Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-31673

GitHub IDP admission validation does not correctly validate IP

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Minor
    • None
    • 4.9.z
    • kube-apiserver
    • None
    • No
    • False
    • Hide

      None

      Show
      None

    Description

      Description of problem:

           The GitHub IDP admission CR validator does not correctly validate IP addresses. The issue is that when you use some invalid IP address for example 1.1.1.1.1 the kvalidation.IsDNS1123Subdomain matches it as a valid subdomain and the netutils.ParseIPSloppy is not called.

      PTAL https://github.com/openshift/kubernetes/blob/91607f5d750ba4002f87d34a12ae1cfd45b45b81/openshift-kube-apiserver/admission/customresourcevalidation/oauth/helpers.go#L13

       

      Version-Release number of selected component (if applicable):

          afaik all for past 4 years

      How reproducible:

          Create GitHub IDP using invalid IP for example 1.1.1.1.1.1

      Steps to Reproduce:

          1. Create GitHub IDP using invalid IP for example 1.1.1.1.1.1
    2.
    3.

      Actual results:

          Updates oauth with the github idp

      Expected results:

          Throw error that the IP is not valid

      Additional info:

      Attachments

        Activity

          People

            Unassigned Unassigned
            mnecas@redhat.com Martin Necas
            Ke Wang Ke Wang
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: