remove usage of dynamic GitHub actions variable#22725
Conversation
github-actions
bot
added
type/ci
sanikachavan5
added
pr/no-changelog
dduzgun-security
changed the title
| # See https://securitylab.github.com/research/github-actions-untrusted-input/ | ||
| COMMIT_MESSAGE_FULL: ${{ github.event.head_commit.message }} | ||
| # Capturing workflow name in env var to prevent shell injection | ||
| WORKFLOW_NAME: ${{ github.workflow }} |
There was a problem hiding this comment.
Nice, having that as en env sanitizes the value.
dduzgun-security
left a comment
dduzgun-security
left a comment
There was a problem hiding this comment.
LGTM, thank you for working on it.
hc-github-team-consul-core
added
the
backport/1.21
use hardcoded names for preventing attacks
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
12 similar comments
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
4 similar comments
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
* add timeouts to prevent slowloris attacks * rename * fix tests * fix test * fix failing test * add docs and tests * lint issues * Added support for IPv6 virtual IP offset calculation and validation. (#22741) * - Added support for IPv6 virtual IP offset calculation and validation. - Upgraded `github.com/miekg/dns` dependency to v1.1.68. - Included `BindAddr` in agent endpoint and enabled binding logic in IP offset calculations. - Updated `go.mod` and `go.sum` to reflect dependency changes. * Refactored `addIPOffset` to utilize `BindAddr` and introduced `getAgentBindAddr` for improved binding logic and IP offset calculation. Added utility function isDualStack * Executed go mod tidy * Refactored network utilities into `netutil` package and updated `catalog.go` to use new functions for improved modularity and clarity. Removed duplicate implementations of `GetAgentConfig` and `isDualStack`. * Added comprehensive unit tests for `netutil` package covering `GetAgentConfig`, `GetAgentBindAddr`, and `IsDualStack`. Refactored functions to support mocking for improved testability. * only retaining utility function changes. * added changelog * Latest Envoy version update - default v1.34.7 (#22735) * docs: Additional entries for versioned redirects (#22694) * "Get started" section redirects * deploy & secure * Consul operations complete * register & discover * Finish service networking * Enterprise, Runtimes, and Plugins sections * Reference docs * added BinAddr field in agent/self API response (#22761) * PKCE and Adding private key JWT support for OIDC (#22732) * Adding private key JWT support for OIDC * Submodules Version upgrade (#22776) * [CSL-11760] [Envoy Bootstrap] Defaults to IPv6 for admin-bind and grpc-addr in dual stack if its empty (#22763) * add: func to check dual-stack configuration * add: testcases for dual-stack of admin-bind and grpc adrr * envoy: admin-bind and grpc-addr dual-stack defaults to ipv6 * fix(review comment): creates a constant for loopback address * add: debug log to verify recieved isDualStack value * add: changelog file added * update: changelog file * fix: correct format specifier * fix(review): make constant for default envoy admin port * Update .changelog/22763.txt Co-authored-by: Sreeram Narayanan <sreeram.narayanan@hashicorp.com> * fix: TestAgent_Monitor flaky test --------- Co-authored-by: Sreeram Narayanan <sreeram.narayanan@hashicorp.com> * update: default upstream.local_bind_address to ::1 for IPv6 agent bind address (#22773) * update: default upstream.local_bind_address to ::1 for IPv6 agent bind addr * add: changelog --------- Co-authored-by: Mukul Anand <mukul.anand@hashicorp.com> * update: set proxy.local_service_address to ::1 for IPv6 agent bind addr (#22772) * update: set proxy.local_service_address to ::1 for IPv6 agent bind addr * add: changelog --------- Co-authored-by: Mukul Anand <mukul.anand@hashicorp.com> * update: default proxy BindAddress to :: for IPv6 agent bind addr (#22774) * update: default proxy BindAddress to :: for IPv6 agent bind addr * add: changelog * fixing conflicts --------- Co-authored-by: Mukul Anand <mukul.anand@hashicorp.com> * Consul ENT default version change #22783 (#22784) * [Bugfix]: suppress lacks token permission while checking dual stack (#22788) fix: suppress lacks token permission while checking dual stack * updated redhat image to latest (#22794) * Suppress CVEs (#22801) * redhat version revert (#22806) redhat image version revert to 9.6 * Suppress CVE-2025-6395 (#22808) * fix path cleaning of proxied urls (#22671) * fix path cleaning of proxied urls * add changelog * added more tests * add tests and address review comments * address review changes * remove usage of dynamic GitHub actions variable (#22725) use hardcoded names for preventing attacks * Multi Port Service Discovery (#22769) 1. Support for registering a service with multiple named ports 2. The named ports can be used in DNS queries to discover ports based on usecase * add timeouts to prevent slowloris attacks * Delete .changelog/22625.txt * doc changes * run codegen * simplify error handling * test: add long-running profile and trace tests for pprof handlers * changelog: update security note to clarify HTTP server timeout configurations against Slowloris attacks test: remove short test skip for HTTP server timeout tests --------- Co-authored-by: nitin-sachdev-29 <nitin.sachdev@hashicorp.com> Co-authored-by: LakshmiNarayananDesikan <lakshminarayanan.desikan@hashicorp.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: mansi991999 <mansi.panchal@hashicorp.com> Co-authored-by: anilvpatel <anilkumarvinodbhai.patel@hashicorp.com> Co-authored-by: Sreeram Narayanan <sreeram.narayanan@hashicorp.com> Co-authored-by: Mukul Anand <mukul.anand@hashicorp.com> Co-authored-by: Manisha Kumari <manisha.kumari@hashicorp.com> Co-authored-by: Sriram R <sriramr083@gmail.com>
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
23 similar comments
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
|
📣 Hi @sanikachavan5! a backport is missing for this PR [22725] for versions [1.18,1.19,1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
4 participants
Description
use hardcoded names for preventing attacks
Testing & Reproduction steps
Links
PR Checklist
PCI review checklist
I have documented a clear reason for, and description of, the change I am making.
If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.
If applicable, I've documented the impact of any changes to security controls.
Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.