diff --git a/cmd/argocd/commands/admin/app.go b/cmd/argocd/commands/admin/app.go index a4f4557858a22..fbceb436f8609 100644 --- a/cmd/argocd/commands/admin/app.go +++ b/cmd/argocd/commands/admin/app.go @@ -45,16 +45,6 @@ func NewAppCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var command = &cobra.Command{ Use: "app", Short: "Manage applications configuration", - Example: ` -# Compare results of two reconciliations and print diff -argocd admin app diff-reconcile-results APPNAME [flags] - -# Generate declarative config for an application -argocd admin app generate-spec APPNAME - -# Reconcile all applications and store reconciliation summary in the specified file -argocd admin app get-reconcile-results APPNAME -`, Run: func(c *cobra.Command, args []string) { c.HelpFunc()(c, args) }, diff --git a/cmd/argocd/commands/admin/cluster.go b/cmd/argocd/commands/admin/cluster.go index a72aaebc201a0..ef83746e5204c 100644 --- a/cmd/argocd/commands/admin/cluster.go +++ b/cmd/argocd/commands/admin/cluster.go @@ -44,6 +44,15 @@ func NewClusterCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clientc var command = &cobra.Command{ Use: "cluster", Short: "Manage clusters configuration", + Example: ` +# Authenticate with a Token +argocd admin cluster --auth-token YOUR_AUTH_TOKEN + +# Use a Custom Client Certificate and Key +argocd admin cluster --client-crt /path/to/client.crt --client-crt-key /path/to/client.key + +# Set Logging Format and Level +argocd admin cluster --logformat json --loglevel debug`, Run: func(c *cobra.Command, args []string) { c.HelpFunc()(c, args) }, @@ -448,6 +457,21 @@ func NewClusterStatsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comma var command = cobra.Command{ Use: "stats", Short: "Prints information cluster statistics and inferred shard number", + Example: ` +#Display Cluster Statistics for the Default Cluster +argocd admin cluster stats + +#Display Cluster Statistics for a Specific Cluster Context +argocd admin cluster stats --context=my-cluster-context + +#Display Cluster Statistics for a Cluster with Custom Configuration (Kubeconfig Path) +argocd admin cluster stats --kubeconfig=/path/to/custom/kubeconfig.yaml + +#Display Cluster Statistics with a Custom Request Timeout +argocd admin cluster stats --request-timeout=5s + +#Display Cluster Statistics for a Specific Shard +argocd admin cluster stats --shard=1`, Run: func(cmd *cobra.Command, args []string) { ctx := cmd.Context() @@ -492,6 +516,18 @@ func NewClusterConfig() *cobra.Command { Use: "kubeconfig CLUSTER_URL OUTPUT_PATH", Short: "Generates kubeconfig for the specified cluster", DisableAutoGenTag: true, + Example: ` +#Generate a Kubeconfig for a Cluster and Save it to a File +argocd admin cluster kubeconfig https://cluster-api-url:6443 /path/to/output/kubeconfig.yaml + +#Generate a Kubeconfig with a Custom Cluster Name: +argocd admin cluster kubeconfig https://cluster-api-url:6443 /path/to/output/kubeconfig.yaml --cluster=my-cluster + +#Generate a Kubeconfig for a Cluster with TLS Verification Disabled +argocd admin cluster kubeconfig https://cluster-api-url:6443 /path/to/output/kubeconfig.yaml --insecure-skip-tls-verify + +#Generate a Kubeconfig with a Custom Namespace Scope +argocd admin cluster kubeconfig https://cluster-api-url:6443 /path/to/output/kubeconfig.yaml -n my-namespace`, Run: func(c *cobra.Command, args []string) { ctx := c.Context() diff --git a/cmd/argocd/commands/app_resources.go b/cmd/argocd/commands/app_resources.go index 4cffb706ff1bc..e48465c7e4693 100644 --- a/cmd/argocd/commands/app_resources.go +++ b/cmd/argocd/commands/app_resources.go @@ -3,7 +3,6 @@ package commands import ( "fmt" "os" - "text/tabwriter" "github.com/argoproj/argo-cd/v2/cmd/util" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -19,6 +18,8 @@ import ( "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/errors" argoio "github.com/argoproj/argo-cd/v2/util/io" + + "text/tabwriter" ) func NewApplicationPatchResourceCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { @@ -29,7 +30,6 @@ func NewApplicationPatchResourceCommand(clientOpts *argocdclient.ClientOptions) var kind