Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pb-6910: preserve uid & gid with which volume is backed up #243

Merged
merged 1 commit into from
May 13, 2024
Merged

pb-6910: preserve uid & gid with which volume is backed up #243

merged 1 commit into from
May 13, 2024

Conversation

lalat-das
Copy link
Collaborator

During backup due to restricted PSA the app will use certain uid and gid. Same uid Gid need to be used to restore while using a JOB-POD.

What this PR does / why we need it: During backup due to restricted PSA the app will use certain uid and gid. Same uid Gid need to be used to restore while using a JOB-POD.

Which issue(s) this PR fixes (optional)
Closes # pb-6910

Special notes for your reviewer:

@github-actions GitHub Actions
Copy link

github-actions bot commented May 8, 2024

OSS Scan Results:

Title Severity Package Name CVEs Fix version Introduced
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high google.golang.org/grpc ['CVE-2023-44487'] ['1.56.3', '1.57.1', '1.58.3'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0']
Stack-based Buffer Overflow medium google.golang.org/protobuf/encoding/protojson [] ['1.32.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/encoding/protojson ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow medium google.golang.org/protobuf/encoding/protojson [] ['1.32.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/encoding/protojson ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow medium google.golang.org/protobuf/encoding/protojson [] ['1.32.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/encoding/protojson ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow medium google.golang.org/protobuf/encoding/protojson [] ['1.32.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/encoding/protojson ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/internal/encoding/json ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Infinite loop medium google.golang.org/protobuf/internal/encoding/json ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Infinite loop medium google.golang.org/protobuf/internal/encoding/json ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Improper Input Validation high sigs.k8s.io/aws-iam-authenticator/pkg/token ['CVE-2022-2385'] ['0.5.9'] ['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5']

Total issues: 43

@github-actions GitHub Actions
Copy link

github-actions bot commented May 8, 2024

License Evaluation Results:

Title Package Name Package Version Severity License Info Introduced Dependency Type

Total License Issues: 0

vsundarraj-px
vsundarraj-px reviewed May 8, 2024
View reviewed changes
pkg/apis/v1/api.proto Outdated
@@ -585,6 +585,10 @@ message BackupInfo {
string pvc_id = 12;
string provisioner = 13;
string volumesnapshot = 14;
// if as part of restrictive PSA setting, an UID or GID is used
// during backup then same value should be used during restore operation
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isnt this mostly for inplace restore to same namespace on same cluster? How does this apply for new cluster ? UID and GID would not be same.

@lalat-das lalat-das force-pushed the pb-6910-restore-path-obtaining-uid-gid branch from 0dfd005 to a8647fa Compare May 8, 2024 08:46
@github-actions GitHub Actions
Copy link

github-actions bot commented May 8, 2024

OSS Scan Results:

Title Severity Package Name CVEs Fix version Introduced
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high google.golang.org/grpc ['CVE-2023-44487'] ['1.56.3', '1.57.1', '1.58.3'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0']
Stack-based Buffer Overflow medium google.golang.org/protobuf/encoding/protojson [] ['1.32.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/encoding/protojson ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow medium google.golang.org/protobuf/encoding/protojson [] ['1.32.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/encoding/protojson ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow medium google.golang.org/protobuf/encoding/protojson [] ['1.32.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/encoding/protojson ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow medium google.golang.org/protobuf/encoding/protojson [] ['1.32.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/encoding/protojson ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/internal/encoding/json ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Infinite loop medium google.golang.org/protobuf/internal/encoding/json ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Infinite loop medium google.golang.org/protobuf/internal/encoding/json ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Improper Input Validation high sigs.k8s.io/aws-iam-authenticator/pkg/token ['CVE-2022-2385'] ['0.5.9'] ['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5']

Total issues: 43

@github-actions GitHub Actions
Copy link

github-actions bot commented May 8, 2024

License Evaluation Results:

Title Package Name Package Version Severity License Info Introduced Dependency Type

Total License Issues: 0

@lalat-das lalat-das force-pushed the pb-6910-restore-path-obtaining-uid-gid branch from a8647fa to 3e19305 Compare May 13, 2024 04:43
vsundarraj-px
vsundarraj-px reviewed May 13, 2024
View reviewed changes
pkg/apis/v1/api.proto Outdated Show resolved Hide resolved
pkg/apis/v1/api.proto Outdated Show resolved Hide resolved
pkg/apis/v1/api.proto Outdated Show resolved Hide resolved
pkg/apis/v1/api.swagger.json Outdated Show resolved Hide resolved
@lalat-das lalat-das force-pushed the pb-6910-restore-path-obtaining-uid-gid branch from 3e19305 to ad05f42 Compare May 13, 2024 06:25
@github-actions GitHub Actions
Copy link

