Merged
Conversation
Commit Message: This change adds a NullGuard which will prevent us from sending null strings to output streams to avoid undefined behavior. Signed-off-by: David Schinazi dschinazi@google.com Additional Description: None Risk Level: Low Testing: Local Docs Changes: None Release Notes: None Fixes #15620 Signed-off-by: David Schinazi <dschinazi@google.com>
Adding a deprecated API version annotation to deprecated fields and enum values in proto files. This is part of the work on adding minor/patch versioning work. Risk Level: Low (adding annotation to existing protos). Testing: Added and modified tests for the tooling (in tools/testdata). Signed-off-by: Adi Suissa-Peleg <adip@google.com>
Signed-off-by: qinggniq <livewithblank@gmail.com>
Signed-off-by: chaoqin-li1123 <chaoqinli@google.com>
Signed-off-by: Shikugawa <rei@tetrate.io>
Signed-off-by: Shikugawa <rei@tetrate.io>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
The buffer filter breaks websocket upgrades, so add a note about this. Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
…#15776) Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Fixes #12829 Signed-off-by: Matt Klein <mklein@lyft.com>
Risk Level: n/a (moving files) Part of #12829. Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
… input (#15410) Adds support for a "generic input" extension point that allows specifying inputs that are not dependent on protocol data. Adds an environment variable generic input that allows matching on the value of an environment variable. Signed-off-by: Snow Pettersen <snowp@lyft.com>
We plan to add an OdCdsApiImpl class next to CdsApiImpl. It's config updated callback functionality would be similar to CdsApiImpl's, but with some extra code. To avoid the duplication of code, we move it to a helper class that will be used by both OdCdsApiImpl and CdsApiImpl. Signed-off-by: Krzesimir Nowak <krzesimir@kinvolk.io>
…hooks, support multiple callback hooks. (#15662) Support for multiple ASSERT and ENVOY_BUG callback hooks and location information will implementation of custom mapped stats hooks that break down hits by location. Signed-off-by: Antonio Vicente <avd@google.com>
Adding trace logs to the connectivity grid Risk Level: n/a (adding an accessor to connection pools) Testing: new unit tests Part of #15649 Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.2.1 to 3.5.3. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Sotiris Nanopoulos <sonanopo@microsoft.com>
The scope_ member is passed to subscription_ as a reference, so scope_ should live longer than subscription_, otherwise we risk a use of a dangling reference to scope_ inside subscription_. To make sure that scope_ lives longer than subscription_ order scope_ before subscription_. That way scope_ is constructed before subscription_ and destroyed after it. Signed-off-by: Krzesimir Nowak <krzesimir@kinvolk.io>
When this was added originally this skylib helper didn't exist. Signed-off-by: Keith Smiley <keithbsmiley@gmail.com>
…15699) Signed-off-by: Randy Miller <rmiller14@gmail.com>
Signed-off-by: Snow Pettersen <snowp@lyft.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Asra Ali <asraa@google.com>
Fixes a few issues with the generated Go protobuf code: a) the OT protos are not copied over, which means that their importpath needs to reference a path where it can pull the protos down from. The "logs" importpath was nonsensical and couldn't be resolved b) Bunching several proto packages into one target did not work well with the go package system. This splits the common protos out into its own target so that it can reference a different importpath than the other logs protos Signed-off-by: Snow Pettersen <snowp@lyft.com>
This adds support for resource removal for ECDS, allowing it to work with xDS TTLs. Upon expiry, the configuration is reset back to the null state, which should result in Envoy reverting to the state it would find itself in should the original xDS fetch time o Risk Level: Medium Testing: Updated UTs Docs Changes: n/a Release Notes: n/a Platform Specific Features: n/a Fixes #15336 Signed-off-by: Snow Pettersen <snowp@lyft.com>
