empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 00:45:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
11,307 Commits 3 Branches 0 Tags 561 MiB
main
Commit Graph

4 Commits

Author SHA1 Message Date
StepSecurity Bot
80335d88d1
[StepSecurity] Apply security best practices (#17811) 2024-03-22 16:19:11 -05:00
Roberto Dip
e8b7ce81dc
don't run SCEP test in parallel to avoid race in dependency (#17457) 
The https://pkg.go.dev/go.mozilla.org/pkcs7 package uses an unguarded
package-level variable:


33d05740a3/ber.go (L19-L21)

This was causing this data race during tests:

```
==================
WARNING: DATA RACE
Read at 0x0000009b89b0 by goroutine 22:
  go.mozilla.org/pkcs7.asn1Structured.EncodeTo()
      /home/runner/go/pkg/mod/go.mozilla.org/pkcs7@v0.0.0-20210826202110-33d05740a352/ber.go:21 +0x56
  go.mozilla.org/pkcs7.(*asn1Structured).EncodeTo()
      <autogenerated>:1 +0xa5
  go.mozilla.org/pkcs7.ber2der()
      /home/runner/go/pkg/mod/go.mozilla.org/pkcs7@v0.0.0-20210826202110-33d05740a352/ber.go:68 +0xdb
  go.mozilla.org/pkcs7.Parse()
      /home/runner/go/pkg/mod/go.mozilla.org/pkcs7@v0.0.0-20210826202110-33d05740a352/pkcs7.go:160 +0x12f
  github.com/fleetdm/fleet/v4/server/mdm/scep/scep.ParsePKIMessage()
      /home/runner/work/fleet/fleet/server/mdm/scep/scep/scep.go:234 +0x1d2
  github.com/fleetdm/fleet/v4/server/mdm/scep/scep_test.testParsePKIMessage()
      /home/runner/work/fleet/fleet/server/mdm/scep/scep/scep_test.go:21 +0x56
  github.com/fleetdm/fleet/v4/server/mdm/scep/scep_test.TestNewCSRRequest.func1()
      /home/runner/work/fleet/fleet/server/mdm/scep/scep/scep_test.go:198 +0x7e5
  testing.tRunner()
      /opt/hostedtoolcache/go/1.21.7/x64/src/testing/testing.go:1595 +0x261
  testing.(*T).Run.func1()
      /opt/hostedtoolcache/go/1.21.7/x64/src/testing/testing.go:1648 +0x44

Previous write at 0x0000009b89b0 by goroutine 23:
  go.mozilla.org/pkcs7.asn1Structured.EncodeTo()
      /home/runner/go/pkg/mod/go.mozilla.org/pkcs7@v0.0.0-20210826202110-33d05740a352/ber.go:21 +0x6e
  go.mozilla.org/pkcs7.(*asn1Structured).EncodeTo()
      <autogenerated>:1 +0xa5
  go.mozilla.org/pkcs7.ber2der()
      /home/runner/go/pkg/mod/go.mozilla.org/pkcs7@v0.0.0-20210826202110-33d05740a352/ber.go:68 +0xdb
  go.mozilla.org/pkcs7.Parse()
      /home/runner/go/pkg/mod/go.mozilla.org/pkcs7@v0.0.0-20210826202110-33d05740a352/pkcs7.go:160 +0x12f
  github.com/fleetdm/fleet/v4/server/mdm/scep/scep.(*PKIMessage).DecryptPKIEnvelope()
      /home/runner/work/fleet/fleet/server/mdm/scep/scep/scep.go:344 +0xde
  github.com/fleetdm/fleet/v4/server/mdm/scep/scep_test.TestNewCSRRequest.func1()
      /home/runner/work/fleet/fleet/server/mdm/scep/scep/scep_test.go:199 +0x7fa
  testing.tRunner()
      /opt/hostedtoolcache/go/1.21.7/x64/src/testing/testing.go:1595 +0x261
  testing.(*T).Run.func1()
      /opt/hostedtoolcache/go/1.21.7/x64/src/testing/testing.go:1648 +0x44

Goroutine 22 (running) created at:
  testing.(*T).Run()
      /opt/hostedtoolcache/go/1.21.7/x64/src/testing/testing.go:1648 +0x845
  github.com/fleetdm/fleet/v4/server/mdm/scep/scep_test.TestNewCSRRequest()
      /home/runner/work/fleet/fleet/server/mdm/scep/scep/scep_test.go:165 +0x3ac
  testing.tRunner()
      /opt/hostedtoolcache/go/1.21.7/x64/src/testing/testing.go:1595 +0x261
  testing.(*T).Run.func1()
      /opt/hostedtoolcache/go/1.21.7/x64/src/testing/testing.go:1648 +0x44

Goroutine 23 (running) created at:
  testing.(*T).Run()
      /opt/hostedtoolcache/go/1.21.7/x64/src/testing/testing.go:1648 +0x845
  github.com/fleetdm/fleet/v4/server/mdm/scep/scep_test.TestNewCSRRequest()
      /home/runner/work/fleet/fleet/server/mdm/scep/scep/scep_test.go:165 +0x3ac
  testing.tRunner()
      /opt/hostedtoolcache/go/1.21.7/x64/src/testing/testing.go:1595 +0x261
  testing.(*T).Run.func1()
      /opt/hostedtoolcache/go/1.21.7/x64/src/testing/testing.go:1648 +0x44
==================
    testing.go:1465: race detected during execution of test
=== NAME  TestNewCSRRequest/KeyEncipherment_not_set_with_NOP_certificates_selector
```
 2024-03-07 12:01:52 -03:00
Roberto Dip
89ae60ddec
fix tests run with -race in server/mdm/scep (#17274) 
scheduled tests, which are run with `-race` are [failing][1], this was
fixed in the `etcd-io/bbolt` fork of the now archived `boltdb/bolt`, for
more details check [this issue][2].

since boltdb is used only for tests, and they're passing after switching
to the fork, this seems like a reasonable way to fix them.

[1]: https://github.com/fleetdm/fleet/actions/runs/8090809417
[2]: https://github.com/etcd-io/bbolt/issues/391

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
 2024-02-29 15:55:15 -03:00
Jahziel Villasana-Espinoza
272ce3187f
feat: move scep dependency inside the monorepo (#16988) 
Following the pattern set up by Martin and Lucas for similar PRs. Can be
reviewed by commits:

1. move scep directory into monorepo
2. update import paths
3. update go.mod, go.sum
4. fix golint errors in scep package
5. skip a failing test that's been broken for a while
6. fix that failing test

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Manual QA for all new/changed functionality

Also verified that our test suite runs the `scep` tests.
 2024-02-22 13:13:46 -05:00