CVE 2023 39325 5.1 (#175)

* Fix for CVE CVE-2023-39325, updating retry logic to reach to IAM endpoint

* Updating retry logic to reach to IAM endpoint

* Remove unncessary image pull secrets

* Ignore CWE-676

* Updatin release

* Updatin release

.travis.yml

@@ -6,7 +6,7 @@ env:
     - GO111MODULE=on
 
 go:
-  - "1.18.2"
+  - "1.20.10"
 
 before_install:
   - go install github.com/mattn/goveralls@latest

Dockerfile.builder

@@ -1,4 +1,4 @@
-FROM golang:1.19.6
+FROM golang:1.20.10
 
 WORKDIR /go/src/github.com/kubernetes-sigs/ibm-vpc-block-csi-driver
 ADD . /go/src/github.com/kubernetes-sigs/ibm-vpc-block-csi-driver

Makefile

@@ -20,7 +20,7 @@ GIT_COMMIT_SHA="$(shell git rev-parse HEAD 2>/dev/null)"
 GIT_REMOTE_URL="$(shell git config --get remote.origin.url 2>/dev/null)"
 BUILD_DATE="$(shell date -u +"%Y-%m-%dT%H:%M:%SZ")"
 OSS_FILES := go.mod Dockerfile
-GOLANG_VERSION="1.19.6"
+GOLANG_VERSION="1.20.10"
 
 
 STAGING_REGISTRY ?= gcr.io/k8s-staging-cloud-provider-ibm
@@ -44,7 +44,7 @@ BUILD_NUMBER?=unknown
 GO111MODULE_FLAG?=on
 export GO111MODULE=$(GO111MODULE_FLAG)
 
-export LINT_VERSION="1.45.2"
+export LINT_VERSION="1.51.2"
 
 GOFILES=$(shell find . -type f -name '*.go' -not -path "./vendor/*")
 

cmd/main.go

@@ -21,10 +21,8 @@ import (
 	"flag"
 	"strings"
 
-	"math/rand"
 	"net/http"
 	"os"
-	"time"
 
 	libMetrics "github.com/IBM/ibmcloud-volume-interface/lib/metrics"
 	k8sUtils "github.com/IBM/secret-utils-lib/pkg/k8s_utils"
@@ -58,7 +56,6 @@ var (
 
 func main() {
 	flag.Parse()
-	rand.Seed(time.Now().UnixNano())
 	handle(logger)
 	os.Exit(0)
 }
@@ -132,7 +129,7 @@ func serveMetrics() {
 	go func() {
 		http.Handle("/metrics", promhttp.Handler())
 		//http.Handle("/health-check", healthCheck)
-		err := http.ListenAndServe(*metricsAddress, nil)
+		err := http.ListenAndServe(*metricsAddress, nil) // #nosec G114: use default timeout.
 		logger.Error("Failed to start metrics service:", zap.Error(err))
 	}()
 	metrics.RegisterAll(csiConfig.CSIDriverGithubName)

deploy/kubernetes/driver/kubernetes/manifests/setup-vpc-block-sa.yaml

@@ -7,11 +7,6 @@ metadata:
   labels:
     app: ibm-vpc-block-csi-driver
     addonmanager.kubernetes.io/mode: Reconcile
-imagePullSecrets:
-  - name: bluemix-default-secret
-  - name: bluemix-default-secret-regional
-  - name: bluemix-default-secret-international
-  - name: icr-io-secret
 ---
 
 kind: ClusterRole
@@ -65,11 +60,6 @@ kind: ServiceAccount
 metadata:
   name: ibm-vpc-block-controller-sa
   namespace: kube-system
-imagePullSecrets:
-  - name: bluemix-default-secret
-  - name: bluemix-default-secret-regional
-  - name: bluemix-default-secret-international
-  - name: icr-io-secret
 ---
 # xref: https://github.com/kubernetes-csi/external-provisioner/blob/master/deploy/kubernetes/rbac.yaml
 kind: ClusterRole

go.mod

@@ -1,21 +1,21 @@
 module github.com/kubernetes-sigs/ibm-vpc-block-csi-driver
 
-go 1.18
+go 1.20
 
 require (
 	github.com/IBM/ibm-csi-common v1.1.7
 	github.com/IBM/ibmcloud-volume-interface v1.1.4
 	github.com/IBM/ibmcloud-volume-vpc v1.1.6
-	github.com/IBM/secret-utils-lib v1.1.4
+	github.com/IBM/secret-utils-lib v1.1.7
 	github.com/container-storage-interface/spec v1.7.0
 	github.com/golang/glog v1.0.0
 	github.com/google/uuid v1.1.2
 	github.com/kubernetes-csi/csi-test/v4 v4.3.0
 	github.com/prometheus/client_golang v1.14.0
 	github.com/stretchr/testify v1.8.0
 	go.uber.org/zap v1.20.0
-	golang.org/x/net v0.5.0
-	golang.org/x/sys v0.5.0
+	golang.org/x/net v0.17.0
+	golang.org/x/sys v0.13.0
 	google.golang.org/grpc v1.49.0
 	google.golang.org/protobuf v1.28.1
 	k8s.io/klog/v2 v2.80.1
@@ -28,7 +28,7 @@ require (
 	github.com/BurntSushi/toml v1.0.0 // indirect
 	github.com/IBM-Cloud/ibm-cloud-cli-sdk v0.6.7 // indirect
 	github.com/IBM/go-sdk-core/v5 v5.9.1 // indirect
-	github.com/IBM/secret-common-lib v1.1.4 // indirect
+	github.com/IBM/secret-common-lib v1.1.7 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
@@ -84,10 +84,10 @@ require (
 	go.mongodb.org/mongo-driver v1.7.5 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
-	golang.org/x/crypto v0.1.0 // indirect
+	golang.org/x/crypto v0.14.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect
-	golang.org/x/term v0.5.0 // indirect
-	golang.org/x/text v0.7.0 // indirect
+	golang.org/x/term v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect
@@ -109,7 +109,6 @@ require (
 
 replace (
 	github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.1.0
-	golang.org/x/net => golang.org/x/net v0.7.0
 	k8s.io/api => k8s.io/api v0.26.1
 	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.26.1
 	k8s.io/apimachinery => k8s.io/apimachinery v0.26.1