uy
zjqW1gQ|jk%?j1&_zK00;$3H=*fu;&pSpQ)SJenQ3;74e9a*oRChfw$(ph2&Io-(GW
zho)hV$i#FbsudH~bd`ov!}0r~yaDzFR8ngwBF1jiGcDH5$aEKwK>1@<Gj;&}G2*)4
zqqioAh8nJKnJ#+|ESvF^YdbW^O@6(^q7gHNQzk=&Ko1Z_4`-FV<n(&ly1?io@B<dj
z6!V`HlxJ?b?i~on@@F#&Du?O^8W}O`xl1iLEzR^25L{|rgQlT>GSNR-(3h6u&pBJx
z)JGL({%nfX(9qz{3?$%#TSCo_fEuvsS^U3Y9HFp@?}5OsozVAyA$WG<#8Uzq7P~?r
z5?0=lXl_lh`cIDMpim4nAaHlY_Q{RuDJ_wT%{|`Qn4697y8aD_n^AWi4^d3}H&7~k
zKf?+<3I!uGynD;qAJUo6S`Ut69zy?(LzDH*1oV)+%DVcMA&AbLOh#5PXSzHSf6ss#
zI^5y*yHAd2;=dpqG%e9F=dmAwkf9A)b)PxjXYTSNbocPUyp<k+QK26WFKK*q{?kt}
znDg(<IL;|F!izCBph;of9PJaUzZ|pU`8K_vF0~+(a90!iE;=l3a-iWIb20&`#dqxW
zrX%rYAkF_G3-ru1ev5o>)pb<oe>mtr$mM@~gZ+ax|62##vk1`L;^OZ@0GY;dFzWYF
z5qd%?{P41Ghu~RygM+@nd@Bk%wp1wb_u$*o-$*FI#$bu){`fbr%k-%Oeia{MniBe$
zd?<BDBTx+%xcylWI+4i#zy&yvjQ;n<*(tbSYmPqF$SAQ;(nW(8j|7_$Jo`mNLqhJ;
zUkpc1RsnDLR(;LVMx?1cPD+Yo7CC1Dy!*C@mgTpICTF-hZ18bimQcx0A9PGfxh%Ht
z*Bp+V#WISy_xVg$hok1b`d;8UWS3`Dng&U^kR+M{tM!dm6HE=QZZX}|VMR?)SiAKN
zPV_uY3$;RrJh3aHT6vR14ydn3gxRi$vybaqmb@wIFGI0br69Ialj~{Po3$I0&92BX
zi||l*`m4?cTn&kQ-=#^APJmLz^4QLmlA5Ah;22q!(`9Ln)|{)-o_Y<D6CGVcrL;%q
z1d=4En+`)*CG3~L?P4+rUe#8#M0JZ9RpAfw4`g2?y;J;)^t|AEq<1-=BfZHv0QF7Y
z@D+*`uehPh?GZNlR_=>L)ue~Aipfou1tvY01tn8S1f+;0fDtYYam=e|Z$4J#BAE!+
zFZ)^Xeu)@4OTv*k&@GoVEWB1Cw?s#c;3<ACk{`k_>o#yrk2RW@V}H)aL%}=@aPo#t
zSK#!M2U!{n(u^X(B%tRkOCQ%07%ERPC-P9x;zm7~S9qoClw3#Ob9~Nf?Oj&z6qS9Z
z4+IS}9EQ43mcx5Vm+2s=K_c(cwC+mBadj$Il6qBEU1FBH%60D<PN|CJthT%roL8ZM
zQ5>ocNX5#Tupp|}#<bL`wNfISXlFjtOi?PeG{xeYsC{3|J9KH0qOHqFs#2pEnMX(}
zBl_$mr8t5m1je1kGLk|Hs}m8fK|FWaG?qtYhHBcjgH1BsbJ;zL`Sn5>-PpBh6xL^%
ztV|+8GYrkVDQe=eL}~q@xsat-iYqq^DrER+_n*Xcmh^mnoGD&uVpfyR?(_1h8fb-^
zn^0&V*pguY!>_bURjM+X^-HucaZ)MKoZ;y+RL%5EgWjwdSS{M4c~buty;?J&rR~$w
z0jbiX4MqYgp=UZIsG06#IQ8>V3{5}nhp@~DKrmP{T~;;=xm5n2_RRu$imDXyo6?3b
zT8Z9`ecz>~*C=Tb%l#YATS}(f7*?ayMM*AXXqHUo^m7%$s@5$=u+mdxShBz*s+*Tu
zsU0^G*?n>97eO=q%V^3rUWU^o^Gu*(*<mH}XS7x~ykOgGHZJjJIld?^6V-?K(wSve
zVu28^68i2#eDgS4KI~{L70uFIBgvG{>_0*}IbyAZQhd#_Xp`J{RkDd%!ITO{zZhK=
zp_U(|eD?yVj<r>b^9)hHK##D@;Dc4Kn{US2mKs}#hAp0~D085C_T&l{ngoR+&pu1Z
zG-Zhqh0vzuq{E2RNJqa`o1v-UE-dk*DgGM7quCX~Fd9imW1a|4K1W@$FGoLHTG%ka
zP#0Mu<`kZ(%dOo?!$r_+PN;gnQaKk2f$qZlmRQl6y-Ns-4Pv$Xn2KZ;3o%J|FFwJ=
