search

intelops / kubviz

Visualize Kubernetes & DevSecOps Workflows. Tracks changes/events real-time across your entire K8s clusters, git repos, container registries, SBOM, Vulnerability foot print, etc. , analyzing their effects and providing you with the context you need to troubleshoot efficiently. Get the Observability you need, easily.
Apache License 2.0
40 stars 16 forks source link

Deprecated fix #381

Open Nithunikzz opened 4 months ago

dryrunsecurity[bot] commented 4 months ago

Hi there :wave:, @dryrunsecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Server-Side Request Forgery Analyzer :white_check_mark: 0 findings
Configured Codepaths Analyzer :white_check_mark: 0 findings
IDOR Analyzer :white_check_mark: 0 findings
SQL Injection Analyzer :white_check_mark: 0 findings
Secrets Analyzer :white_check_mark: 0 findings
Authn/Authz Analyzer :grey_exclamation: 10 findings
Sensitive Files Analyzer :white_check_mark: 0 findings

[!Note] :green_circle: Risk threshold not exceeded.

Change Summary (click to expand) The following is a summary of changes in this pull request made by me, your security buddy :robot:. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective. **Summary:** The code changes in this pull request focus on improving the error handling and robustness of the `kubviz` application. The key changes include: 1. Replacing `log.Fatal()` with `log.Println()` in the `CheckErr` function of the `event_metrics_utils.go` file. This change ensures that errors are logged instead of causing the program to terminate, making the application more resilient. 2. Enhancing the `kubePreUpgrade` plugin to better handle deprecated and deleted Kubernetes APIs during the pre-upgrade process. This includes downloading the Kubernetes Swagger file, populating an API map, detecting deprecated and deleted APIs, and publishing the findings to a NATS JetStream context for further processing and monitoring. These changes are positive from an application security perspective, as they improve the overall error handling and robustness of the application, as well as provide better visibility and control over Kubernetes API changes during the pre-upgrade process. This helps reduce the risk of breaking changes and ensures a smoother upgrade experience for users. **Files Changed:** 1. `agent/kubviz/plugins/events/event_metrics_utils.go`: - The `CheckErr` function has been modified to use `log.Println()` instead of `log.Fatal()`, improving error handling and preventing the program from terminating. 2. `agent/kubviz/plugins/kubepreupgrade/kubePreUpgrade.go`: - The code has been enhanced to download the Kubernetes Swagger file, populate an API map, detect deprecated and deleted APIs, and publish the findings to a NATS JetStream context. - The code also handles various errors, permissions issues, and discovers preferred resource names and group-version for the detected APIs. - These changes improve the pre-upgrade process by providing better visibility and control over Kubernetes API changes, reducing the risk of breaking changes during the upgrade.

Powered by DryRun Security