Risk Level: Low: doc formatting Testing: n/a Docs Changes: converted text to a diagram Signed-off-by: eric846 <56563761+eric846@users.noreply.github.com>
adds a tool to check that all pip requirements are properly specified for dependabot Fix: #15665 Signed-off-by: Ryan Northey <ryan@synca.io>
Commit message: Reorganize some of the logic from the core filter into a set of classes. This eliminates some duplicate logic, and it also will make it easier to implement some up coming features without so much code duplication. Risk Level: Low Testing: Existing unit and integration tests Signed-off-by: Gregory Brail <gregbrail@google.com>
Risk Level: n/a (not used in prod) Testing: unit tests Docs Changes: n/a Part of #15649 Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Adds support for handling internal redirects for requests that have a body. Signed-off-by: Derek Argueta <darguetap@gmail.com>
Adds a setRoute method into the Filter API, adding setRoute into HCM ActiveStream where it is implemented as a StreamFilterCallbacks for filters to call Adds a DelegatingRoute / DelegatingRouteEntry mechanism to easily create a route that mutates specific properties of an existing route. Signed-off-by: Michael Meng <mmeng@lyft.com>
Previously the HeaderHashMehod only hash the first value of header. This commit aims to hash all the values of header. Signed-off-by: He Jie Xu <hejie.xu@intel.com>
Signed-off-by: Luke Addison <lukeaddison785@gmail.com>
Performance improved ~10% in microbenchmarks (compared to v0.25): Benchmark Diff -------------------------------------------------------------------- WasmSpeedTest_empty -0.1513 WasmSpeedTest_get_current_time -0.0328 WasmSpeedTest_small_string -0.1145 WasmSpeedTest_small_string1000 -0.0697 WasmSpeedTest_small_string_check_compiler -0.1039 WasmSpeedTest_small_string_check_compiler1000 -0.0966 WasmSpeedTest_large_string -0.0623 WasmSpeedTest_large_string1000 -0.0689 WasmSpeedTest_get_property -0.1385 WasmSpeedTest_grpc_service -0.1250 WasmSpeedTest_grpc_service1000 -0.1917 WasmSpeedTest_modify_metadata -0.0297 WasmSpeedTest_modify_metadata1000 -0.0318 WasmSpeedTest_json_serialize -0.0920 WasmSpeedTest_json_deserialize -0.0723 WasmSpeedTest_json_deserialize_empty -0.1481 WasmSpeedTest_convert_to_filter_state -0.1074 Signed-off-by: Piotr Sikora <piotrsikora@google.com>
This pull request is the part of #15485, help reduce the work of review. - refactor the BUILD struct of mysql proxy - replace auth related fields of message from `string` to `vector`, avoid `\0` character leading message to be partial. Commit Message: refactor BUILD struct of mysql proxy Additional Description: Risk Level: Low Testing: N/A Docs Changes: N/A Release Notes: N/A Signed-off-by: qinggniq <livewithblank@gmail.com>
…LAGS (#15580) Signed-off-by: Yuchen Dai <silentdai@gmail.com>
Signed-off-by: Harvey Tuch <htuch@google.com>
- add separate tooling test job in ci - add pytest and a pytest runner - add coverage and cov runner - add pytests for all runners - upload coverage to https://storage.googleapis.com/envoy-pr/15888/tooling/index.html Signed-off-by: Ryan Northey <ryan@synca.io>
Make members of ConnectionAttemptCallbacks private. Move logic for handling connection ready/failue from ConnectionAttemptCallbacks to WrapperCallbacks to avoid accessing private members of other classes. Signed-off-by: Ryan Hamilton rch@google.com Risk Level: low (refactor only) Testing: N/A Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A Signed-off-by: Ryan Hamilton <rch@google.com>
Signed-off-by: Keerthan Ekbote <saiskee@gmail.com>
…on and update codeowners for the same extension (#15903) Signed-off-by: Sunil Narasimhamurthy <sunnrs@amazon.com>
Adding a test for #15826 Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Also fix CPE to point at libcurl rather than curl. Signed-off-by: Harvey Tuch <htuch@google.com>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Use memfiles in the e2e fuzzers when creating bootstrap files. Signed-off-by: Asra Ali <asraa@google.com>
