k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/hack/verify-netparse-cve.sh

k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/hack/verify-netparse-cve.sh (about)

     1  #!/usr/bin/env bash
     2  
     3  # Copyright 2021 The Kubernetes Authors.
     4  #
     5  # Licensed under the Apache License, Version 2.0 (the "License");
     6  # you may not use this file except in compliance with the License.
     7  # You may obtain a copy of the License at
     8  #
     9  #     http://www.apache.org/licenses/LICENSE-2.0
    10  #
    11  # Unless required by applicable law or agreed to in writing, software
    12  # distributed under the License is distributed on an "AS IS" BASIS,
    13  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14  # See the License for the specific language governing permissions and
    15  # limitations under the License.
    16  
    17  # This script checks if the "net" stdlib IP and CIDR parsers are used
    18  # instead of the ones forked in k8s.io/utils/net to parse IP addresses
    19  # because of the compatibility break introduced in golang 1.17
    20  # Reference: #100895
    21  # Usage: `hack/verify-netparse-cve.sh`.
    22  
    23  set -o errexit
    24  set -o nounset
    25  set -o pipefail
    26  
    27  KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
    28  source "${KUBE_ROOT}/hack/lib/init.sh"
    29  
    30  cd "${KUBE_ROOT}"
    31  
    32  rc=0
    33  
    34  find_files() {
    35    find . -not \( \
    36        \( \
    37          -wholename './.git' \
    38          -o -wholename './_output' \
    39          -o -wholename './release' \
    40          -o -wholename './target' \
    41          -o -wholename '*/third_party/*' \
    42          -o -wholename '*/vendor/*' \
    43        \) -prune \
    44      \) -name '*.go'
    45  }
    46  
    47  # find files using net.ParseIP()
    48  netparseip_matches=$(find_files | xargs grep -nE "net.ParseIP\(.*\)" 2>/dev/null) || true
    49  if [[ -n "${netparseip_matches}" ]]; then
    50    echo "net.ParseIP reject leading zeros in the dot-decimal notation of IPv4 addresses since golang 1.17:" >&2
    51    echo "${netparseip_matches}" >&2
    52    echo >&2
    53    echo "Use k8s.io/utils/net ParseIPSloppy() to parse IP addresses. Kubernetes #100895" >&2
    54    echo >&2
    55    echo "Run ./hack/update-netparse-cve.sh" >&2
    56    echo >&2
    57    rc=1
    58  fi
    59  
    60  # find files using net.ParseCIDR()
    61  netparsecidrs_matches=$(find_files | xargs grep -nE "net.ParseCIDR\(.*\)" 2>/dev/null) || true
    62  if [[ -n "${netparsecidrs_matches}" ]]; then
    63    echo "net.ParseCIDR reject leading zeros in the dot-decimal notation of IPv4 addresses since golang 1.17:" >&2
    64    echo "${netparsecidrs_matches}" >&2
    65    echo >&2
    66    echo "Use k8s.io/utils/net ParseCIDRSloppy() to parse network CIDRs. Kubernetes #100895" >&2
    67    echo >&2
    68    echo "Run ./hack/update-netparse-cve.sh" >&2
    69    echo >&2
    70    rc=1
    71  fi
    72  
    73  exit $rc