run hack/update-netparse-cve.sh
Kubernetes-commit: 0cd75e8fec62a2531637e80bb950ac9983cac1b0
This commit is contained in:
Antonio Ojea
Kubernetes Publisher
parent
c1a0f339ee
commit
38c6ad936b
|
|
@ -17,13 +17,13 @@ limitations under the License.
|
|||
package discovery
|
||||
|
||||
import (
|
||||
"net"
|
||||
"net/http"
|
||||
"reflect"
|
||||
"testing"
|
||||
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
utilnet "k8s.io/apimachinery/pkg/util/net"
|
||||
netutils "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
func TestGetServerAddressByClientCIDRs(t *testing.T) {
|
||||
|
|
@ -103,7 +103,7 @@ func TestGetServerAddressByClientCIDRs(t *testing.T) {
|
|||
},
|
||||
}
|
||||
|
||||
_, ipRange, _ := net.ParseCIDR("10.0.0.0/24")
|
||||
_, ipRange, _ := netutils.ParseCIDRSloppy("10.0.0.0/24")
|
||||
discoveryAddresses := DefaultAddresses{DefaultAddress: "ExternalAddress"}
|
||||
discoveryAddresses.CIDRRules = append(discoveryAddresses.CIDRRules,
|
||||
CIDRRule{IPRange: *ipRange, Address: "serviceIP"})
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ func TestLoopbackHostPortIPv4(t *testing.T) {
|
|||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
if ip := net.ParseIP(host); ip == nil || !ip.IsLoopback() {
|
||||
if ip := netutils.ParseIPSloppy(host); ip == nil || !ip.IsLoopback() {
|
||||
t.Fatalf("expected host to be loopback, got %q", host)
|
||||
}
|
||||
if port != "443" {
|
||||
|
|
@ -78,7 +78,7 @@ func TestLoopbackHostPortIPv6(t *testing.T) {
|
|||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
if ip := net.ParseIP(host); ip == nil || !ip.IsLoopback() || ip.To4() != nil {
|
||||
if ip := netutils.ParseIPSloppy(host); ip == nil || !ip.IsLoopback() || ip.To4() != nil {
|
||||
t.Fatalf("expected IPv6 host to be loopback, got %q", host)
|
||||
}
|
||||
if port != "443" {
|
||||
|
|
|
|||
|
|
@ -19,7 +19,6 @@ package server
|
|||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"net/http/httputil"
|
||||
|
|
@ -43,6 +42,7 @@ import (
|
|||
"k8s.io/client-go/informers"
|
||||
"k8s.io/client-go/kubernetes/fake"
|
||||
"k8s.io/client-go/rest"
|
||||
netutils "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
func TestAuthorizeClientBearerTokenNoops(t *testing.T) {
|
||||
|
|
@ -81,7 +81,7 @@ func TestAuthorizeClientBearerTokenNoops(t *testing.T) {
|
|||
func TestNewWithDelegate(t *testing.T) {
|
||||
delegateConfig := NewConfig(codecs)
|
||||
delegateConfig.ExternalAddress = "192.168.10.4:443"
|
||||
delegateConfig.PublicAddress = net.ParseIP("192.168.10.4")
|
||||
delegateConfig.PublicAddress = netutils.ParseIPSloppy("192.168.10.4")
|
||||
delegateConfig.LegacyAPIGroupPrefixes = sets.NewString("/api")
|
||||
delegateConfig.LoopbackClientConfig = &rest.Config{}
|
||||
clientset := fake.NewSimpleClientset()
|
||||
|
|
@ -113,7 +113,7 @@ func TestNewWithDelegate(t *testing.T) {
|
|||
|
||||