Risk Level: n/a Testing: yes Docs Changes: no Release Notes: no Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
When building locally, I got a clang-tidy error saying that “constructing string from nullptr is undefined behaviour”. Indeed, as far as I can tell, it is. https://groups.google.com/a/isocpp.org/g/std-proposals/c/PGdx39Iy8pg Signed-off-by: Justin Mazzola Paluska <justinmp@google.com>
…5929) That’s why ProtobufWkt exists, after all! Signed-off-by: Justin Mazzola Paluska <justinmp@google.com>
- mop up nohup.out crumb left over from PR 15374 - clean up noop flags from macos build per lizan from PR 15877 Signed-off-by: William A Rowe Jr <wrowe@vmware.com>
Signed-off-by: Tony Allen <tony@allen.gg>
Signed-off-by: Kevin Kelani <kkelani@gmail.com>
…#15951) Signed-off-by: Greg Greenway <ggreenway@apple.com>
Signed-off-by: Keerthan Ekbote <saiskee@gmail.com>
Adds a new filter that makes use of the new matching API to allow specifying a filter configuration to use for specific match results. Once a configuration is selected, the desired filter is created and all callbacks delegated to the specific filter. Risk Level: Low, new filter Testing: IT + UT Docs Changes: Inline proto comments Signed-off-by: Snow Pettersen <snowp@lyft.com>
For some reason struct MemFileInfo only used GUARDED_BY instead of ABSL_GUARDED_BY. Signed-off-by: Justin Mazzola Paluska <justinmp@google.com>
hatappi
pushed a commit
to hatappi/envoy-go-extension
that referenced
this pull request
Nov 15, 2022
This test sends a large number of metadata frames in order to trigger a disconnect. However, it was possible for the disconnect to happen and the connection to be torn down before all the metadata frames had been sent. If that happened, ASAN detected a UAF:
```
==95==ERROR: AddressSanitizer: heap-use-after-free on address 0x60700037e5a0 at pc 0x000004811f9e bp 0x7ffc903af990 sp 0x7ffc903af988
READ of size 8 at 0x60700037e5a0 thread T0
#0 0x4811f9d in Envoy::IntegrationCodecClient::sendMetadata(Envoy::Http::RequestEncoder&, Envoy::Http::MetadataMap) /proc/self/cwd/test/integration/http_integration.cc:168:3
#1 0x46ed711 in Envoy::Http2FloodMitigationTest_RequestMetadata_Test::TestBody() /proc/self/cwd/test/integration/http2_flood_integration_test.cc:1486:20
wangfakang#2 0xd380e64 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
wangfakang#3 0xd348dc2 in testing::Test::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2655:5
wangfakang#4 0xd34a927 in testing::TestInfo::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2832:11
wangfakang#5 0xd34ccc4 in testing::TestSuite::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2986:28
wangfakang#6 0xd36f07a in testing::internal::UnitTestImpl::RunAllTests() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5697:44
wangfakang#7 0xd384e63 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/
gtest.cc:2580:10
wangfakang#8 0xd36dd86 in testing::UnitTest::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5280:10
wangfakang#9 0xa0e53a4 in Envoy::TestRunner::RunTests(int, char**) /proc/self/cwd/external/com_google_googletest/googletest/include/gtest/gtest.h:2485:46
wangfakang#10 0xa0e0af7 in main /proc/self/cwd/test/main.cc:34:10
wangfakang#11 0x7f442ef69082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
wangfakang#12 0x45ed36d in _start (/mnt/ssd/cas/work/1/exec/bazel-out/k8-dbg/bin/test/integration/http2_flood_integration_test.runfiles/envoy/test/integration/http2_flood_integration_test+0x45ed36d)
0x60700037e5a0 is located 48 bytes inside of 80-byte region [0x60700037e570,0x60700037e5c0)
freed by thread T0 here:
#0 0x466f7d2 in free /local/mnt/workspace/bcain_clang_hu-bcain-lv_22036/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3
#1 0x831dde8 in Envoy::Http::CodecClient::ActiveRequest::~ActiveRequest() /proc/self/cwd/./source/common/http/codec_client.h:220:10
wangfakang#2 0x5aa33f9 in std::__1::unique_ptr<Envoy::Event::DeferredDeletable, std::__1::default_delete<Envoy::Event::DeferredDeletable> >::reset(Envoy::Event::DeferredDeletable*) /opt/llvm/bin/../include/c++/v1/__memory/unique_ptr.h:54:5
