New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for Basic Authentication
to proxyingRegistry
#4263
base: main
Are you sure you want to change the base?
Add support for Basic Authentication
to proxyingRegistry
#4263
Conversation
0c60866
to
a6f5498
Compare
Could someone help me finding out why these CodeQL are triggered? I don't see it. |
a680eee
to
800a567
Compare
Looking at the codeql, you haven't introduced any new issues, the issue already exists in the repo. Because you're editing the code where the issue exists, codeql is flagging this pr. Is there a reason you're renaming the struct? You might get away with it if you don't :) |
Good idea, let's see if it helps 😅 |
|
Signed-off-by: oliver-goetz <o.goetz@sap.com>
f5b476d
to
1e8ea03
Compare
@milosgajdos can you help retesting the above failing check? Can you also help reviewing this PR? Thanks in advance! |
Yeah, I've no idea if these are legit or false positives. These warnings are about logging sensitive data -- I think we "hydrate" context with all kinds of garbage in this project, so I'd have to spend some time and trace/investigate these, but I'm short of time nowadays, so you'll have to wait unless one of 10+ other maintainers have more time |
My guess here is that the app struct embeds the context instead of using it as a field, so the context/app are mingled. As app contains sensitive data, CodeQL assumes the context does too. Having a look at breaking it into a field to see if it cleans up the codeql errors. Edit: Nope, not that. |
This PR adds support for
Basic Authentication
to registry proxy.Before it supported Bearer tokens only. However, basic auth was already almost implemented as there was already an appropriate
AuthenticationHandler
used to obtain Bearer tokens.Fixes #3153