Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecated fix #381

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Deprecated fix #381

wants to merge 4 commits into from

Conversation

Nithunikzz
Copy link
Collaborator

No description provided.

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jun 18, 2024
edited
Loading

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Server-Side Request Forgery Analyzer 0 findings
Configured Codepaths Analyzer 0 findings
IDOR Analyzer 0 findings
SQL Injection Analyzer 0 findings
Secrets Analyzer 0 findings
Authn/Authz Analyzer 10 findings
Sensitive Files Analyzer 0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request focus on improving the error handling and robustness of the kubviz application. The key changes include:

  1. Replacing log.Fatal() with log.Println() in the CheckErr function of the event_metrics_utils.go file. This change ensures that errors are logged instead of causing the program to terminate, making the application more resilient.

  2. Enhancing the kubePreUpgrade plugin to better handle deprecated and deleted Kubernetes APIs during the pre-upgrade process. This includes downloading the Kubernetes Swagger file, populating an API map, detecting deprecated and deleted APIs, and publishing the findings to a NATS JetStream context for further processing and monitoring.

These changes are positive from an application security perspective, as they improve the overall error handling and robustness of the application, as well as provide better visibility and control over Kubernetes API changes during the pre-upgrade process. This helps reduce the risk of breaking changes and ensures a smoother upgrade experience for users.

Files Changed:

  1. agent/kubviz/plugins/events/event_metrics_utils.go:

    • The CheckErr function has been modified to use log.Println() instead of log.Fatal(), improving error handling and preventing the program from terminating.

  2. agent/kubviz/plugins/kubepreupgrade/kubePreUpgrade.go:

    • The code has been enhanced to download the Kubernetes Swagger file, populate an API map, detect deprecated and deleted APIs, and publish the findings to a NATS JetStream context.
    • The code also handles various errors, permissions issues, and discovers preferred resource names and group-version for the detected APIs.
    • These changes improve the pre-upgrade process by providing better visibility and control over Kubernetes API changes, reducing the risk of breaking changes during the upgrade.

Powered by DryRun Security

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Documentation_docs Documentation_md documentation Improvements or additions to documentation feature release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Nithunikzz