-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pkg/sysctl: Sanitize parameter names #14533
Conversation
de4e8af
to
2f1a769
Compare
2f1a769
to
e94dbcf
Compare
test-me-please |
retest-4.9 |
1 similar comment
retest-4.9 |
e94dbcf
to
1c8f0bd
Compare
test-me-please |
test-gke |
bf87d77
to
9ac0c6a
Compare
9ac0c6a
to
29b6ede
Compare
test-me-please |
The Travis CI failure is #11990. |
retest-gke |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No remarks apart from what André pointed out.
c5f0f00
to
72a7f13
Compare
test-me-please |
#15459 on gke. |
@brb What do you make of the wireguard flake in net-next? |
@nathanjsweet Thanks for pinging. Opened #15507 which might resolve it. |
72a7f13
to
2092798
Compare
test-me-please |
@twpayne sorry, can you rebase against master and trigger the tests just to be safe? |
2092798
to
e209d3e
Compare
test-me-please |
Cilium-PR-K8s-1.20-kernel-4.9 failure seems to be known flake #13011. Cilium-PR-K8s-1.13-net-next failure seems to be known flake #12511. |
test-1.13-netnext |
test-1.20-4.9 |
This avoids a security warning raised by CodeQL. In theory, before this PR, carefully formed parameter names could read arbitrary files in the filesystem, e.g. sysctl.Read("../../etc/passwd") In practice, this is was likely unexploitable as '.'s were replaced with '/'s, making path traversal tricky. The updated code verifies that parameter names are valid. Signed-off-by: Tom Payne <tom@isovalent.com>
Signed-off-by: Tom Payne <tom@isovalent.com>
Signed-off-by: Tom Payne <tom@isovalent.com>
e209d3e
to
283b9d9
Compare
test-me-please |
1 similar comment
test-me-please |
Not clear if https://jenkins.cilium.io/job/Cilium-PR-K8s-GKE/4934/testReport/junit/Suite-k8s-1/17/K8sDatapathConfig_Etcd_Check_connectivity/ is a flake. Let's see: test-gke |
Provisioning issue: test-runtime |
This PR avoids a warning issued by CodeQL where it identified "Uncontrolled data used in path expression". Refs #14514.