Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clear the secrets from request for klog print in logGRPC() #1462

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Clear the secrets from request for klog print in logGRPC() #1462

wants to merge 1 commit into from

Conversation

mpatlasov
Copy link

@mpatlasov mpatlasov commented Oct 20, 2023
edited
Loading

Malicious user can put a secret in request as explained here: #1372.

What type of PR is this?

/kind bug

What this PR does / why we need it:

Malicious user can put a secret in request as explained here: #1372.

This PR simply clears the secrets from request.

Which issue(s) this PR fixes:

Fixes #1372

Does this PR introduce a user-facing change?:

NONE

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. kind/bug Categorizes issue or PR as related to a bug. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Oct 20, 2023
@k8s-ci-robot
Copy link
Contributor

Welcome @mpatlasov!

It looks like this is your first PR to kubernetes-sigs/gcp-compute-persistent-disk-csi-driver 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/gcp-compute-persistent-disk-csi-driver has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Oct 20, 2023
@k8s-ci-robot
Copy link
Contributor

Hi @mpatlasov. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mpatlasov
Once this PR has been reviewed and has the lgtm label, please assign saikat-royc for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Oct 20, 2023
msau42
msau42 reviewed Oct 20, 2023
View reviewed changes
pkg/gce-pd-csi-driver/utils.go Outdated
klog.V(4).Infof("%s called with request: %s", info.FullMethod, req)
// However malicious user still can put a secret in request as explained here:
// https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver/issues/1372
if klog.V(4).Enabled() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We regularly use log level 4 in production. Since this driver doesn't actually require any secret, can we just clear the secrets from the request?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@msau42 , the request may be of different types, i.e. NodeExpandVolumeRequest is not the only type with Secrets (e.g. CreateVolumeRequest, DeleteVolumeRequest, etc.). I didn't find any straightforward way to clear the secrets from a request of arbitrary type, can you tell me how you suggest to do it?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think we can leverage the reflect package? https://pkg.go.dev/reflect#example-Value.FieldByName potentially looks promising. Or could we even use https://pkg.go.dev/reflect#StructTag to create a more efficient protosanitizer?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There were some improvements in csi-lib-utils recently to sanitize better / faster: kubernetes-csi/csi-lib-utils#184

@mpatlasov mpatlasov force-pushed the sanitize-req-in-klog-print branch from 4eb6516 to a618653 Compare October 30, 2023 06:31
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Oct 30, 2023
@mpatlasov mpatlasov changed the title Sanitize request for klog print in logGRPC() Clear secrets from request for klog print in logGRPC() Oct 30, 2023
@mpatlasov mpatlasov changed the title Clear secrets from request for klog print in logGRPC() Clear the secrets from request for klog print in logGRPC() Oct 30, 2023
@mpatlasov
Copy link
Author

Last push reworks PR: instead of calling protosanitizer.StripSecrets(req), now it simply clears the secrets from request.

jsafrane
jsafrane reviewed Nov 2, 2023
View reviewed changes
pkg/gce-pd-csi-driver/utils.go Outdated Show resolved Hide resolved
pkg/gce-pd-csi-driver/utils.go Show resolved Hide resolved
@mpatlasov mpatlasov force-pushed the sanitize-req-in-klog-print branch from a618653 to afd457a Compare November 3, 2023 22:34
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Nov 3, 2023
@mpatlasov
Copy link
Author

Last push addressed Jan's comment:

  • Reflection magic went to a separate function
  • Comment fixed
  • Unit-test added

@jsafrane
Copy link
Contributor

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Nov 29, 2023
@jsafrane
Copy link
Contributor

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 29, 2023
@mpatlasov
Copy link
Author

@msau42 , can you approve please?

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Dec 8, 2023
@k8s-ci-robot k8s-ci-robot added the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Aug 2, 2024
@mpatlasov
Clear secrets from request for klog print in logGRPC()
49c6736 
Malicious user can put a secret in request as explained here: kubernetes-sigs#1372.
@mpatlasov mpatlasov force-pushed the sanitize-req-in-klog-print branch from afd457a to 49c6736 Compare August 27, 2024 14:04
@k8s-ci-robot
Copy link
Contributor

New changes are detected. LGTM label has been removed.

@k8s-ci-robot k8s-ci-robot removed lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Aug 27, 2024
@mpatlasov
Copy link
Author

/retest-required

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

@k8s-ci-robot
Copy link
Contributor

@k8s-triage-robot: Closed this PR.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@mpatlasov
Copy link
Author

/reopen

@k8s-ci-robot k8s-ci-robot reopened this Sep 30, 2024
@k8s-ci-robot
Copy link
Contributor

@mpatlasov: Reopened this PR.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@mpatlasov
Copy link
Author

Hey @msau42 , can you lgtm/approve this, please. (see my comment above)

@mpatlasov
Copy link
Author

Hey @msau42 , can you lgtm/approve this, please. (see my comment above)

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

@k8s-ci-robot
Copy link
Contributor

@k8s-triage-robot: Closed this PR.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@mpatlasov
Copy link
Author

/reopen

@k8s-ci-robot k8s-ci-robot reopened this Nov 24, 2024
@k8s-ci-robot
Copy link
Contributor

@mpatlasov: Reopened this PR.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@mpatlasov
Copy link
Author

/test pull-gcp-compute-persistent-disk-csi-driver-verify

@mpatlasov
Copy link
Author

pull-gcp-compute-persistent-disk-csi-driver-verify is permafailing: https://prow.k8s.io/job-history/gs/kubernetes-ci-logs/pr-logs/directory/pull-gcp-compute-persistent-disk-csi-driver-verify

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

@k8s-ci-robot
Copy link
Contributor

@k8s-triage-robot: Closed this PR.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@mpatlasov
Copy link
Author

/reopen

@k8s-ci-robot k8s-ci-robot reopened this Jan 2, 2025
@k8s-ci-robot
Copy link
Contributor

@mpatlasov: Reopened this PR.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@mpatlasov
Copy link
Author

/retest-required

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msau42 msau42 msau42 left review comments

@jsafrane jsafrane jsafrane left review comments

@leiyiz leiyiz Awaiting requested review from leiyiz

@saikat-royc saikat-royc Awaiting requested review from saikat-royc

Assignees

@jsafrane jsafrane

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Driver can display the secret content of node-expand-secret-name
5 participants
@mpatlasov @k8s-ci-robot @jsafrane @k8s-triage-robot @msau42