z`&PHO=0?i}r%VMFS)t=vFFz`88|U*8b6$ev=KbK(lU~Vg`yxE?td~Ym?R3}ko9;?n
z>vEDWb0UmJ)hcX;B#WGp+q|$#JH3&x%ikbW2P{_0<AW9}-XL%x=v5LyU#?ye%a@!}
z<npEG6lD?36HC$ModRy|?rc&iE`$a`S)8pttGhpFBC|&BQ7xgY&N^X)-*7^G)z+hs
zcq&WERZ{0d74$|HCPTgGQrgSeRZ6CzeI-zCX9<*8mQrbD7N{-3THCByqDd=Zv?e($
zXSFFdEAe=1%)eel@{J}%^d<9AuDO|}G}d9RQe|}$D%xTTn{QfDXOxX8G_=HptYHKC
z$SZz?LRMv1`hv>L5LWwq6tXNk(-wQQLN@g72#fHuNVcRUP@h3*i>**Wb^HISpgsUL
z!)lT~EHWx;R(sPg*R<P|-Q`DENMmK=D<JmlM_12cbOIe+WhNT+QJyS2W37A*sglxv
z7FPVCjUg{EYn>h0@x9MmuWzlk>bp~|AoO1mE-DI%%6Bh}5>L=*5ux^*T#i-$T`up!
z1;5Qjc%qqmxna83Qj2s^r@A4PEI-NAzNC-s^!}Qr_f^|iURc#C$*4VMQCcFqd7&+}
zHa%QMSc;2Ufv_qa1f%vSVP#~WyRZh0cM>e_U{@i*nkrT()asg^xtuq&VI+S{M}6W~
za!v%pUm)|7$$a;z-}>@!^;nb!;?N(@p-7|t(^82@`&DUG7dQW)R6f9_!DuSMUScRE
zNc`E2sUu0Evc#YDaK&c;Mn653`N?jASm^$TZM^?sXLqpI-v6);kmY}R_T|Hc5#O%5
zjdkb0?`#*({{(eu&;MKl3=Q%l<?%?mk%9d5`6C(M;aSL@INBQm6`ojZdUiDG+~4<z
zGa<%Tes*kfPIWTV^6<bgLeqo6!WLWE9=$JM^L<?p7)CN|gReWXr+BF7{XJH+l`o5H
z77q^*yu|~fA09^iKKy1?F}m;w{x&k|9Icc8=|Z!BzU9Nf2I4R2o<g#Gj+^XLcEv7y
zgMG=s=s`HgZS$vR#~;3(pMC!Fe(N=!{A|T8fl(9b_3+coC@?KbkcrQbdz%q8PSd9k
z52WW4JQx*Q`@VZ`;0e(NQjLBY{AzfDiHC0TsZE5G9M5v+Hic{?J)b{0fuYOV`X<NR
z$$5@7Bpf}8L6(gnZ(uI*JTf5MqaY}ICjNNnG6t-vPsDk!TY`<zR@zx5{r=H6?Z25W
z=09Oo-vgkV8j+Kj%*;C&sa}ERk_o-RX`^|Z++YCuER!TB=i*iZ^V)P=R8vFFcz*Wh
z#4<f{V?xLBBl1~0F*%d$;MKx%j;<}zyJ;l7SDExKK79Uqa-<O;BiE$fCKUpu#QBr%
z{XP6&7~yNjv*|5KWbH~FnOGnhykRzGFhk=e)qT)tK-QEIGMf`DYi+49X5Zb^TjTlJ
z@wd~%Pakp}7Wj5kg?Ax|4FW?wSsx3&*LP;tk#CFTl4SmUzCP@yQsbJ@*tE^qWVA(R
z^5z|#oqjnyIsNci=W(Es&Dyw?^pe*9h>oWr<0bV*>0|DaQVDmzI*}76f*x)k7z6m<
zaP)5QZXj-y;P-w=fd$8N3FnPCMlSHqksC9#CHAq7(U#gNvUA^bSba7i=YQX()P<27
zMAu-YR{<@4|IgmR?y$}O)&ckT{U16XZUc6uM(&mvaRty1ec_;OIsrFObb-C>J-evG
z;8)5qZ<qLO<(Q~Ha9Y5#$o>xd>C7(XlZkUny1i~LN$W8Fj`*Q8W?BQru{-jwx#{Bd
zIyQP3#<|h?C*`ymevCCBrx8Sc%S4A1`M^|mX&G-X&~PD4;3Y=vnhYwg*Ks298lpe;
z#qsF{;<D9q@Re_j&dG#?++%SfY1rad4DnlXVshiSF6JF`ybFn4Q-aJ3ZY#Pr3)M;Y
zN(p!2;4Oht`o2kzWB3)nw;1=3vo{uL#$(zKoJc<SaXyuY3o;jkju%fz_b*ZJFHtu~
zi&xrQ!Sp{BwUgwDRw6E|Ls>GJ3I*X<kXcf<Qm*XZOsM(B$o<TJi;JqDA$Y(thQ;oG
zc1ibJcX2a<@f#3gJVsSKatzKS#Dtj<P5bQ4s3flxjWT$(I*dpxKztOW4M}4}Ll4tS
zx$s>vrAluJ#AKmR<PUHMeoS)>FH(UKta(Z8-uP~$WE~gcOaooVrK>0PU6*fXPs;?q