wrappingConfig := NewConfig(codecs)
|
||||
wrappingConfig.ExternalAddress = "192.168.10.4:443"
|
||||
wrappingConfig.PublicAddress = net.ParseIP("192.168.10.4")
|
||||
wrappingConfig.PublicAddress = netutils.ParseIPSloppy("192.168.10.4")
|
||||
wrappingConfig.LegacyAPIGroupPrefixes = sets.NewString("/api")
|
||||
wrappingConfig.LoopbackClientConfig = &rest.Config{}
|
||||
|
||||
|
|
|
|||
|
|
@ -20,12 +20,12 @@ import (
|
|||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"fmt"
|
||||
"net"
|
||||
"strings"
|
||||
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
"k8s.io/apimachinery/pkg/util/validation"
|
||||
"k8s.io/klog/v2"
|
||||
netutils "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
// BuildNamedCertificates returns a map of *tls.Certificate by name. It's
|
||||
|
|
@ -77,7 +77,7 @@ func getCertificateNames(cert *x509.Certificate) []string {
|
|||
var names []string
|
||||
|
||||
cn := cert.Subject.CommonName
|
||||
cnIsIP := net.ParseIP(cn) != nil
|
||||
cnIsIP := netutils.ParseIPSloppy(cn) != nil
|
||||
cnIsValidDomain := cn == "*" || len(validation.IsDNS1123Subdomain(strings.TrimPrefix(cn, "*."))) == 0
|
||||
// don't use the CN if it is a valid IP because our IP serving detection may unexpectedly use it to terminate the connection.
|
||||
if !cnIsIP && cnIsValidDomain {
|
||||
|
|
|
|||
|
|
@ -31,6 +31,8 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
|
|
@ -246,7 +248,7 @@ NextTest:
|
|||
func parseIPList(ips []string) []net.IP {
|
||||
var netIPs []net.IP
|
||||
for _, ip := range ips {
|
||||
netIPs = append(netIPs, net.ParseIP(ip))
|
||||
netIPs = append(netIPs, netutils.ParseIPSloppy(ip))
|
||||
}
|
||||
return netIPs
|
||||
}
|
||||
|
|
@ -302,7 +304,7 @@ func generateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS
|
|||
IsCA: true,
|
||||
}
|
||||
|
||||
if ip := net.ParseIP(host); ip != nil {
|
||||
if ip := netutils.ParseIPSloppy(host); ip != nil {
|
||||
template.IPAddresses = append(template.IPAddresses, ip)
|
||||
} else {
|
||||
template.DNSNames = append(template.DNSNames, host)
|
||||
|
|
|
|||
|
|
@ -54,6 +54,7 @@ import (
|
|||
restclient "k8s.io/client-go/rest"
|
||||
kubeopenapi "k8s.io/kube-openapi/pkg/common"
|
||||
"k8s.io/kube-openapi/pkg/validation/spec"
|
||||
netutils "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
@ -127,7 +128,7 @@ func testGetOpenAPIDefinitions(_ kubeopenapi.ReferenceCallback) map[string]kubeo
|
|||
func setUp(t *testing.T) (Config, *assert.Assertions) {
|
||||
config := NewConfig(codecs)
|
||||
config.ExternalAddress = "192.168.10.4:443"
|
||||
config.PublicAddress = net.ParseIP("192.168.10.4")
|
||||
config.PublicAddress = netutils.ParseIPSloppy("192.168.10.4")
|
||||
config.LegacyAPIGroupPrefixes = sets.NewString("/api")
|
||||
config.LoopbackClientConfig = &restclient.Config{}
|
||||
|
||||
|
|
|
|||
|
|
@ -17,12 +17,12 @@ limitations under the License.
