Text file src/k8s.io/kubernetes/hack/verify-netparse-cve.sh

Documentation: k8s.io/kubernetes/hack

     1#!/usr/bin/env bash
     2
     3# Copyright 2021 The Kubernetes Authors.
     4#
     5# Licensed under the Apache License, Version 2.0 (the "License");
     6# you may not use this file except in compliance with the License.
     7# You may obtain a copy of the License at
     8#
     9#     http://www.apache.org/licenses/LICENSE-2.0
    10#
    11# Unless required by applicable law or agreed to in writing, software
    12# distributed under the License is distributed on an "AS IS" BASIS,
    13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14# See the License for the specific language governing permissions and
    15# limitations under the License.
    16
    17# This script checks if the "net" stdlib IP and CIDR parsers are used
    18# instead of the ones forked in k8s.io/utils/net to parse IP addresses
    19# because of the compatibility break introduced in golang 1.17
    20# Reference: #100895
    21# Usage: `hack/verify-netparse-cve.sh`.
    22
    23set -o errexit
    24set -o nounset
    25set -o pipefail
    26
    27KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
    28source "${KUBE_ROOT}/hack/lib/init.sh"
    29
    30cd "${KUBE_ROOT}"
    31
    32rc=0
    33
    34find_files() {
    35  find . -not \( \
    36      \( \
    37        -wholename './.git' \
    38        -o -wholename './_output' \
    39        -o -wholename './release' \
    40        -o -wholename './target' \
    41        -o -wholename '*/third_party/*' \
    42        -o -wholename '*/vendor/*' \
    43      \) -prune \
    44    \) -name '*.go'
    45}
    46
    47# find files using net.ParseIP()
    48netparseip_matches=$(find_files | xargs grep -nE "net.ParseIP\(.*\)" 2>/dev/null) || true
    49if [[ -n "${netparseip_matches}" ]]; then
    50  echo "net.ParseIP reject leading zeros in the dot-decimal notation of IPv4 addresses since golang 1.17:" >&2
    51  echo "${netparseip_matches}" >&2
    52  echo >&2
    53  echo "Use k8s.io/utils/net ParseIPSloppy() to parse IP addresses. Kubernetes #100895" >&2
    54  echo >&2
    55  echo "Run ./hack/update-netparse-cve.sh" >&2
    56  echo >&2
    57  rc=1
    58fi
    59
    60# find files using net.ParseCIDR()
    61netparsecidrs_matches=$(find_files | xargs grep -nE "net.ParseCIDR\(.*\)" 2>/dev/null) || true
    62if [[ -n "${netparsecidrs_matches}" ]]; then
    63  echo "net.ParseCIDR reject leading zeros in the dot-decimal notation of IPv4 addresses since golang 1.17:" >&2
    64  echo "${netparsecidrs_matches}" >&2
    65  echo >&2
    66  echo "Use k8s.io/utils/net ParseCIDRSloppy() to parse network CIDRs. Kubernetes #100895" >&2
    67  echo >&2
    68  echo "Run ./hack/update-netparse-cve.sh" >&2
    69  echo >&2
    70  rc=1
    71fi
    72
    73exit $rc

View as plain text