Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug 2042493: UPSTREAM 107564: kube-apiserver integration test: allow IPs with leading zeros on the API #1124

Merged

Conversation

aojea
Copy link

@aojea aojea commented Jan 19, 2022

Add an integration test to verify that IPs with leading zeros are still allowed by the API server.
This test guarantee that data that was previous valid (containing IPs with leading zeros) remains valid.

Ref CVE-2021-29923

@openshift-ci-robot openshift-ci-robot added the backports/unvalidated-commits Indicates that not all commits come to merged upstream PRs. label Jan 19, 2022
@openshift-ci openshift-ci bot added the bugzilla/severity-low Referenced Bugzilla bug's severity is low for the branch this PR is targeting. label Jan 19, 2022
@openshift-ci
Copy link

openshift-ci bot commented Jan 19, 2022

@aojea: This pull request references Bugzilla bug 1995328, which is valid. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.10.0) matches configured target release for branch (4.10.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @wangke19

In response to this:

Bug 1995328: UPSTREAM 107564: kube-apiserver integration test: allow IPs with leading zeros on the API

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot added the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label Jan 19, 2022
@openshift-ci openshift-ci bot requested a review from wangke19 January 19, 2022 08:11
@openshift-ci-robot
Copy link

@aojea: the contents of this pull request could not be automatically validated.

The following commits could not be validated and must be approved by a top-level approver:

Comment /validate-backports to re-evaluate validity of the upstream PRs, for example when they are merged upstream.

@aojea
Copy link
Author

aojea commented Jan 19, 2022

/assign @sttts @sosiouxme

This has to be backported to the releases we want to verify there is no change on the IP parsers.

@sttts
Copy link

sttts commented Jan 19, 2022

Commit has to have the right title:

UPSTREAM: 107564: test API allow IPs with leading zeros

@sttts
Copy link

sttts commented Jan 19, 2022

/approve

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 19, 2022
@openshift-ci-robot openshift-ci-robot added backports/validated-commits Indicates that all commits come to merged upstream PRs. and removed backports/unvalidated-commits Indicates that not all commits come to merged upstream PRs. labels Jan 19, 2022
@openshift-ci-robot
Copy link

@aojea: the contents of this pull request could be automatically validated.

The following commits are valid:

Comment /validate-backports to re-evaluate validity of the upstream PRs, for example when they are merged upstream.

@aojea
Copy link
Author

aojea commented Jan 19, 2022

/cherry-pick release-4.10

@openshift-cherrypick-robot

@aojea: once the present PR merges, I will cherry-pick it on top of release-4.10 in a new PR and assign it to you.

In response to this:

/cherry-pick release-4.10

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@aojea
Copy link
Author

aojea commented Jan 19, 2022

/cherry-pick release-4.9
/cherry-pick release-4.8
/cherry-pick release-4.7
/cherry-pick release-4.6

@openshift-cherrypick-robot

@aojea: once the present PR merges, I will cherry-pick it on top of release-4.9 in a new PR and assign it to you.

In response to this:

/cherry-pick release-4.9
/cherry-pick release-4.8
/cherry-pick release-4.7
/cherry-pick release-4.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@sosiouxme
Copy link
Member

sosiouxme commented Jan 19, 2022

/approve
/retest
but i don't think i'm qualified to give lgtm
technically bz 1995328 is to fix the CVE. This doesn't fix the CVE (since there is no attack vector); I think it would be more correct to close that bug as WONTFIX and use another bug specifically for keeping the parser unchanged. Which should probably also include the Dockerfile changes to insert the build tag to make that happen.

@aojea
Copy link
Author

aojea commented Jan 19, 2022

technically bz 1995328 is to fix the CVE. This doesn't fix the CVE (since there is no attack vector); I think it would be more correct to close that bug as WONTFIX and use another bug specifically for keeping the parser unchanged. Which should probably also include the Dockerfile changes to insert the build tag to make that happen.

I will create a new bug

@aojea aojea changed the title Bug 1995328: UPSTREAM 107564: kube-apiserver integration test: allow IPs with leading zeros on the API Bug 2042493: UPSTREAM 107564: kube-apiserver integration test: allow IPs with leading zeros on the API Jan 19, 2022
@openshift-ci openshift-ci bot added bugzilla/severity-unspecified Referenced Bugzilla bug's severity is unspecified for the PR. and removed bugzilla/severity-low Referenced Bugzilla bug's severity is low for the branch this PR is targeting. labels Jan 19, 2022
@openshift-ci
Copy link

openshift-ci bot commented Jan 19, 2022

@aojea: This pull request references Bugzilla bug 2042493, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.10.0) matches configured target release for branch (4.10.0)
  • bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @wangke19

In response to this:

Bug 2042493: UPSTREAM 107564: kube-apiserver integration test: allow IPs with leading zeros on the API

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@sosiouxme
Copy link
Member

/retest

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

13 similar comments
@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@soltysh
Copy link
Member

soltysh commented Jan 21, 2022

/retest-required

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-ci
Copy link

openshift-ci bot commented Jan 22, 2022

@aojea: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-merge-robot openshift-merge-robot merged commit 1e7220d into openshift:master Jan 22, 2022
@openshift-ci
Copy link

openshift-ci bot commented Jan 22, 2022

@aojea: All pull requests linked via external trackers have merged:

Bugzilla bug 2042493 has been moved to the MODIFIED state.

In response to this:

Bug 2042493: UPSTREAM 107564: kube-apiserver integration test: allow IPs with leading zeros on the API

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-cherrypick-robot

@aojea: new pull request created: #1131

In response to this:

/cherry-pick release-4.9
/cherry-pick release-4.8
/cherry-pick release-4.7
/cherry-pick release-4.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-cherrypick-robot

@aojea: new pull request created: #1132

In response to this:

/cherry-pick release-4.9
/cherry-pick release-4.8
/cherry-pick release-4.7
/cherry-pick release-4.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-cherrypick-robot

@aojea: new pull request created: #1133

In response to this:

/cherry-pick release-4.10

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-cherrypick-robot

@aojea: new pull request created: #1134

In response to this:

/cherry-pick release-4.9
/cherry-pick release-4.8
/cherry-pick release-4.7
/cherry-pick release-4.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-cherrypick-robot

@aojea: new pull request created: #1135

In response to this:

/cherry-pick release-4.9
/cherry-pick release-4.8
/cherry-pick release-4.7
/cherry-pick release-4.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. backports/validated-commits Indicates that all commits come to merged upstream PRs. bugzilla/severity-high Referenced Bugzilla bug's severity is high for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

8 participants