Skip to content

chore(ci): Fix e2e test breakage for qa:elastic-logstash#3398

Merged
dcaravel merged 1 commit into
masterfrom
dc/fix-e2e-tests
Jul 14, 2026
Merged

chore(ci): Fix e2e test breakage for qa:elastic-logstash#3398
dcaravel merged 1 commit into
masterfrom
dc/fix-e2e-tests

Conversation

@dcaravel

@dcaravel dcaravel commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Description for CVE was updated, causing breakage:

https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/stackrox_scanner/3089/pull-ci-stackrox-scanner-master-e2e-tests/2076768186161696768

expected: &scannerV1.Vulnerability{state:impl.MessageState{NoUnkeyedLiterals:pragma.NoUnkeyedLiterals{}, DoNotCompare:pragma.DoNotCompare{}, DoNotCopy:pragma.DoNotCopy{}, atomicMessageInfo:(*impl.MessageInfo)(nil)}, Name:"CVE-2026-34481", Description:"Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, Infinity, or -Infinity), which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to index affected records. An attacker can exploit this issue only if both of the following conditions are met: * The application uses JsonTemplateLayout. * The application logs a MapMessage containing an attacker-controlled floating-point value. Users are advised to upgrade to Apache Log4j JSON Template Layout 2.25.4, which corrects this issue.", Link:"https://nvd.nist.gov/vuln/detail/CVE-2026-34481", MetadataV2:(*scannerV1.Metadata)(nil), FixedBy:"2.25.4", Severity:"Important", unknownFields:[]uint8(nil), sizeCache:0}
actual  : &scannerV1.Vulnerability{state:impl.MessageState{NoUnkeyedLiterals:pragma.NoUnkeyedLiterals{}, DoNotCompare:pragma.DoNotCompare{}, DoNotCopy:pragma.DoNotCopy{}, atomicMessageInfo:(*impl.MessageInfo)(nil)}, Name:"CVE-2026-34481", Description:"Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, Infinity, or -Infinity), which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to index affected records. An attacker can exploit this issue only if both of the following conditions are met: * The application uses JsonTemplateLayout. * The application logs a MapMessage, or logs an object directly (e.g., via Logger.info(Object), which wraps it in an ObjectMessage), where the message contains an attacker-controlled floating-point value. Users are advised to upgrade to Apache Log4j JSON Template Layout 2.25.4, which corrects this issue. Note: The fix released in version 2.25.4 did not cover all affected code paths. CVE-2026-49844 was assigned to the remaining issue, which concerns the MapMessage.asJson() serialization in Apache Log4j API and is fixed in versions 2.25.5 and 2.26.1.", Link:"https://nvd.nist.gov/vuln/detail/CVE-2026-34481", MetadataV2:(*scannerV1.Metadata)(nil), FixedBy:"2.25.4", Severity:"Important", unknownFields:[]uint8(nil), sizeCache:0}

@dcaravel dcaravel requested a review from a team as a code owner July 13, 2026 22:37
@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 5d7c6300-dc6b-4700-89e9-d7d03b7d82b0

📥 Commits

Reviewing files that changed from the base of the PR and between 578af2c and 8e01a91.

📒 Files selected for processing (1)
  • e2etests/testcase_test.go

📝 Walkthrough

Summary by CodeRabbit

  • Tests
    • Updated vulnerability validation expectations for CVE-2026-34481.
    • Clarified affected logging scenarios and noted additional coverage addressed by CVE-2026-49844.

Walkthrough

The E2E expected description for CVE-2026-34481 now includes direct object logging as an exploitation condition and references incomplete 2.25.4 coverage through CVE-2026-49844.

Changes

CVE description expectation

Layer / File(s) Summary
Update vulnerability description
e2etests/testcase_test.go
The expected CVE-2026-34481 description includes direct object logging and the CVE-2026-49844 reference.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Suggested reviewers: janisz, daynewlee, jvdm, rtann, bradlugo

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly states the e2e test breakage fix for qa:elastic-logstash, which matches the PR's main change.
Description check ✅ Passed The description directly explains the failing test and the updated vulnerability text, matching the changeset.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dc/fix-e2e-tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@BradLugo BradLugo self-requested a review July 13, 2026 22:49
@dcaravel dcaravel merged commit 3e23f81 into master Jul 14, 2026
37 checks passed
@dcaravel dcaravel deleted the dc/fix-e2e-tests branch July 14, 2026 13:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants