-
Notifications
You must be signed in to change notification settings - Fork 190
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix incorrect use of format strings with the
conditions
package.
Many of the functions in the `conditions` package accept a format string and (optional) arguments, just like `fmt.Printf` and friends. In many places, the code passed an error message as the format string, causing it to be interpreted by the `fmt` package. This leads to issues when the message contains percent signs, e.g. URL-encoded values. Consider the following code: ```go // internal/controller/ocirepository_controller.go revision, err := r.getRevision(ref, opts) if err != nil { e := serror.NewGeneric( fmt.Errorf("failed to determine artifact digest: %w", err), ociv1.OCIPullFailedReason, ) conditions.MarkTrue(obj, sourcev1.FetchFailedCondition, e.Reason, e.Err.Error()) return sreconcile.ResultEmpty, e } ``` Since `getRevision()` includes the URL in the error message and the error message is used as a format string, the resulting condition reads: ``` failed to determine artifact digest: GET https://gitlab.com/jwt/auth?scope=repository%!A(MISSING)fforster%!F(MISSING)<REDACTED>%!F(MISSING)k8s-resource-manifests%!A(MISSING)pull&service=container_registry: DENIED: access forbidden ``` This adds an explicit format string and shortens `e.Error()` and `e.Err.Error()` to `e`, which yields the same output. To the best of my knowledge, Go is safe from format string attacks. I **don't** think this is a security vulnerability, but I'm also not a security expert. Signed-off-by: Florian Forster <[email protected]>
- Loading branch information
Showing
6 changed files
with
93 additions
and
93 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.