Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds SharedAccessSignature to repo with fix for vulnerability (#4943) #4967

Merged
merged 3 commits into from
May 10, 2021
Merged

Adds SharedAccessSignature to repo with fix for vulnerability (#4943) #4967

merged 3 commits into from
May 10, 2021

Conversation

nyanzebra
Copy link
Contributor

This is a cherry-pick of #4943

This adds a subset of the code from https://github.com/Azure/azure-iot-sdk-csharp for SharedAccessSignature directly into our repo. This will also need to be cherry-picked into 1.1 and 1.2.

Todo:

  • Create UTs (UT=unit test) around this code, as there seem to be some tests that use parts of SharedAccessSignature but nothing completely dedicated
  • See if more code can be trimmed out that is not being used, just removed things without any references for first pass
  • if only using one supported .net then can maybe remove some other code here

@nyanzebra
Adds SharedAccessSignature to repo with fix for vulnerability (Azure#…
45df509 
…4943)

This adds a subset of the code from https://github.com/Azure/azure-iot-sdk-csharp for SharedAccessSignature directly into our repo. This will also need to be cherry-picked into 1.1 and 1.2.

Todo:
- [x] Create UTs (UT=unit test) around this code, as there seem to be some tests that use parts of SharedAccessSignature but nothing completely dedicated
- [x] See if more code can be trimmed out that is not being used, just removed things without any references for first pass
- [x] if only using one supported .net then can maybe remove some other code here
@kodiakhq kodiakhq bot merged commit 4fea6e7 into Azure:release/1.1 May 10, 2021
@nyanzebra nyanzebra deleted the fix/sas_security_vulnerability_1.1 branch May 11, 2021 00:59
darobs pushed a commit to darobs/iotedge that referenced this pull request May 26, 2021
@nyanzebra @darobs
Adds SharedAccessSignature to repo with fix for vulnerability (Azure#…
e534de6 
…4943) (Azure#4967)

This is a cherry-pick of Azure#4943

This adds a subset of the code from https://github.com/Azure/azure-iot-sdk-csharp for SharedAccessSignature directly into our repo. This will also need to be cherry-picked into 1.1 and 1.2.

Todo:
- [x] Create UTs (UT=unit test) around this code, as there seem to be some tests that use parts of SharedAccessSignature but nothing completely dedicated
- [x] See if more code can be trimmed out that is not being used, just removed things without any references for first pass
- [x] if only using one supported .net then can maybe remove some other code here
@darobs darobs mentioned this pull request May 26, 2021
Merged
darobs added a commit that referenced this pull request May 26, 2021
@darobs @yophilav
@and-rewsmith @nyanzebra @vipeller @damonbarry @pmzara @dylanbronson
[k8s] Cherry pick 1.1.3 into k8s branch (#5029)
df99eb0 
* Update the KeyVault for Test pipelines (#4937)

* Metrics Collector: Remove test-specific additional tags logic (#4950)

* Metrics Collector: Add gzip compression in the iot message scenario (#4955)

* E2E: Metrics Collector Smoke Test (#4945)

* Metrics Collector: Cleanup startup logging (#4953)

* Metrics Collector: Update product info and message id (#4962)

* Metrics Collector: Rename HubResourceId -> ResourceId (#4956)

* Adds SharedAccessSignature to repo with fix for vulnerability (#4943) (#4967)

* Metrics Collector: Release and publish pipelines (#4969)

* Close AMQP connection explicitly when no more links (removing links kept tcp level connection) (#4984)

* Update `GetModuleLogs` method when `tail + since + until` options are provided (#4987)

* Introduce `Timestamps` Option via mgmt.sock  (#4988)

* Cherry-pick to Release/1.1: Fix edgehub queue len metric (#4952) (#4990)

* Update Base Images for Security Patch (#4994)

* Update v1.1 YAML pipelines to 1ES-hosted agents (#4844)

* Fix potential instability in iotedged after UploadSupportBundle fails (#4942)

* Rename end-to-end test log artifacts (#5006)

* Merge Prometheus parser fix. (#5007)

* Prepare for Release 1.1.3 (#5008)

* Fixing diagnostics image for 1.1 (#5018)

* Prepare for Release1.1.3 (part 2) (#5020)

* Remove PII from log. (#5022)

Co-authored-by: yophilav <54859653+yophilav@users.noreply.github.com>
Co-authored-by: Andrew Smith <als5ev@virginia.edu>
Co-authored-by: Robert T Jang <robbaldwin95@gmail.com>
Co-authored-by: vipeller <51135538+vipeller@users.noreply.github.com>
Co-authored-by: Damon Barry <damonbarry@users.noreply.github.com>
Co-authored-by: Pedro Marcelo Zara <pmzara@hotmail.com>
Co-authored-by: dylanbronson <55515325+dylanbronson@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vadim-kovalyov vadim-kovalyov vadim-kovalyov approved these changes

@varunpuranik varunpuranik Awaiting requested review from varunpuranik

@ancaantochi ancaantochi Awaiting requested review from ancaantochi

@vipeller vipeller Awaiting requested review from vipeller

Assignees
No one assigned
Labels
ready-to-merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@nyanzebra @vadim-kovalyov