wangfakang#3 0xa3218e8 in Envoy::Event::DispatcherImpl::clearDeferredDeleteList() /proc/self/cwd/source/common/event/dispatcher_impl.cc:142:21
wangfakang#4 0xa3348df in void std::__1::__invoke_void_return_wrapper<void, true>::__call<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&
, Envoy::Random::RandomGenerator&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&
, std::__1::shared_ptr<Envoy::Buffer::WatermarkFactory> const&)::$_2&>(Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Rand
om::RandomGenerator&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::s
hared_ptr<Envoy::Buffer::WatermarkFactory> const&)::$_2&) /proc/self/cwd/source/common/event/dispatcher_impl.cc:79:30
wangfakang#5 0xa334603 in std::__1::__function::__func<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Random::RandomGenerator&,
Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::shared_ptr<Envoy::Buffe
r::WatermarkFactory> const&)::$_2, std::__1::allocator<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Random::RandomGenera
tor&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::shared_ptr<Envoy:
:Buffer::WatermarkFactory> const&)::$_2>, void ()>::operator()() /opt/llvm/bin/../include/c++/v1/__functional/function.h:180:16
wangfakang#6 0x4897039 in std::__1::__function::__value_func<void ()>::operator()() const /opt/llvm/bin/../include/c++/v1/__functional/function.h:507:16
wangfakang#7 0xa8e6aa4 in Envoy::Event::SchedulableCallbackImpl::SchedulableCallbackImpl(Envoy::CSmartPtr<event_base, &(event_base_free)>&, std::__1::function<void ()>)::$_0::__invoke(int, short, void*) /opt/llvm/bin/../include/c++/v1/__functional/function.h:1184:12
wangfakang#8 0xb557c5e in event_process_active_single_queue /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c:1713:4
wangfakang#9 0xb539252 in event_process_active /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c
wangfakang#10 0xb539252 in event_base_loop /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c:2047:12
wangfakang#11 0xa8e1e3c in Envoy::Event::LibeventScheduler::run(Envoy::Event::Dispatcher::RunType) /proc/self/cwd/source/common/event/libevent_scheduler.cc:60:3
wangfakang#12 0xa32bd94 in Envoy::Event::DispatcherImpl::run(Envoy::Event::Dispatcher::RunType) /proc/self/cwd/source/common/event/dispatcher_impl.cc:299:19
wangfakang#13 0x480faad in Envoy::IntegrationCodecClient::flushWrite() /proc/self/cwd/test/integration/http_integration.cc:100:29
wangfakang#14 0x4811e94 in Envoy::IntegrationCodecClient::sendMetadata(Envoy::Http::RequestEncoder&, Envoy::Http::MetadataMap) /proc/self/cwd/test/integration/http_integration.cc:169:3
wangfakang#15 0x46ed711 in Envoy::Http2FloodMitigationTest_RequestMetadata_Test::TestBody() /proc/self/cwd/test/integration/http2_flood_integration_test.cc:1486:20
wangfakang#16 0xd380e64 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
wangfakang#17 0xd348dc2 in testing::Test::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2655:5
wangfakang#18 0xd34a927 in testing::TestInfo::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2832:11
wangfakang#19 0xd34ccc4 in testing::TestSuite::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2986:28
wangfakang#20 0xd36f07a in testing::internal::UnitTestImpl::RunAllTests() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5697:44
wangfakang#21 0xd384e63 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
wangfakang#22 0xd36dd86 in testing::UnitTest::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5280:10
wangfakang#23 0xa0e53a4 in Envoy::TestRunner::RunTests(int, char**) /proc/self/cwd/external/com_google_googletest/googletest/include/gtest/gtest.h:2485:46
wangfakang#24 0xa0e0af7 in main /proc/self/cwd/test/main.cc:34:10
wangfakang#25 0x7f442ef69082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
```
To fix that, write all metadata frames at once.
Signed-off-by: Benjamin Peterson <benjamin@engflow.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
For an explanation of how to fill out the fields, please see the relevant section
in PULL_REQUESTS.md
Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Deprecated:]
[Optional API Considerations:]