-
Notifications
You must be signed in to change notification settings - Fork 299
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
V4.32.0 #1234
V4.32.0 #1234
Conversation
* Update iptables rules to make them idempotent * Add missing return statements * Fix catch logic error * Only catch one statement with try * Remove broken catches (sync code) * Move to explictly denying flux 172.23.0.0/16 and use DOCKER-USER chain * Add a bit more to docstring * Remove erroneous extra function call from testing * Greatly simplify how default gateway / local subnet is determined * Lint * Remove requirement for , will protect all operator networks * Modify rules slightly to match iptables output, add tests * Add allow for Flux networks, remove RETURN that docker keeps adding * Full refactor - see below This commit now blocks 100% of access to private address space, while maintaining isolation for each Flux docker network. Now apps can be sure no other app is snooping their traffic, and operators can be sure that apps do not have access to ANY private network they are routing. Tests will all be broken - I'll fix up in next commit. * Lint * Update tests * Move the docker interface fetch up a level to avoid circular * Add dockerService to serviceManager, fix up tests * Fix typing for return * Stub console output (from Flux log) so it doesn't clog up the testing output * Add missing remove private stanza for softInstallLocally * Update compatibility with older iptables 1.8.4 - see below Older iptables (legacy) on ubuntu 20.04 operates slightly differently than the nf_tables version, the check output command doesn't return anything. Some of the output strings are different, so we don't check those anymore. Have also added a check to make sure the iptables binary is in the root users path. * Add iptables exists check and fix up tests
…re failing app install
|
GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
---|---|---|---|---|---|
8398280 | Triggered | PGP Private Key | aad25a2 | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | aad25a2 | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | 4b55f1d | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | 4b55f1d | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | 60fb79b | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | 60fb79b | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | 1bcf794 | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | 1bcf794 | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | d5455c7 | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | d5455c7 | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | 4d8d207 | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | 4d8d207 | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | ef043fd | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | ef043fd | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | 717c399 | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | 717c399 | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | 62a24ab | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | 62a24ab | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | 0453b1f | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | 0453b1f | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | 56a0eff | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | 56a0eff | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | 2117b4a | HomeUI/dist/js/index.js | View secret |
8398280 | Triggered | PGP Private Key | 2117b4a | HomeUI/dist/js/index.js | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #1234 +/- ##
==========================================
+ Coverage 48.49% 48.52% +0.02%
==========================================
Files 45 45
Lines 14796 14925 +129
==========================================
+ Hits 7176 7242 +66
- Misses 7620 7683 +63 ☔ View full report in Codecov by Sentry. |
adjust width on management
This version will be enforced on March 13th, make sure you update your Fluxnode before that day.