New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix: forbid 302 request to avoid SSRF #5000
Conversation
Codecov ReportBase: 61.49% // Head: 61.50% // Increases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## master #5000 +/- ##
==========================================
+ Coverage 61.49% 61.50% +0.01%
==========================================
Files 305 305
Lines 33314 33315 +1
==========================================
+ Hits 20485 20490 +5
Misses 10059 10059
+ Partials 2770 2766 -4
Flags with carried forward coverage won't be shown. Click here to find out more.
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.
|
50de508
to
fec20d8
Compare
Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com>
Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com>
Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix ci Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com>
fec20d8
to
fbeacb0
Compare
|
Successfully created backport PR #5003 for |
|
Successfully created backport PR #5004 for |
* fix helm chart list endpoint SSRF CVE Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> * revert error log Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> * change with const value Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix ci Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com>
forbid 302 request to avoid SSRF of list helm chart endpoint of apiServer.
Signed-off-by: 楚岳 wangyike.wyk@alibaba-inc.com
Description of your changes
Fixes #
I have:
make reviewableto ensure this PR is ready for review.backport release-x.ylabels to auto-backport this PR if necessary.How has this code been tested
Special notes for your reviewer