Skip to content

Fix initial release#17

Merged
ArangoGutierrez merged 1 commit intomainfrom
containerdversion
Feb 20, 2024
Merged

Fix initial release#17
ArangoGutierrez merged 1 commit intomainfrom
containerdversion

Conversation

@ArangoGutierrez
Copy link
Collaborator

@ArangoGutierrez ArangoGutierrez commented Feb 20, 2024

No description provided.

@ArangoGutierrez
Fix initial release
5374d68 
Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
@ArangoGutierrez ArangoGutierrez self-assigned this Feb 20, 2024
@ArangoGutierrez ArangoGutierrez merged commit 7ffaf5e into main Feb 20, 2024
@ArangoGutierrez ArangoGutierrez deleted the containerdversion branch February 20, 2024 17:08
ArangoGutierrez added a commit to ArangoGutierrez/holodeck that referenced this pull request Feb 12, 2026
@ArangoGutierrez
fix(security): validate node labels and IPs before shell interpolation
e678746 
User-controlled label keys/values from YAML config were directly
interpolated into kubectl commands via fmt.Sprintf, enabling command
injection. Add label validation against Kubernetes label pattern.
Also validate PrivateIP with net.ParseIP before grep interpolation.

Audit findings NVIDIA#17 (MEDIUM), NVIDIA#18 (MEDIUM).

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
@ArangoGutierrez ArangoGutierrez mentioned this pull request Feb 12, 2026
Merged
3 tasks
ArangoGutierrez added a commit that referenced this pull request Feb 13, 2026
@ArangoGutierrez
fix(security): validate node labels and IPs before shell interpolation (
dd99942 
#656)

User-controlled label keys/values from YAML config were directly
interpolated into kubectl commands via fmt.Sprintf, enabling command
injection. Add label validation against Kubernetes label pattern.
Also validate PrivateIP with net.ParseIP before grep interpolation.

Audit findings #17 (MEDIUM), #18 (MEDIUM).

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@ArangoGutierrez ArangoGutierrez

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ArangoGutierrez