|
|||
package options
|
||||
|
||||
import (
|
||||
"net"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
utilerrors "k8s.io/apimachinery/pkg/util/errors"
|
||||
netutils "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
func TestServerRunOptionsValidate(t *testing.T) {
|
||||
|
|
@ -34,7 +34,7 @@ func TestServerRunOptionsValidate(t *testing.T) {
|
|||
{
|
||||
name: "Test when MaxRequestsInFlight is negative value",
|
||||
testOptions: &ServerRunOptions{
|
||||
AdvertiseAddress: net.ParseIP("192.168.10.10"),
|
||||
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
|
||||
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
|
||||
MaxRequestsInFlight: -400,
|
||||
MaxMutatingRequestsInFlight: 200,
|
||||
|
|
@ -48,7 +48,7 @@ func TestServerRunOptionsValidate(t *testing.T) {
|
|||
{
|
||||
name: "Test when MaxMutatingRequestsInFlight is negative value",
|
||||
testOptions: &ServerRunOptions{
|
||||
AdvertiseAddress: net.ParseIP("192.168.10.10"),
|
||||
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
|
||||
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
|
||||
MaxRequestsInFlight: 400,
|
||||
MaxMutatingRequestsInFlight: -200,
|
||||
|
|
@ -62,7 +62,7 @@ func TestServerRunOptionsValidate(t *testing.T) {
|
|||
{
|
||||
name: "Test when RequestTimeout is negative value",
|
||||
testOptions: &ServerRunOptions{
|
||||
AdvertiseAddress: net.ParseIP("192.168.10.10"),
|
||||
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
|
||||
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
|
||||
MaxRequestsInFlight: 400,
|
||||
MaxMutatingRequestsInFlight: 200,
|
||||
|
|
@ -76,7 +76,7 @@ func TestServerRunOptionsValidate(t *testing.T) {
|
|||
{
|
||||
name: "Test when MinRequestTimeout is negative value",
|
||||
testOptions: &ServerRunOptions{
|
||||
AdvertiseAddress: net.ParseIP("192.168.10.10"),
|
||||
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
|
||||
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
|
||||
MaxRequestsInFlight: 400,
|
||||
MaxMutatingRequestsInFlight: 200,
|
||||
|
|
@ -90,7 +90,7 @@ func TestServerRunOptionsValidate(t *testing.T) {
|
|||
{
|
||||
name: "Test when JSONPatchMaxCopyBytes is negative value",
|
||||
testOptions: &ServerRunOptions{
|
||||
AdvertiseAddress: net.ParseIP("192.168.10.10"),
|
||||
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
|
||||
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
|
||||
MaxRequestsInFlight: 400,
|
||||
MaxMutatingRequestsInFlight: 200,
|
||||
|
|
@ -104,7 +104,7 @@ func TestServerRunOptionsValidate(t *testing.T) {
|
|||
{
|
||||
name: "Test when MaxRequestBodyBytes is negative value",
|
||||
testOptions: &ServerRunOptions{
|
||||
AdvertiseAddress: net.ParseIP("192.168.10.10"),
|
||||
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
|
||||
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
|
||||
MaxRequestsInFlight: 400,
|
||||
MaxMutatingRequestsInFlight: 200,
|
||||
|
|
@ -118,7 +118,7 @@ func TestServerRunOptionsValidate(t *testing.T) {
|
|||
{
|
||||
name: "Test when LivezGracePeriod is negative value",
|
||||
testOptions: &ServerRunOptions{
|
||||
AdvertiseAddress: net.ParseIP("192.168.10.10"),
|
||||
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
|
||||
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
|
||||
MaxRequestsInFlight: 400,
|
||||
MaxMutatingRequestsInFlight: 200,
|
||||
|
|
@ -133,7 +133,7 @@ func TestServerRunOptionsValidate(t *testing.T) {
|
|||
{
|
||||
name: "Test when MinimalShutdownDuration is negative value",
|
||||
testOptions: &ServerRunOptions{
|
||||
AdvertiseAddress: net.ParseIP("192.168.10.10"),
|
||||
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
|
