Skip to content

Bug 1859331: manifests/07-downloads-deployment: Create index.html #457

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 26, 2020
Merged

Bug 1859331: manifests/07-downloads-deployment: Create index.html #457

merged 1 commit into from
Aug 26, 2020

Conversation

wking
Copy link
Member

@wking wking commented Aug 14, 2020
edited
Loading

Conservative, filesystem-based web servers should avoid dynamic directory listing, to avoid accidentally leaking a file that a user drops into the served filesystem. It seems like an unlikely vector for the downloads container, where nobody outside of our script is likely to be dropping files. But it is easy enough to fix by filling in index.html files throughout, which preempt SimpleHTTPRequestHandler's directory listing.

@wking wking changed the title manifests/07-downloads-deployment: Create index.html Bug 1859331: manifests/07-downloads-deployment: Create index.html Aug 14, 2020
@openshift-ci-robot openshift-ci-robot added the bugzilla/severity-low Referenced Bugzilla bug's severity is low for the branch this PR is targeting. label Aug 14, 2020
@openshift-ci-robot
Copy link
Contributor

@wking: This pull request references Bugzilla bug 1859331, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.6.0) matches configured target release for branch (4.6.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1859331: manifests/07-downloads-deployment: Create index.html

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label Aug 14, 2020
@wking wking force-pushed the downloads-directory-listing branch from c932f56 to affd465 Compare August 14, 2020 22:09
@openshift-ci-robot
Copy link
Contributor

@wking: This pull request references Bugzilla bug 1859331, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.6.0) matches configured target release for branch (4.6.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1859331: manifests/07-downloads-deployment: Create index.html

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

jhadvig
jhadvig approved these changes Aug 17, 2020
View reviewed changes
Copy link
Member

@jhadvig jhadvig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @wking for this fix 👍

/lgtm

@openshift-ci-robot openshift-ci-robot added lgtm Indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Aug 17, 2020
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

17 similar comments
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

3 similar comments
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@spadgett
Copy link
Member

/hold

This seems to be consistently failing with

[sig-arch] Managed cluster should have no crashlooping pods in core namespaces over four minutes [Suite:openshift/conformance/parallel] expand_more

@openshift-ci-robot openshift-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 20, 2020
@wking
manifests/07-downloads-deployment: Create index.html
e192af5 
Conservative, filesystem-based web servers should avoid dynamic
directory listing, to avoid accidentally leaking a file that a user
drops into the served filesystem [1,2].  It seems like an unlikely
vector for the downloads container, where nobody outside of our script
is likely to be dropping files.  But it is easy enough to fix by
filling in index.html files throughout, which preempt
SimpleHTTPRequestHandler's directory listing [3,4].

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1859331
[2]: https://cwe.mitre.org/data/definitions/548.html
[3]: https://docs.python.org/2.7/library/simplehttpserver.html#SimpleHTTPServer.SimpleHTTPRequestHandler.do_GET
[4]: https://github.com/python/cpython/blob/e7c98f08e228e9f6e139d61e3e5d0a5018a38f0b/Lib/http/server.py#L757-L758
@wking wking force-pushed the downloads-directory-listing branch from affd465 to e192af5 Compare August 20, 2020 19:56
@openshift-ci-robot openshift-ci-robot removed the lgtm Indicates that a PR is ready to be merged. label Aug 20, 2020
@wking
Copy link
Member Author

wking commented Aug 20, 2020

Ah, thanks. The few I'd spot checked had died in install or other unrelated flakes, but this job has the crashlooping downloads pod with a syntax error. Fixed a missing close-paren with affd465 -> e192af5.

@wking
Copy link
Member Author

wking commented Aug 20, 2020

unit:

   * failed to generate steps from config: unable to create end to end test step: the embedded template is invalid: error converting YAML to JSON: yaml: line 155: found a tab character where an indentation space is expected
time="2020-08-20T19:57:14Z" level=info msg="Reporting job state 'failed' with reason 'defaulting_config'"

Dunno what that's about.

@wking
Copy link
Member Author

wking commented Aug 20, 2020

openshift/ci-tools#1135 will fix CI. I expect the retest bot will be around to kick us once that is live.

@spadgett
Copy link
Member

/hold cancel

@openshift-ci-robot openshift-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 20, 2020
@wking
Copy link
Member Author

wking commented Aug 21, 2020

/retest

1 similar comment
@wking
Copy link
Member Author

wking commented Aug 21, 2020

/retest

@jhadvig
Copy link
Member

jhadvig commented Aug 24, 2020

/test e2e-gcp-upgrade

1 similar comment
@jhadvig
Copy link
Member

jhadvig commented Aug 25, 2020

/test e2e-gcp-upgrade

jhadvig
jhadvig approved these changes Aug 25, 2020
View reviewed changes
Copy link
Member

@jhadvig jhadvig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Aug 25, 2020
@openshift-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jhadvig, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

3 similar comments
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-merge-robot openshift-merge-robot merged commit 93cd487 into openshift:master Aug 26, 2020
@openshift-ci-robot
Copy link
Contributor

@wking: All pull requests linked via external trackers have merged:

Bugzilla bug 1859331 has been moved to the MODIFIED state.

In response to this:

Bug 1859331: manifests/07-downloads-deployment: Create index.html

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jhadvig
Copy link
Member

jhadvig commented Aug 26, 2020

/test e2e-gcp-upgrade

@wking wking deleted the downloads-directory-listing branch August 26, 2020 13:51
@openshift-ci-robot openshift-ci-robot mentioned this pull request Aug 31, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhadvig jhadvig jhadvig approved these changes

@spadgett spadgett Awaiting requested review from spadgett

Assignees

@jhadvig jhadvig

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/severity-low Referenced Bugzilla bug's severity is low for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@wking @openshift-ci-robot @openshift-bot @spadgett @jhadvig @openshift-merge-robot