sig-security icon indicating copy to clipboard operation
sig-security copied to clipboard

Published 20 hours ago verified publisher icon kubernetes

Bug: Unbound variable in vulnerability scanning script

Open PushkarJ opened this issue 2 years ago • 6 comments

Job run: https://storage.googleapis.com/kubernetes-jenkins/logs/ci-kubernetes-snyk-master/1643706990876168192/build-log.txt

/bin/bash: line 30: null: unbound variable

Fix needs to happen where TOTAL_COUNT variable is set as null when curl command returns this error:

{"message":"API rate limit exceeded for 98.37.153.210. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)","documentation_url":"https://docs.github.com/rest/overview/resources-in-the-rest-api#rate-limiting"}

We need to check if the variable is "null" and then fail the job if it is since that means we are unable to filter out vulnerabilities that we can.

Something like this would work (optional improvements for redundant code are welcome too):

                  if [ $TOTAL_COUNT == "null" ]; then
                      echo "Vulnerability filtering failed"
                      exit 1
                  else
                    if [[ $TOTAL_COUNT -eq 0 ]]; then
                      echo "Vulnerability filtering failed"
                      exit 1
                    fi
                  fi

/sig security testing k8s-infra /kind bug

PushkarJ avatar Apr 06 '23 00:04 PushkarJ

/help

pacoxu avatar Apr 27 '23 07:04 pacoxu

@pacoxu: This request has been marked as needing help from a contributor.

Guidelines

Please ensure that the issue body includes answers to the following questions:

  • Why are we solving this issue?
  • To address this issue, are there any code changes? If there are code changes, what needs to be done in the code and what places can the assignee treat as reference points?
  • Does this issue have zero to low barrier of entry?
  • How can the assignee reach out to you for help?

For more details on the requirements of such an issue, please see here and ensure that they are met.

If this request no longer meets these requirements, the label can be removed by commenting with the /remove-help command.

In response to this:

/help

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Apr 27 '23 07:04 k8s-ci-robot

/assign

carlory avatar Apr 27 '23 08:04 carlory

@carlory hope you're well. Are you still working on this or need any help from me?

PushkarJ avatar Jun 07 '23 15:06 PushkarJ

Sorry for the delay. I'll do it this week.

carlory avatar Jun 07 '23 16:06 carlory

The chances of this recurring are greatly reduced thanks to https://github.com/kubernetes/test-infra/pull/31076

PushkarJ avatar Nov 22 '23 00:11 PushkarJ

Since there have been no newer failures because of this bug, it seems this would be okay to close for now. If anyone still wants to work on this, please open a PR with a fix and reopen this issue again so that it is resolved by the PR.

PushkarJ avatar May 19 '24 18:05 PushkarJ