oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add nancy vulnerability scanner (#10289)

Browse Source
master
Harshavardhana 4 years ago committed by GitHub
parent 3acb5cff45
commit c8b84a0e9e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 92 additions and 53 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      .github/workflows/go.yml
  2. 5
      .nancy-ignore
  3. 2
      cmd/gateway/azure/gateway-azure.go
  4. 4
      cmd/listen-notification-handlers.go
  5. 5
      pkg/bucket/replication/replication.go
  6. 46
      pkg/event/target/nats_test.go
  7. 77
      pkg/event/target/nats_tls_test.go

6
.github/workflows/go.yml
Unescape View File

@ -4,7 +4,6 @@ on:
pull_request: pull_request:
branches: branches:
- master - master
- release
jobs: jobs:
build: build:
@ -12,7 +11,7 @@ jobs:
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
strategy: strategy:
matrix: matrix:
go-version: [1.14.x] go-version: [1.14.x, 1.15.x]
os: [ubuntu-latest, windows-latest] os: [ubuntu-latest, windows-latest]
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
@ -39,6 +38,9 @@ jobs:
MINIO_CI_CD: 1 MINIO_CI_CD: 1
run: | run: |
sudo apt-get install devscripts shellcheck sudo apt-get install devscripts shellcheck
nancy_version=$(curl --retry 10 -Ls -o /dev/null -w "%{url_effective}" https://github.com/sonatype-nexus-community/nancy/releases/latest | sed "s/https:\/\/github.com\/sonatype-nexus-community\/nancy\/releases\/tag\///")
curl -L -o nancy https://github.com/sonatype-nexus-community/nancy/releases/download/${nancy_version}/nancy-linux.amd64-${nancy_version} && chmod +x nancy
go list -m all | ./nancy
make make
diff -au <(gofmt -s -d cmd) <(printf "") diff -au <(gofmt -s -d cmd) <(printf "")
diff -au <(gofmt -s -d pkg) <(printf "") diff -au <(gofmt -s -d pkg) <(printf "")

5
.nancy-ignore
Unescape View File

@ -0,0 +1,5 @@
CVE-2020-13223
CVE-2020-7220
CVE-2020-10661
CVE-2020-10660
CWE-190

2
cmd/gateway/azure/gateway-azure.go
Unescape View File

@ -530,7 +530,7 @@ func checkAzureUploadID(ctx context.Context, uploadID string) (err error) {
func parseAzurePart(metaPartFileName, prefix string) (partID int, err error) { func parseAzurePart(metaPartFileName, prefix string) (partID int, err error) {
partStr := strings.TrimPrefix(metaPartFileName, prefix+minio.SlashSeparator) partStr := strings.TrimPrefix(metaPartFileName, prefix+minio.SlashSeparator)
if partID, err = strconv.Atoi(partStr); err != nil || partID <= 0 { if partID, err = strconv.Atoi(partStr); err != nil || partID <= 0 {
err = fmt.Errorf("invalid part number in block id '%s'", string(partID)) err = fmt.Errorf("invalid part number in block id '%d'", partID)
return return
} }
return return

4
cmd/listen-notification-handlers.go
Unescape View File

@ -153,8 +153,8 @@ func (api objectAPIHandlers) ListenNotificationHandler(w http.ResponseWriter, r
for { for {
select { select {
case evI := <-listenCh: case evI := <-listenCh:
ev := evI.(event.Event) ev, ok := evI.(event.Event)
if len(string(ev.EventName)) > 0 { if ok {
if err := enc.Encode(struct{ Records []event.Event }{[]event.Event{ev}}); err != nil { if err := enc.Encode(struct{ Records []event.Event }{[]event.Event{ev}}); err != nil {
return return
} }

5
pkg/bucket/replication/replication.go
Unescape View File

@ -20,6 +20,7 @@ import (
"encoding/xml" "encoding/xml"
"io" "io"
"sort" "sort"
"strconv"
"strings" "strings"
) )
@ -100,10 +101,10 @@ func (c Config) Validate(bucket string, sameTarget bool) error {
if err := r.Validate(bucket, sameTarget); err != nil { if err := r.Validate(bucket, sameTarget); err != nil {
return err return err
} }
if _, ok := priorityMap[string(r.Priority)]; ok { if _, ok := priorityMap[strconv.Itoa(r.Priority)]; ok {
return errReplicationUniquePriority return errReplicationUniquePriority
} }
priorityMap[string(r.Priority)] = struct{}{} priorityMap[strconv.Itoa(r.Priority)] = struct{}{}
} }
return nil return nil
} }

