RedHatDemos / SecurityDemos

181 stars 189 forks source link

Lab 4 - Following bonus steps to fix vulnerability results in failed pipeline #455

Open alexkrohg64 opened 2 years ago

alexkrohg64 commented 2 years ago

After following these steps to fix the s2i task, the pipeline now fails at the "wait-application" step. The output contains a Go segmentation violation. I was unable to proceed to the pentest and performance testing sections of the lab.

NOTE: the screenshot and attached log file are from different iterations encountering the same error.

The log for 'wait-application' stage is attached, and this shows the error from the console: image wait-application.log

alexkrohg64 commented 2 years ago

I cannot tell if this error is only because I tried the bonus steps to fix the CVE, or if it would have happened anyway with using the ACS policy exemption. I do not how to undo the re-creation of the s2i task, so cannot confirm.

rcarrata commented 2 years ago

hi @bakebossdev, thanks for raising this error. Let me try to reproduce it in one of our clusters and I'll update asap. Meanwhile, you can rerun the pipeline because seems to be a race condition in OpenShift GitOps / ArgoCD to me.

lkerner commented 2 years ago

@rcarrata any update on this? @dzilbermanvmw @piggyvenus can you guys also take a look? Thanks

rcarrata commented 2 years ago

@lkerner is fixed in https://github.com/rcarrata/devsecops-demo/issues/54, I need to push from upstream to the lab4 in agnosticd. This week (hopefully) I'll have time to adjust the lab4 and include some fixes around this.