z600t))D%q8%26R>s?y-RW7l8*RoyK4RHM@}zoeoW;xMsXcz9hsFnLo(&68Ux`GbUR
zI#1q+K*8oW9f>ysa{gz7fAR0wg()k&4YD@>+uzUSfBU-!?fs8y0r~z{a5qu^df2&w
z;s1ynr`pg-hNXD3SC#8hrxyU3`%8Wc9di}MGHx0W{vaOCJAgmh#nPB&jl}Go!|x<a
z>{{9%A<sFI<O+g_yGMbo+)I$35F{k=*qqB5P5^zB*e+$f7}2r@>~qqIX$jI&FD7)^
z#c~Owxs$<?`7Y(Ez;x0IOUM4tV5dsW@3LY_D-m3!S&wR1N<NW}wjqV{lT#K7H*7A`
zo?=icQ%qg>GGs#P&5~NCG9l#;2-9+#O{QezdYSdeiQa>}PFu=L2|xKmu`*_c+bU&#
z!z#}7se&@3Q~w_xMupdSj`<(?k${q{b@R2HOZT-F=t)P{EBvtuC$+svhv6JkZh2do
zmD23P4MIQmE#DoHFGuInJJ-3U9*v^&&>vH^Hmv1Gn(K0YIp&D;^G{i|ImYmUQRfM%
zCwDs5DMhyLUat-Xi&gdrrD)0(ipyAPp}uqrMdsv^yBJqmkG$O`#ggxVd|Yjtj@qjO
zIscmm=963lUX%X~_jd~Of9?A3njklTE6J>sEK%B=dc8e{q$bH2|KW$u@937nz1xQZ
zjfR^|9~lo{*nZZ}bi!%rl3sjXNPL+ST!drgnp-LI$^9yCZ|8;Nt8mK-N!zS>AsUB{
zC3lWqiZxq#g?H<Td#pc;z|m17PUa?gZ&<-ReZng^yatzgNu^3ko6?M<oNupfVa0vG
zk8C8r;dt40HsEWM^AWQDPc~PqItJAE|Lwu<ps@b4*RKDp1!{KkBy)UQ=;=<yqCkx!
zOv^;q7AEKN-XCS%Uz$LS=nM?&$e#tc2-E%R`=K%1?G123+ziYy7!U3zHE`iZcy8lI
zCr(Bny<CU_Io<f-6&m5yJ3e<j<bf)kJIoh>p%e8Yw((fO<+jKJ!wK&keLTy0Xz9?U
z8&M0nnECmE!rVYf9xD+RZOYBB=yzD*B!=7!u}P~87kw<-)}`jvqLj4Zi$jmOPI>BH
zE|nYW<9tCn#y7IRwE;u<Bb>Xmwhan%ycN7Aww<iNBHQ(lvdcED$)hs;hPJHTeAJh1
zQOjU#T35h%ewZi>=d?uKG^l)BjHrnnDwvx1s_VT?`==J37UcM!IOjFTe;Df(_WvI2
zZMX4%9U#ZRbn0KMg>H7>#&dPep22MEpEP6G6H{gtdkp0?{yaawrkgHQ<{s5$f=5i9
z?|zr=RAc{QRd{u7pw|8eyE*$m*cl$Q_P-8jw1A&amh+B6pf~mx70WRz&YN@XSz-G8
zZ;~U)_K#is6kmZY^!?WW?SFS~cfbAqYaLLOKmOaZe9wbOhU4tz!$6(?-yaNB|Gy0>
z;ePA?*8y6$e(u{EU*2t!{Pl9`(_Px97hH5V*^)T*{VV*$7^tLKV}98^SwX&mq)*<1
zFe2l5bT{^I)8%^hZQF?a@(NL3CEvb7wiw~VCT*|yz=hEZDe79BER3JhYZ`7kc*yoI
zrXJQm{@c#ye|!4}JFWe%1GvE-K`;2TWL@N#vZZ*ixQ@DKiJKCt395Id<jDcOU__m4
zW6)*j&w~-sA>nJWomaCx=2|{B35!#^a9Stu8!|IapGTID1IG00Av<MRsv>abq3KF(
zNZ&+`cR6>>FngE2;(heD{Nrc}wtcG7?~!q|X_H<EjJ|>H)VcKhkUmizwf4WWm$Uz!
zHvX>(UXpV&j%f%3qSz-~4am)udJrES*T(N%z?iPU)FPwvl6=8$VxoD#W?sMosOyqT
z*B|qJlYspeKZ=29ea%mhmYzd&1p*$u<X@P-4nlA<x76kXw*PozkTcJ{BfiH<B1<Ho
zA#ov?8y(~L;@bt7JOvWsGls867sPhLsAF6@ai9Im+3y(R-@`upH+e9<?BhSlpV76~
z&j_Kt&jT`XTpD$LFru3P{vDfF@NYcB-#*ak{P4d};;R`t{yZWl#~+~HAoTI9n2zDt
z)a-L~c+@ej!57)I|EwHA3oW$JLJKXl&_W9>w9rBeEws==3oW$JLJKXl&_W9>w9rBe
UEws==3(pe%A7p*EPyomP0Bs{W!2kdN

