Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 1995328: UPSTREAM: 107552: e2e test for CVE-2021-29923 #1117

Closed
wants to merge 1 commit into from
Closed

Bug 1995328: UPSTREAM: 107552: e2e test for CVE-2021-29923 #1117

wants to merge 1 commit into from

Conversation

aojea
Copy link

@aojea aojea commented Jan 14, 2022 

Bug 1995328: UPSTREAM: 107552: e2e test for CVE-2021-29923

The e2e test checks that the component implementing Kubernetes Services
interprets ClusterIPs with leading zeros as decimal, otherwise the
cluster will be exposed to CVE-2021-29923.

@openshift-ci-robot openshift-ci-robot added the backports/unvalidated-commits Indicates that not all commits come to merged upstream PRs. label Jan 14, 2022
@openshift-ci openshift-ci bot added the bugzilla/severity-low Referenced Bugzilla bug's severity is low for the branch this PR is targeting. label Jan 14, 2022
@openshift-ci
Copy link

openshift-ci bot commented Jan 14, 2022

@aojea: This pull request references Bugzilla bug 1995328, which is valid. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.10.0) matches configured target release for branch (4.10.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @wangke19

In response to this:

Bug 1995328: UPSTREAM: 107552: e2e test for CVE-2021-29923

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot added the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label Jan 14, 2022
@openshift-ci openshift-ci bot requested a review from wangke19 January 14, 2022 12:39
@openshift-ci-robot
Copy link

@aojea: the contents of this pull request could not be automatically validated.

The following commits could not be validated and must be approved by a top-level approver:

Comment /validate-backports to re-evaluate validity of the upstream PRs, for example when they are merged upstream.

@aojea
Copy link
Author

aojea commented Jan 14, 2022

/hold
testing cherry-pick of kubernetes#107552

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 14, 2022
@openshift-ci
Copy link

openshift-ci bot commented Jan 14, 2022

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: aojea
To complete the pull request process, please assign marun after the PR has been reviewed.
You can assign the PR to them by writing /assign @marun in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot requested review from deads2k and marun January 14, 2022 12:41
@aojea
Copy link
Author

aojea commented Jan 14, 2022

why are those tests not running on the CI @sttts ?

@openshift-ci-robot
Copy link

@aojea: the contents of this pull request could not be automatically validated.

The following commits could not be validated and must be approved by a top-level approver:

Comment /validate-backports to re-evaluate validity of the upstream PRs, for example when they are merged upstream.

@aojea
e2e test for CVE-2021-29923
a3915bd 
The e2e test checks that the component implementing Kubernetes Services
interprets ClusterIPs with leading zeros as decimal, otherwise the
cluster will be exposed to CVE-2021-29923.
@openshift-ci-robot
Copy link

@aojea: the contents of this pull request could not be automatically validated.

The following commits could not be validated and must be approved by a top-level approver:

Comment /validate-backports to re-evaluate validity of the upstream PRs, for example when they are merged upstream.

@sosiouxme
Copy link
Member

/retest

@aojea Can we close Bug 1995328 WONTFIX and use https://bugzilla.redhat.com/show_bug.cgi?id=2042616 instead? Since we're not fixing the CVE.

@openshift-ci
Copy link

openshift-ci bot commented Jan 19, 2022

@aojea: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-crun a3915bd link false /test e2e-aws-crun
ci/prow/k8s-e2e-conformance-aws a3915bd link true /test k8s-e2e-conformance-aws
ci/prow/verify-commits a3915bd link true /test verify-commits
ci/prow/k8s-e2e-gcp-serial a3915bd link true /test k8s-e2e-gcp-serial

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-bot
Copy link

/bugzilla refresh

The requirements for Bugzilla bugs have changed (BZs linked to PRs on master branch need to target OCP 4.11), recalculating validity.

@openshift-ci openshift-ci bot removed the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label Jan 28, 2022
@openshift-ci
Copy link

openshift-ci bot commented Jan 28, 2022

@openshift-bot: This pull request references Bugzilla bug 1995328, which is invalid:

  • expected the bug to be open, but it isn't
  • expected the bug to target the "4.11.0" release, but it targets "4.10.0" instead
  • expected the bug to be in one of the following states: NEW, ASSIGNED, ON_DEV, POST, POST, but it is CLOSED (WONTFIX) instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

The requirements for Bugzilla bugs have changed (BZs linked to PRs on master branch need to target OCP 4.11), recalculating validity.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot added the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label Jan 28, 2022
@aojea aojea closed this Apr 8, 2022
@openshift-ci
Copy link

openshift-ci bot commented Apr 8, 2022

@aojea: This pull request references Bugzilla bug 1995328. The bug has been updated to no longer refer to the pull request using the external bug tracker.

In response to this:

Bug 1995328: UPSTREAM: 107552: e2e test for CVE-2021-29923

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wangke19 wangke19 Awaiting requested review from wangke19

@deads2k deads2k Awaiting requested review from deads2k

@marun marun Awaiting requested review from marun

Assignees
No one assigned
Labels
backports/unvalidated-commits Indicates that not all commits come to merged upstream PRs. bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. bugzilla/severity-low Referenced Bugzilla bug's severity is low for the branch this PR is targeting. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@aojea @openshift-ci-robot @sosiouxme @openshift-bot