OSS Scan Results:

Title Severity Package Name CVEs Fix version Introduced
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high google.golang.org/grpc ['CVE-2023-44487'] ['1.56.3', '1.57.1', '1.58.3'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0']
Stack-based Buffer Overflow medium google.golang.org/protobuf/encoding/protojson [] ['1.32.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/encoding/protojson ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow medium google.golang.org/protobuf/encoding/protojson [] ['1.32.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/encoding/protojson ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow medium google.golang.org/protobuf/encoding/protojson [] ['1.32.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/encoding/protojson ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow medium google.golang.org/protobuf/encoding/protojson [] ['1.32.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/encoding/protojson ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/internal/encoding/json ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Infinite loop medium google.golang.org/protobuf/internal/encoding/json ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Infinite loop medium google.golang.org/protobuf/internal/encoding/json ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Improper Input Validation high sigs.k8s.io/aws-iam-authenticator/pkg/token ['CVE-2022-2385'] ['0.5.9'] ['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5']

Total issues: 43

@github-actions GitHub Actions
Copy link

License Evaluation Results:

Title Package Name Package Version Severity License Info Introduced Dependency Type

Total License Issues: 0

@lalat-das
pb-6910: preserve uid & gid with which volume is backed up
607bbb9 
 - During backup due to restricted PSA enforcement the app must
   use certain uid and gid.
 - Same uid/gid need to be used to restore volume while using a JOB-POD
   to achieve the same.

Signed-off-by: Lalatendu Das <ldas@purestorage.com>
@lalat-das lalat-das force-pushed the pb-6910-restore-path-obtaining-uid-gid branch from ad05f42 to 607bbb9 Compare May 13, 2024 08:30
@github-actions GitHub Actions
Copy link

OSS Scan Results:

Title Severity Package Name CVEs Fix version Introduced
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high golang.org/x/net/http2 ['CVE-2023-44487'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling medium golang.org/x/net/http2 ['CVE-2023-39325'] ['0.17.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling high golang.org/x/net/http2 ['CVE-2023-45288'] ['0.23.0'] ['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS) high google.golang.org/grpc ['CVE-2023-44487'] ['1.56.3', '1.57.1', '1.58.3'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0']
Stack-based Buffer Overflow medium google.golang.org/protobuf/encoding/protojson [] ['1.32.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/encoding/protojson ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow medium google.golang.org/protobuf/encoding/protojson [] ['1.32.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/encoding/protojson ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow medium google.golang.org/protobuf/encoding/protojson [] ['1.32.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/encoding/protojson ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow medium google.golang.org/protobuf/encoding/protojson [] ['1.32.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/encoding/protojson ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop medium google.golang.org/protobuf/internal/encoding/json ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Infinite loop medium google.golang.org/protobuf/internal/encoding/json ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Infinite loop medium google.golang.org/protobuf/internal/encoding/json ['CVE-2024-24786'] ['1.33.0'] ['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Improper Input Validation high sigs.k8s.io/aws-iam-authenticator/pkg/token ['CVE-2022-2385'] ['0.5.9'] ['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5']

Total issues: 43

@github-actions GitHub Actions
Copy link

License Evaluation Results:

Title Package Name Package Version Severity License Info Introduced Dependency Type

Total License Issues: 0

vsundarraj-px
vsundarraj-px approved these changes May 13, 2024
View reviewed changes
Copy link
Collaborator

@vsundarraj-px vsundarraj-px left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lalat-das lalat-das merged commit 9eda9e2 into master May 13, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vsundarraj-px vsundarraj-px vsundarraj-px approved these changes

@siva-portworx siva-portworx Awaiting requested review from siva-portworx

@prashanthpx prashanthpx Awaiting requested review from prashanthpx

@px-kesavan px-kesavan Awaiting requested review from px-kesavan

@vikasit12 vikasit12 Awaiting requested review from vikasit12

@pallav-px pallav-px Awaiting requested review from pallav-px

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lalat-das @vsundarraj-px