literal 0
HcmV?d00001

diff --git a/internal/chartverifier/checks/chart-0.1.0-v3.with-crd-quoted-kind.tgz b/internal/chartverifier/checks/chart-0.1.0-v3.with-crd-quoted-kind.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..c2720169285dd0aef93de2999e8a308e70fc41b7
GIT binary patch
literal 462
zcmV;<0Wtm`iwFP!000001MQbVPlGTN$2s#U8sb%Kp=D+#6TRxegZEmVN`yk%vbdWc
z-F9=EPUo`7X4LmPK+1ciz`uQe>cBenAdNeT_6GHggovI)<LpQ;&U8h@L`E6og0Ui^
zEYG-zh}hpFt>~?jhLA|A)@X2UQ{J}tFU2kOKM%)rDw}%fF@nGa=Nt8BJX_OWuwoPu
zI`o5l#y{6zcGV3STeW&jCRway17otB6!BycqbW;iTtWxB1g$Et<Cu_RGVfsf+j&0m
zto8ZnH$=W-wf<*EyAK=Kt^NzY{<+90*8fBBLI1^49&jS;?*B#Z?E>{b0Gst6?tfsL
z|5HCV-szvwY{bz255cGYzqE6-^1sgJ^?z5@FwF13?)87fd4cu+5Ny-GnJQC$(*?HG
z|2$`F^`G&u|Ht~jf8N&r#5dr{feuZZKAzgNYELFCi61Ln`uMs3SZ#9+w(X6A3%ILv
z<$P`uH{fI`oeZ18xrZcSW~J~Xo34gbwM`P+4pd0EH*MefjCa9#zuB&mkk|1pr;D+Y
z+2yY8jjVm3nVQ#t4H2u_E)01U?$AjEWrALXAP9mW2!bF8f*=TjAjp5`1?uPXcmOB>
E0H&7nG5`Po

literal 0
HcmV?d00001

diff --git a/internal/chartverifier/checks/checks.go b/internal/chartverifier/checks/checks.go
index 60f4df85..208a09c4 100644
--- a/internal/chartverifier/checks/checks.go
+++ b/internal/chartverifier/checks/checks.go
@@ -28,6 +28,7 @@ import (
 
 	"github.com/opdev/getocprange"
 	"helm.sh/helm/v3/pkg/action"
+	"helm.sh/helm/v3/pkg/chart"
 	"helm.sh/helm/v3/pkg/lint"
 	"helm.sh/helm/v3/pkg/lint/support"
 
@@ -234,14 +235,107 @@ func NotContainCRDs(opts *CheckOptions) (Result, error) {
 
 	r := NewResult(true, ChartDoesNotContainCRDs)
 
-	if len(c.CRDObjects()) > 0 {
+	// Check standard CRD directory in main chart and dependencies
+	if hasCRDObjects(c) {
+		r.Ok = false
+		r.SetResult(false, ChartContainCRDs)
+		return r, nil
+	}
+
+	// Check for CRDs in templates (main chart and dependencies)
+	if hasCRDInTemplates(c) {
+		r.Ok = false
+		r.SetResult(false, ChartContainCRDs)
+		return r, nil
+	}
+
+	// Check for CRDs in files (root directory of main chart and dependencies)
+	if hasCRDInFiles(c) {
 		r.Ok = false
 		r.SetResult(false, ChartContainCRDs)
+		return r, nil
 	}
 
 	return r, nil
 }
 
+func hasCRDObjects(c *chart.Chart) bool {
+	// Check main chart CRDs directory
+	if len(c.CRDObjects()) > 0 {
+		return true
+	}
+
+	// Recursively check dependencies' CRDs directories
+	for _, dep := range c.Dependencies() {
+		if hasCRDObjects(dep) {
+			return true
+		}
+	}
+
+	return false
+}
+
+func hasCRDInTemplates(c *chart.Chart) bool {
+	// Check main chart templates
+	for _, f := range c.Templates {
+		if !strings.HasSuffix(f.Name, ".yaml") && !strings.HasSuffix(f.Name, ".yml") {
+			continue
+		}
+		if isCRDFile(f.Data) {
+			return true
+		}
+	}
+
+	// Check dependency/subchart templates
+	for _, dep := range c.Dependencies() {
+		if hasCRDInTemplates(dep) {
+			return true
+		}
+	}
+
+	return false
+}
+
+func isCRDFile(data []byte) bool {
+	// Split on YAML document separator for multi-doc files
+	docs := strings.Split(string(data), "\n---")
+	for _, doc := range docs {
+		for _, line := range strings.Split(doc, "\n") {
+			trimmed := strings.TrimSpace(line)
+			if strings.HasPrefix(trimmed, "kind:") {
+				kind := strings.TrimSpace(strings.TrimPrefix(trimmed, "kind:"))
+				// Remove surrounding quotes if present (both single and double)
+				kind = strings.Trim(kind, "\"'")
+				if kind == "CustomResourceDefinition" {
+					return true
+				}
+			}
+		}
+	}
+	return false
+}
+
+func hasCRDInFiles(c *chart.Chart) bool {
+	// Check this chart's files (root directory)
+	for _, f := range c.Files {
+		if !strings.HasSuffix(f.Name, ".yaml") && !strings.HasSuffix(f.Name, ".yml") {
+			continue
+		}
+		if isCRDFile(f.Data) {
+			return true
+		}
+	}
+
+	// Recursively check dependencies
+	for _, dep := range c.Dependencies() {
+		if hasCRDInFiles(dep) {
+			return true
+		}
+	}
+
+	return false
+}
+
 func HelmLint(opts *CheckOptions) (Result, error) {
 	_, p, err := LoadChartFromURI(opts)
 	if err != nil {
diff --git a/internal/chartverifier/checks/checks_test.go b/internal/chartverifier/checks/checks_test.go
index fbab3910..8170101a 100644
--- a/internal/chartverifier/checks/checks_test.go
+++ b/internal/chartverifier/checks/checks_test.go
@@ -313,6 +313,11 @@ func TestNotContainCRDs(t *testing.T) {
 
 	negativeTestCases := []testCase{
 		{description: "Contain CRDs", uri: "chart-0.1.0-v3.with-crd.tgz"},
+		{description: "Contain CRDs in /templates", uri: "chart-0.1.0-v3.with-crd-in-templates.tgz"},
+		{description: "Contain CRDs in root", uri: "chart-0.1.0-v3.with-crd-in-root.tgz"},
+		{description: "Contain CRDs in /charts", uri: "chart-0.1.0-v3.with-crd-in-charts.tgz"},
+		{description: "Contain CRDs in subchart /crds", uri: "chart-0.1.0-v3.with-crd-in-subchart-crds.tgz"},
+		{description: "Contain CRDs with quoted kind values", uri: "chart-0.1.0-v3.with-crd-quoted-kind.tgz"},
 	}
 
 	for _, tc := range negativeTestCases {