Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: CWE 502 Deserialization of Untrusted Data + fix yaml list resource split #123

Merged
merged 1 commit into from
Mar 26, 2020
Merged

fix: CWE 502 Deserialization of Untrusted Data + fix yaml list resource split #123

merged 1 commit into from
Mar 26, 2020

Conversation

manusa
Copy link
Member

@manusa manusa commented Mar 26, 2020

Fix vulnerability described in #122 (https://bugs.eclipse.org/bugs/show_bug.cgi?id=561261)

Refactor YamlUtil to fix multiple document Yaml file resource splitting.

@codecov
Copy link

codecov bot commented Mar 26, 2020
edited

Codecov Report

Merging #123 into master will increase coverage by 0.09%.
The diff coverage is 72.41%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master     #123      +/-   ##
============================================
+ Coverage     24.51%   24.60%   +0.09%     
- Complexity     1470     1476       +6     
============================================
  Files           349      349              
  Lines         19239    19240       +1     
  Branches       2888     2889       +1     
============================================
+ Hits           4716     4734      +18     
+ Misses        13987    13973      -14     
+ Partials        536      533       -3
Impacted Files Coverage Δ Complexity Δ
...g/eclipse/jkube/kit/common/util/ThorntailUtil.java 0.00% <0.00%> (ø) 0.00 <0.00> (ø)
...va/org/eclipse/jkube/kit/common/util/YamlUtil.java 73.43% <75.00%> (+25.89%) 16.00 <6.00> (+6.00)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1e16651...97ee1d5. Read the comment docs.

rohanKanojia
rohanKanojia approved these changes Mar 26, 2020
View reviewed changes
Copy link
Member

@rohanKanojia rohanKanojia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@manusa
fix: CWE 502 Deserialization of Untrusted Data + fix yaml list resour…
97ee1d5 
…ce split

Signed-off-by: Marc Nuri <marc@marcnuri.com>
@sonarcloud
Copy link

sonarcloud bot commented Mar 26, 2020

SonarCloud Quality Gate failed.

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 0 Code Smells

76.9% 76.9% Coverage
0.0% 0.0% Duplication

@manusa manusa merged commit cb17a9e into eclipse-jkube:master Mar 26, 2020
@manusa manusa deleted the fix/#122-yaml-cwe branch March 26, 2020 10:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rohanKanojia rohanKanojia rohanKanojia approved these changes

@devang-gaur devang-gaur Awaiting requested review from devang-gaur

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@manusa @rohanKanojia