||||
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
|
||||
MaxRequestsInFlight: 400,
|
||||
MaxMutatingRequestsInFlight: 200,
|
||||
|
|
@ -148,7 +148,7 @@ func TestServerRunOptionsValidate(t *testing.T) {
|
|||
{
|
||||
name: "Test when HSTSHeaders is valid",
|
||||
testOptions: &ServerRunOptions{
|
||||
AdvertiseAddress: net.ParseIP("192.168.10.10"),
|
||||
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
|
||||
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
|
||||
HSTSDirectives: []string{"fakevalue", "includeSubDomains", "preload"},
|
||||
MaxRequestsInFlight: 400,
|
||||
|
|
@ -163,7 +163,7 @@ func TestServerRunOptionsValidate(t *testing.T) {
|
|||
{
|
||||
name: "Test when ServerRunOptions is valid",
|
||||
testOptions: &ServerRunOptions{
|
||||
AdvertiseAddress: net.ParseIP("192.168.10.10"),
|
||||
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
|
||||
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
|
||||
HSTSDirectives: []string{"max-age=31536000", "includeSubDomains", "preload"},
|
||||
MaxRequestsInFlight: 400,
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ import (
|
|||
|
||||
"github.com/spf13/pflag"
|
||||
"k8s.io/klog/v2"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
utilnet "k8s.io/apimachinery/pkg/util/net"
|
||||
"k8s.io/apiserver/pkg/server"
|
||||
|
|
@ -108,7 +109,7 @@ type GeneratableKeyCert struct {
|
|||
|
||||
func NewSecureServingOptions() *SecureServingOptions {
|
||||
return &SecureServingOptions{
|
||||
BindAddress: net.ParseIP("0.0.0.0"),
|
||||
BindAddress: netutils.ParseIPSloppy("0.0.0.0"),
|
||||
BindPort: 443,
|
||||
ServerCert: GeneratableKeyCert{
|
||||
PairName: "apiserver",
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ import (
|
|||
"k8s.io/client-go/discovery"
|
||||
restclient "k8s.io/client-go/rest"
|
||||
cliflag "k8s.io/component-base/cli/flag"
|
||||
netutils "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
func setUp(t *testing.T) server.Config {
|
||||
|
|
@ -277,7 +278,7 @@ func TestServerRunWithSNI(t *testing.T) {
|
|||
|
||||
config.EnableIndex = true
|
||||
secureOptions := (&SecureServingOptions{
|
||||
BindAddress: net.ParseIP("127.0.0.1"),
|
||||
BindAddress: netutils.ParseIPSloppy("127.0.0.1"),
|
||||
BindPort: 6443,
|
||||
ServerCert: GeneratableKeyCert{
|
||||
CertKey: CertKey{
|
||||
|
|
@ -381,7 +382,7 @@ func TestServerRunWithSNI(t *testing.T) {
|
|||
func parseIPList(ips []string) []net.IP {
|
||||
var netIPs []net.IP
|
||||
for _, ip := range ips {
|
||||
netIPs = append(netIPs, net.ParseIP(ip))
|
||||
netIPs = append(netIPs, netutils.ParseIPSloppy(ip))
|
||||
}
|
||||
return netIPs
|
||||
}
|
||||
|
|
@ -488,7 +489,7 @@ func generateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS
|
|||
IsCA: true,
|
||||
}
|
||||
|
||||
if ip := net.ParseIP(host); ip != nil {
|
||||
if ip := netutils.ParseIPSloppy(host); ip != nil {
|
||||
template.IPAddresses = append(template.IPAddresses, ip)
|
||||
} else {
|
||||
template.DNSNames = append(template.DNSNames, host)
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ import (
|
|||
|
||||
"k8s.io/apiserver/pkg/server"
|
||||
"k8s.io/client-go/rest"
|
||||
netutils "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
func TestEmptyMainCert(t *testing.T) {
|
||||
|
|
@ -29,7 +30,7 @@ func TestEmptyMainCert(t *testing.T) {
|
|||
var loopbackClientConfig *rest.Config
|
||||
|
||||
s := (&SecureServingOptions{
|
||||
BindAddress: net.ParseIP("127.0.0.1"),
|
||||
BindAddress: netutils.ParseIPSloppy("127.0.0.1"),
|
||||
}).WithLoopback()
|
||||
ln, err := net.Listen("tcp", "127.0.0.1:0")
|
||||
if err != nil {
|
||||
|
|
|
|||
Loading…
Reference in New Issue