istio.io/archive/v1.13/boilerplates/snips/cve-2020-007-configmap.sh

#!/bin/bash
# shellcheck disable=SC2034,SC2153,SC2155,SC2164

# Copyright Istio Authors. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

####################################################################################################
# WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE:
#          boilerplates/cve-2020-007-configmap.md
####################################################################################################

bpsnip_cve_2020_007_configmap__1() {
kubectl -n istio-system apply -f custom-bootstrap-runtime.yaml
}

bpsnip_cve_2020_007_configmap__2() {
kubectl --namespace istio-system patch deployment istio-ingressgateway --patch "$(cat gateway-patch.yaml)"
}

bpsnip_cve_2020_007_configmap__3() {
ISTIO_INGRESS_PODNAME=$(kubectl get pods -l app=istio-ingressgateway -n istio-system  -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace istio-system exec -i -t  "${ISTIO_INGRESS_PODNAME}" -c istio-proxy -- curl -sS http://localhost:15000/runtime
}

! read -r -d '' bpsnip_cve_2020_007_configmap__3_out <<\ENDSNIP

{
 "entries": {
  "overload.global_downstream_max_connections": {
    "layer_values": [
      "",
      "250000",
      ""
    ],
    "final_value": "250000"
  }
 },
 "layers": [
  "static_layer_0",
  "admin"
 ]
}
ENDSNIP