Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE 2021 3538 fix #1441

Merged
merged 7 commits into from
May 23, 2022
Merged

CVE 2021 3538 fix #1441

merged 7 commits into from
May 23, 2022

Conversation

chaitanya-baraskar
Copy link
Contributor

@chaitanya-baraskar chaitanya-baraskar commented May 17, 2022
edited by julio-lopez

Change Overview

Fix for CVE-2021-3538. Using github.com/gofrs/uuid instead of github.com/satori/go.uuid for uuid.

Pull request type

Please check the type of change your PR introduces:

  • 🚧 Work in Progress
  • 🌈 Refactoring (no functional changes, no api changes)
  • 🐹 Trivial/Minor
  • 🐛 Bugfix
  • 🌻 Feature
  • 🗺️ Documentation
  • 🤖 Test

Issues

Test Plan

  • 💪 Manual
  • ⚡ Unit test
  • 💚 E2E

Executed make all-build to build code.

@github-actions
Copy link
Contributor

Thanks for submitting this pull request 🎉. The team will review it soon and get back to you.

If you haven't already, please take a moment to review our project contributing guideline and Code of Conduct document.

@infraq infraq added this to In Progress in Kanister May 17, 2022
julio-lopez
julio-lopez reviewed May 17, 2022
View reviewed changes
go.mod Outdated Show resolved Hide resolved
pkg/blockstorage/awsefs/awsefs.go Outdated Show resolved Hide resolved
pavannd1
pavannd1 reviewed May 17, 2022
View reviewed changes
go.mod Outdated Show resolved Hide resolved
go.mod Show resolved Hide resolved
pkg/blockstorage/awsefs/awsefs.go Outdated Show resolved Hide resolved
julio-lopez
julio-lopez reviewed May 18, 2022
View reviewed changes
go.mod Outdated
@@ -103,7 +102,7 @@ require (
github.com/go-openapi/jsonreference v0.19.5 // indirect
github.com/go-openapi/swag v0.19.14 // indirect
github.com/go-stack/stack v1.8.0 // indirect
github.com/gofrs/uuid v4.0.0+incompatible // indirect
github.com/gofrs/uuid v4.2.0+incompatible
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should go in the direct dependencies.

Has go mod tidy -compat=1.17 been run? Does it change the file?

Copy link
Contributor Author

@chaitanya-baraskar chaitanya-baraskar May 18, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let me check. I only ran go mod tidy before raising PR.

@pavannd1
Copy link
Contributor

@chaitanya-baraskar You may have to rebase and run go mod tidy -compat=1.17 again

@pavannd1
Copy link
Contributor

pavannd1 commented May 19, 2022
edited

Reorganize the code a bit to reduce complexity - maybe split logical modules into helper functions

pkg/blockstorage/azure/azuredisk.go:135:1: cognitive complexity 31 of func `(*AdStorage).SnapshotCopyWithArgs` is high (> 30) (gocognit)
func (s *AdStorage) SnapshotCopyWithArgs(ctx context.Context, from blockstorage.Snapshot, to blockstorage.Snapshot, args map[string]string) (*blockstorage.Snapshot, error) {

@chaitanya-baraskar chaitanya-baraskar moved this from In Progress to Review Required in Kanister May 20, 2022
@julio-lopez julio-lopez requested a review from miquella May 23, 2022 17:40
Kanister automation moved this from Review Required to Reviewer approved May 23, 2022
julio-lopez
julio-lopez approved these changes May 23, 2022
View reviewed changes
Copy link
Contributor

@julio-lopez julio-lopez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's merge and iterate if needed

@mergify mergify bot merged commit cdd8f8d into master May 23, 2022
Kanister automation moved this from Reviewer approved to Done May 23, 2022
@mergify mergify bot deleted the CVE-2021-3538 branch May 23, 2022 17:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pavannd1 pavannd1 pavannd1 left review comments

@ankitjain235 ankitjain235 ankitjain235 left review comments

@julio-lopez julio-lopez julio-lopez approved these changes

@miquella miquella Awaiting requested review from miquella

Assignees
No one assigned
Labels
kueue
Projects
Kanister
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Replace github.com/satori/go.uuid (CVE-2021-3538)
4 participants
@chaitanya-baraskar @pavannd1 @julio-lopez @ankitjain235