remove modsecurity coreruleset test files from nginx image #11617
Conversation
k8s-ci-robot
added
cncf-cla: yes
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @zeeZ. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
needs-priority
size/XS
✅ Deploy Preview for kubernetes-ingress-nginx canceled.
|
|
The old path wasn't up-to-date for a really long time, I couldn't even find it in v3.3.5 of the core rule set. I seems they just added the whole I hope ModSecurity is not relying on those tests during runtime, because we always had them in there since we bumped to any ModSecurity version > v3.2.1. |
|
/cc @strongjz |
|
/triage accepted |
k8s-ci-robot
added
triage/accepted
k8s-ci-robot
added
lgtm
|
/cherry-pick release-1.10 |
|
@Gacko: once the present PR merges, I will cherry-pick it on top of release-1.10 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/cherry-pick release-1.11 |
|
@Gacko: once the present PR merges, I will cherry-pick it on top of release-1.11 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/hold @strongjz please un-hold if it looks good to you. |
k8s-ci-robot
added
the
do-not-merge/hold
|
/unhold |
k8s-ci-robot
removed
the
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Gacko, strongjz, zeeZ The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@Gacko: new pull request created: #11619 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@Gacko: new pull request created: #11620 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
I'd like to note this is a base image change, so an update of the necessary bits to get it into the controller is needed. |
|
Yes, were going to get a new release to fix 1.11 amd 1.10 issues. |
|
@strongjz Doesn't the test runner base on the NGINX base image? Because then we should have promoted that before promoting the new test runner. |
What this PR does / why we need it:
Test files from OWASP CRS in the nginx image are triggering virus scanners. The current command tries to remove a path that no longer exists.
Types of changes
Which issue/s this PR fixes
fixes #11612
How Has This Been Tested?
Checklist: