Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 1918153: incorrect escaping of HTML symbols in envars #215

Merged
merged 1 commit into from Feb 2, 2021
Merged

Bug 1918153: incorrect escaping of HTML symbols in envars #215

merged 1 commit into from Feb 2, 2021

Conversation

alicerum
Copy link

@alicerum alicerum commented Feb 1, 2021
edited by openshift-ci-robot

When building from source using docker strategy, keys and values for environment variables from BuildConfig and labels have been marshalled to json strings to put them in quotes and do escaping.
Problem was, this marshalling also escapes HTML symbols <>&, which should be allowed for environment variables and labels.
Solution is to process values with strconv.Quote function in order to escape only non-printable and control characters.

With the BuildConfig provided in Bugzilla, and my changes I get this result:

wyvie@irum-mac ~/go/src/github.com/openshift/builder (fix-build-envars-character-escaping*) $ oc logs -f bc/docker-build
...
STEP 1: FROM quay.io/generic/rhel7:latest
STEP 2: ENV "IncorrectURLFromENV"="http://abc.com/q?key1=value1&key2=value2"
...
STEP 5: ENV CorrectURLFromDockerFile='https://abc123.com/q?key1=value1&key2=value2'
--> b74c4ad1b71
...
STEP 10: LABEL "io.openshift.build.commit.author"="Rejeeb <54980000+rejeeb786@users.noreply.github.com>" "io.openshift.build.commit.date"="Wed Jan 20 07:34:30 2021 +0530" "io.openshift.build.commit.id"="b83aaf78858b7a8e970a52a07e06dfb3bb7e7ecc" "io.openshift.build.commit.message"="Update Dockerfile" "io.openshift.build.commit.ref"="main" "io.openshift.build.name"="docker-[build-1](https://issues.redhat.com/browse/build-1)" "io.openshift.build.namespace"="testing" "io.openshift.build.source-context-dir"="/" "io.openshift.build.source-location"="https://github.com/rejeeb786/test.git"
...

@openshift-ci-robot openshift-ci-robot added bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Feb 1, 2021
@openshift-ci-robot
Copy link
Contributor

@alicerum: This pull request references Bugzilla bug 1918153, which is invalid:

  • expected the bug to target the "4.7.0" release, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 1918153: incorrect escaping of HTML symbols in envars

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@alicerum alicerum force-pushed the fix-build-envars-character-escaping branch 2 times, most recently from 3038e49 to afebaa8 Compare February 1, 2021 11:02
@otaviof
Copy link
Member

otaviof commented Feb 1, 2021

/retest

@openshift-ci-robot
Copy link
Contributor

@alicerum: This pull request references Bugzilla bug 1918153, which is invalid:

  • expected the bug to target the "4.7.0" release, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 1918153: incorrect escaping of HTML symbols in envars

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

1 similar comment
@openshift-ci-robot
Copy link
Contributor

@alicerum: This pull request references Bugzilla bug 1918153, which is invalid:

  • expected the bug to target the "4.7.0" release, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 1918153: incorrect escaping of HTML symbols in envars

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@alicerum
Copy link
Author

alicerum commented Feb 1, 2021

/retest

@gabemontero
Copy link
Contributor

hey @alicerum - has your "onramping" progressed enough that you understand what is up with the bugzilla integration requirements as noted in #215 (comment)

and the OWNERS file requirements as noted in #215 (comment) ?

If not let us know and we can discuss either here or in scrum

@alicerum
Copy link
Author

alicerum commented Feb 1, 2021
edited

If not let us know

Letting you know! Discussing in scrum (or after) would be beneficial.

@alicerum alicerum force-pushed the fix-build-envars-character-escaping branch from afebaa8 to 4396a41 Compare February 1, 2021 15:33
@alicerum
Copy link
Author

alicerum commented Feb 1, 2021

/bugzilla refresh

@openshift-ci-robot openshift-ci-robot added bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. and removed bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Feb 1, 2021
@openshift-ci-robot
Copy link
Contributor

@alicerum: This pull request references Bugzilla bug 1918153, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.7.0) matches configured target release for branch (4.7.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Fixed incorrect escaping of HTML symbols in envars
7f90723 
When building from source using docker strategy, keys and values
for environment variables from BuildConfig and labels have been
marshalled to json strings to put them in quotes and do escaping.
Problem was, this marshalling also escapes html symbols <>&, which
should be allowed in values of environment variables and labels.
Solution is to process keys and values with strconv.Quote function
in order to escape only non-printable and control characters.
@alicerum alicerum force-pushed the fix-build-envars-character-escaping branch from 4396a41 to 7f90723 Compare February 1, 2021 20:24
@wewang58
Copy link

wewang58 commented Feb 2, 2021

/bugzilla cc-qa

@openshift-ci-robot
Copy link
Contributor

@wewang58: This pull request references Bugzilla bug 1918153, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.7.0) matches configured target release for branch (4.7.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @wewang58

In response to this:

/bugzilla cc-qa

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@wewang58
Copy link

wewang58 commented Feb 2, 2021

/lgtm
Launched a cluster using cluster-bot, verified it
STEP 1: FROM quay.io/generic/rhel7:latest
STEP 2: ENV "IncorrectURLFromENV"="http://abc.com/q?key1=value1&key2=value2"
--> 546b155da6f
STEP 3: MAINTAINER aPaaS : Rejeeb
--> e8b0bc8dcb3
STEP 4: USER root
--> 0efc16f019c
STEP 5: ENV CorrectURLFromDockerFile='https://abc123.com/q?key1=value1&key2=value2'

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Feb 2, 2021
adambkaplan
adambkaplan approved these changes Feb 2, 2021
View reviewed changes
Copy link
Contributor

@adambkaplan adambkaplan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: adambkaplan, alicerum, wewang58

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 2, 2021
@openshift-merge-robot openshift-merge-robot merged commit 67e88c5 into openshift:master Feb 2, 2021
@openshift-ci-robot
Copy link
Contributor

@alicerum: All pull requests linked via external trackers have merged:

Bugzilla bug 1918153 has been moved to the MODIFIED state.

In response to this:

Bug 1918153: incorrect escaping of HTML symbols in envars

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@alicerum alicerum deleted the fix-build-envars-character-escaping branch February 2, 2021 14:53
@pradeepto
Copy link

Congratulations @alicerum \o/

Great start!

@otaviof otaviof mentioned this pull request Jan 6, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adambkaplan adambkaplan adambkaplan approved these changes

@coreydaley coreydaley Awaiting requested review from coreydaley

@wewang58 wewang58 Awaiting requested review from wewang58

Assignees

@adambkaplan adambkaplan

@wewang58 wewang58

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@alicerum @openshift-ci-robot @otaviof @gabemontero @wewang58 @pradeepto @adambkaplan @openshift-merge-robot