Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hubble: fix parsing of invalid HTTP URLs #31100

Merged
merged 4 commits into from Mar 5, 2024
Merged

hubble: fix parsing of invalid HTTP URLs #31100

merged 4 commits into from Mar 5, 2024

Conversation

kaworu
Copy link
Member

@kaworu kaworu commented Mar 1, 2024
edited

Fix #31071, easier to review commit by commit as there is a couple of cosmetic renaming / moving commits.

Selecting for v1.15 backport as the original report was based on v1.15.1. v1.14 is unaffected because we're checking for nil, and v1.13 didn't attempt to clone the accesslog URL before mutating it.

@kaworu
hubble: move TestDecodeL7HTTPRequestRemoveUrlQuery with related Hubbl…
67ba2f1 
…e redact test functions

Signed-off-by: Alexandre Perrin <alex@isovalent.com>
@kaworu
hubble: rename url local variable to uri to avoid confusion with net/url
f634c0d 
Signed-off-by: Alexandre Perrin <alex@isovalent.com>
@kaworu
hubble: fix http parsing when given invalid URL
05d5e02 
Before this patch, Hubble could cause a Cilium agent panic when
attempting to decode invalid URLs.

See cilium#31071

Signed-off-by: Alexandre Perrin <alex@isovalent.com>
@kaworu
hubble: gracefully handle parsing nil HTTP url
22701b3 
Before this patch, Hubble would panic when attempting to parse a
accesslog.LogRecordHTTP with a nil URL. While filterURL was handling the
nil case, the following caller codepath would unconditionally call
String() on the URL, potentially causing a panic.

This patch improves Hubble robustness and clarify the role of the
filterURL (renamed filteredURL) to always return an URL such as calling
String() on it is safe.

Signed-off-by: Alexandre Perrin <alex@isovalent.com>
@kaworu kaworu added kind/bug This is a bug in the Cilium logic. release-note/bug This PR fixes an issue in a previous release of Cilium. sig/hubble Impacts hubble server or relay needs-backport/1.15 This PR / issue needs backporting to the v1.15 branch labels Mar 1, 2024
@kaworu kaworu self-assigned this Mar 1, 2024
@kaworu kaworu requested a review from a team as a code owner March 1, 2024 16:26
@kaworu kaworu requested a review from chancez March 1, 2024 16:26
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from main in 1.15.2 Mar 1, 2024
sayboras
sayboras approved these changes Mar 4, 2024
View reviewed changes
Copy link
Member

@sayboras sayboras left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks and lgtm ✔️

@sayboras
Copy link
Member

sayboras commented Mar 4, 2024

/test

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Mar 5, 2024
@sayboras sayboras added this pull request to the merge queue Mar 5, 2024
Merged via the queue into cilium:main with commit 0bd59b2 Mar 5, 2024
61 of 63 checks passed
@pippolo84 pippolo84 mentioned this pull request Mar 5, 2024
Merged
13 tasks
@pippolo84 pippolo84 added backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. and removed needs-backport/1.15 This PR / issue needs backporting to the v1.15 branch labels Mar 5, 2024
@github-actions github-actions bot added backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. and removed backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. labels Mar 11, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot removed this from Needs backport from main in 1.15.2 Mar 11, 2024
@jrajahalme jrajahalme mentioned this pull request Mar 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chancez chancez chancez approved these changes

@sayboras sayboras sayboras approved these changes

Assignees

@kaworu kaworu

Labels
backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. kind/bug This is a bug in the Cilium logic. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium. sig/hubble Impacts hubble server or relay
Projects
None yet
Milestone
No milestone
4 participants
@kaworu @sayboras @chancez @pippolo84