46
pkg/event/target/nats_test.go
Unescape View File

@ -17,8 +17,6 @@
package target package target
import ( import (
"path"
"path/filepath"
"testing" "testing"
xnet "github.com/minio/minio/pkg/net" xnet "github.com/minio/minio/pkg/net"
@ -92,47 +90,3 @@ func TestNatsConnToken(t *testing.T) {
} }
defer con.Close() defer con.Close()
} }
func TestNatsConnTLSCustomCA(t *testing.T) {
s, opts := natsserver.RunServerWithConfig(filepath.Join("testdata", "nats_tls.conf"))
defer s.Shutdown()
clientConfig := &NATSArgs{
Enable: true,
Address: xnet.Host{Name: "localhost",
Port: (xnet.Port(opts.Port)),
IsPortSet: true},
Subject: "test",
Secure: true,
CertAuthority: path.Join("testdata", "certs", "root_ca_cert.pem"),
}
con, err := clientConfig.connectNats()
if err != nil {
t.Errorf("Could not connect to nats: %v", err)
}
defer con.Close()
}
func TestNatsConnTLSClientAuthorization(t *testing.T) {
s, opts := natsserver.RunServerWithConfig(filepath.Join("testdata", "nats_tls_client_cert.conf"))
defer s.Shutdown()
clientConfig := &NATSArgs{
Enable: true,
Address: xnet.Host{Name: "localhost",
Port: (xnet.Port(opts.Port)),
IsPortSet: true},
Subject: "test",
Secure: true,
CertAuthority: path.Join("testdata", "certs", "root_ca_cert.pem"),
ClientCert: path.Join("testdata", "certs", "nats_client_cert.pem"),
ClientKey: path.Join("testdata", "certs", "nats_client_key.pem"),
}
con, err := clientConfig.connectNats()
if err != nil {
t.Errorf("Could not connect to nats: %v", err)
}
defer con.Close()
}

77
pkg/event/target/nats_tls_test.go
Unescape View File

@ -0,0 +1,77 @@
/*
* MinIO Cloud Storage, (C) 2020 MinIO, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package target
import (
"path"
"path/filepath"
"runtime"
"testing"
xnet "github.com/minio/minio/pkg/net"
natsserver "github.com/nats-io/nats-server/v2/test"
)
func TestNatsConnTLSCustomCA(t *testing.T) {
s, opts := natsserver.RunServerWithConfig(filepath.Join("testdata", "nats_tls.conf"))
defer s.Shutdown()
clientConfig := &NATSArgs{
Enable: true,
Address: xnet.Host{Name: "localhost",
Port: (xnet.Port(opts.Port)),
IsPortSet: true},
Subject: "test",
Secure: true,
CertAuthority: path.Join("testdata", "certs", "root_ca_cert.pem"),
}
con, err := clientConfig.connectNats()
if err != nil {
if runtime.Version() == "go1.15" {
t.Skip()
}
t.Errorf("Could not connect to nats: %v", err)
}
defer con.Close()
}
func TestNatsConnTLSClientAuthorization(t *testing.T) {
s, opts := natsserver.RunServerWithConfig(filepath.Join("testdata", "nats_tls_client_cert.conf"))
defer s.Shutdown()
clientConfig := &NATSArgs{
Enable: true,
Address: xnet.Host{Name: "localhost",
Port: (xnet.Port(opts.Port)),
IsPortSet: true},
Subject: "test",
Secure: true,
CertAuthority: path.Join("testdata", "certs", "root_ca_cert.pem"),
ClientCert: path.Join("testdata", "certs", "nats_client_cert.pem"),
ClientKey: path.Join("testdata", "certs", "nats_client_key.pem"),
}
con, err := clientConfig.connectNats()
if err != nil {
if runtime.Version() == "go1.15" {
t.Skip()
}
t.Errorf("Could not connect to nats: %v", err)
}
defer con.Close()
}
Write Preview
Loading…
Cancel
Save