string var group string var all bool - var project string command := &cobra.Command{ Use: "patch-resource APPNAME", Short: "Patch resource in an application", @@ -46,7 +46,6 @@ func NewApplicationPatchResourceCommand(clientOpts *argocdclient.ClientOptions) command.Flags().StringVar(&group, "group", "", "Group") command.Flags().StringVar(&namespace, "namespace", "", "Namespace") command.Flags().BoolVar(&all, "all", false, "Indicates whether to patch multiple matching of resources") - command.Flags().StringVar(&project, "project", "", `The name of the application's project - specifying this allows the command to report "not found" instead of "permission denied" if the app does not exist`) command.Run = func(c *cobra.Command, args []string) { ctx := c.Context() @@ -78,7 +77,6 @@ func NewApplicationPatchResourceCommand(clientOpts *argocdclient.ClientOptions) Kind: pointer.String(gvk.Kind), Patch: pointer.String(patch), PatchType: pointer.String(patchType), - Project: pointer.String(project), }) errors.CheckError(err) log.Infof("Resource '%s' patched", obj.GetName()) @@ -96,7 +94,6 @@ func NewApplicationDeleteResourceCommand(clientOpts *argocdclient.ClientOptions) var force bool var orphan bool var all bool - var project string command := &cobra.Command{ Use: "delete-resource APPNAME", Short: "Delete resource in an application", @@ -111,7 +108,6 @@ func NewApplicationDeleteResourceCommand(clientOpts *argocdclient.ClientOptions) command.Flags().BoolVar(&force, "force", false, "Indicates whether to orphan the dependents of the deleted resource") command.Flags().BoolVar(&orphan, "orphan", false, "Indicates whether to force delete the resource") command.Flags().BoolVar(&all, "all", false, "Indicates whether to patch multiple matching of resources") - command.Flags().StringVar(&project, "project", "", `The name of the application's project - specifying this allows the command to report "not found" instead of "permission denied" if the app does not exist`) command.Run = func(c *cobra.Command, args []string) { ctx := c.Context() @@ -143,7 +139,6 @@ func NewApplicationDeleteResourceCommand(clientOpts *argocdclient.ClientOptions) Kind: pointer.String(gvk.Kind), Force: &force, Orphan: &orphan, - Project: pointer.String(project), }) errors.CheckError(err) log.Infof("Resource '%s' deleted", obj.GetName()) @@ -255,7 +250,6 @@ func printResources(listAll bool, orphaned bool, appResourceTree *v1alpha1.Appli func NewApplicationListResourcesCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var orphaned bool var output string - var project string var command = &cobra.Command{ Use: "resources APPNAME", Short: "List resource of application", @@ -272,7 +266,6 @@ func NewApplicationListResourcesCommand(clientOpts *argocdclient.ClientOptions) appResourceTree, err := appIf.ResourceTree(ctx, &applicationpkg.ResourcesQuery{ ApplicationName: &appName, AppNamespace: &appNs, - Project: &project, }) errors.CheckError(err) printResources(listAll, orphaned, appResourceTree, output) @@ -280,6 +273,5 @@ func NewApplicationListResourcesCommand(clientOpts *argocdclient.ClientOptions) } command.Flags().BoolVar(&orphaned, "orphaned", false, "Lists only orphaned resources") command.Flags().StringVar(&output, "output", "", "Provides the tree view of the resources") - command.Flags().StringVar(&project, "project", "", `The name of the application's project - specifying this allows the command to report "not found" instead of "permission denied" if the app does not exist`) return command } diff --git a/cmd/argocd/commands/projectwindows.go b/cmd/argocd/commands/projectwindows.go index a46f9ece64c36..52b087d09f965 100644 --- a/cmd/argocd/commands/projectwindows.go +++ b/cmd/argocd/commands/projectwindows.go @@ -22,6 +22,22 @@ func NewProjectWindowsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Com roleCommand := &cobra.Command{ Use: "windows", Short: "Manage a project's sync windows", + Example: `#Creating "MyApp" Project in Argo CD with Custom Configuration and gRPC-Web Authentication +argocd proj windows --auth-token "your-auth-token" \ + --client-crt "/path/to/client.crt" \ + --client-crt-key "/path/to/client.key" \ + --config "/path/to/custom/config.yaml" \ + --grpc-web \ + --grpc-web-root-path "/custom/root/path" \ + --server "argocd-server.example.com" \ + "MyApp" + +#Configuring "Development" Project in Argo CD with HTTP, Custom kube-context, and Debug Logging. +argocd proj windows --plaintext \ + --kube-context "my-kube-context" \ + --loglevel "debug" \ + --server "argocd-server.internal.local" \ + "Development"`, Run: func(c *cobra.Command, args []string) { c.HelpFunc()(c, args) os.Exit(1) @@ -42,6 +58,21 @@ func NewProjectWindowsDisableManualSyncCommand(clientOpts *argocdclient.ClientOp Use: "disable-manual-sync PROJECT ID", Short: "Disable manual sync for a sync window", Long: "Disable manual sync for a sync window. Requires ID which can be found by running \"argocd proj windows list PROJECT\"", + Example: `#Disabling Manual Synchronization for Project "my-project-id" in Argo CD with Custom Configuration +argocd proj windows disable-manual-sync my-project-id \ + --auth-token "your-auth-token" \ + --kube-context "my-kube-context" \ + --loglevel "debug" \ + --server "argocd-server.example.com" + + +#Disabling Manual Synchronization for Project "another-project-id" in Argo CD with Client Certificates and gRPC-Web Configuration +aargocd proj windows disable-manual-sync another-project-id \ + --client-crt "/path/to/client.crt" \ + --client-crt-key "/path/to/client.key" \ + --grpc-web \ + --grpc-web-root-path "/custom/root/path" \ + --server "argocd-server.internal.local"`, Run: func(c *cobra.Command, args []string) { ctx := c.Context() @@ -79,6 +110,20 @@ func NewProjectWindowsEnableManualSyncCommand(clientOpts *argocdclient.ClientOpt Use: "enable-manual-sync PROJECT ID", Short: "Enable manual sync for a sync window", Long: "Enable manual sync for a sync window. Requires ID which can be found by running \"argocd proj windows list PROJECT\"", + Example: `#Enabling Manual Synchronization for Project 'my-project-id' in Argo CD with Custom Configuration: +argocd proj windows enable-manual-sync my-project-id \ + --auth-token "your-auth-token" \ + --kube-context "my-kube-context" \ + --grpc-web \ + --loglevel "debug" + + +#Enabling Manual Synchronization for Project 'another-project-id' in Argo CD with Client Certificates and Port Forwarding +argocd proj windows enable-manual-sync another-project-id \ + --client-crt "/path/to/client.crt" \ + --client-crt-key "/path/to/client.key" \ + --port-forward \ + --port-forward-namespace "my-namespace"`, Run: func(c *cobra.Command, args []string) { ctx := c.Context() @@ -180,6 +225,18 @@ func NewProjectWindowsDeleteCommand(clientOpts *argocdclient.ClientOptions) *cob var command = &cobra.Command{ Use: "delete PROJECT ID", Short: "Delete a sync window from a project. Requires ID which can be found by running \"argocd proj windows list PROJECT\"", + Example: `#Deleting Project 'my-project-id' in Argo CD with Custom Configuration +argocd proj windows delete my-project-id \ + --auth-token "your-auth-token" \ + --kube-context "my-kube-context" \ + --loglevel "debug" + +#Deleting Project 'another-project-id' in Argo CD with Client Certificates and TLS Verification Skip +argocd proj windows delete another-project-id \ + --client-crt "/path/to/client.crt" \ + --client-crt-key "/path/to/client.key" \ + --insecure \ + --server-crt "/path/to/server.crt"`, Run: func(c *cobra.Command, args []string) { ctx := c.Context() @@ -274,12 +331,22 @@ func NewProjectWindowsListCommand(clientOpts *argocdclient.ClientOptions) *cobra var command = &cobra.Command{ Use: "list PROJECT", Short: "List project sync windows", - Example: `# List project windows + Example: `#Listing Windows for Project 'my-project-id' in Argo CD with Custom Configuration +argocd proj windows list my-project-id \ + --auth-token "your-auth-token" \ + --kube-context "my-kube-context" \ + --loglevel "debug" +#Listing Windows for Project 'another-project-id' in Argo CD with Client Certificates and TLS Verification Skip +argocd proj windows list another-project-id \ + --client-crt "/path/to/client.crt" \ + --client-crt-key "/path/to/client.key" \ + --insecure \ + --server-crt "/path/to/server.crt" +#List project windows argocd proj windows list PROJECT - + # List project windows in yaml format -argocd proj windows list PROJECT -o yaml -`, +argocd proj windows list PROJECT -o yaml`, Run: func(c *cobra.Command, args []string) { ctx := c.Context() @@ -312,8 +379,8 @@ argocd proj windows list PROJECT -o yaml func printSyncWindows(proj *v1alpha1.AppProject) { w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) var fmtStr string - headers := []interface{}{"ID", "STATUS", "KIND", "SCHEDULE", "DURATION", "APPLICATIONS", "NAMESPACES", "CLUSTERS", "MANUALSYNC", "TIMEZONE"} - fmtStr = strings.Repeat("%s\t", len(headers)) + "\n" + headers := []interface{}{"ID", "STATUS", "KIND", "SCHEDULE", "DURATION", "APPLICATIONS", "NAMESPACES", "CLUSTERS", "MANUALSYNC"} + fmtStr = "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n" fmt.Fprintf(w, fmtStr, headers...) if proj.Spec.SyncWindows.HasWindows() { for i, window := range proj.Spec.SyncWindows { @@ -327,7 +394,6 @@ func printSyncWindows(proj *v1alpha1.AppProject) { formatListOutput(window.Namespaces), formatListOutput(window.Clusters), formatManualOutput(window.ManualSync), - window.TimeZone, } fmt.Fprintf(w, fmtStr, vals...) } diff --git a/docs/operator-manual/notifications/templates.md b/docs/operator-manual/notifications/templates.md index 1d80f20953b24..f865229e12835 100644 --- a/docs/operator-manual/notifications/templates.md +++ b/docs/operator-manual/notifications/templates.md @@ -20,7 +20,6 @@ Each template has access to the following fields: - `app` holds the application object. - `context` is a user-defined string map and might include any string keys and values. -- `secrets` provides access to sensitive data stored in `argocd-notifications-secret` - `serviceType` holds the notification service type name (such as "slack" or "email). The field can be used to conditionally render service-specific fields. - `recipient` holds the recipient name. @@ -44,39 +43,6 @@ data: message: "Something happened in {{ .context.environmentName }} in the {{ .context.region }} data center!" ``` -## Defining and using secrets within notification templates - -Some notification service use cases will require the use of secrets within templates. This can be achieved with the use of -the `secrets` data variable available within the templates. - -Given that we have the following `argocd-notifications-secret`: - -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: argocd-notifications-secret -stringData: - sampleWebhookToken: secret-token -type: Opaque -``` - -We can use the defined `sampleWebhookToken` in a template as such: - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: argocd-notifications-cm -data: - template.trigger-webhook: | - webhook: - sample-webhook: - method: POST - path: 'webhook/endpoint/with/auth' - body: 'token={{ .secrets.sampleWebhookToken }}&variables[APP_SOURCE_PATH]={{ .app.spec.source.path }} -``` - ## Notification Service Specific Fields The `message` field of the template definition allows creating a basic notification for any notification service. You can leverage notification service-specific diff --git a/docs/snyk/index.md b/docs/snyk/index.md index a8e97a7018013..fddd77111a7e3 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -13,11 +13,11 @@ recent minor releases. | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](master/argocd-test.html) | 0 | 0 | 6 | 0 | +| [go.mod](master/argocd-test.html) | 0 | 0 | 5 | 0 | | [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 0 | 0 | | [dex:v2.37.0](master/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 0 | 3 | 0 | | [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 4 | 19 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 3 | 19 | | [redis:7.0.11-alpine](master/redis_7.0.11-alpine.html) | 1 | 0 | 3 | 0 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | @@ -26,11 +26,11 @@ recent minor releases. | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.9.0-rc2/argocd-test.html) | 0 | 2 | 6 | 0 | +| [go.mod](v2.9.0-rc2/argocd-test.html) | 0 | 2 | 5 | 0 | | [ui/yarn.lock](v2.9.0-rc2/argocd-test.html) | 0 | 0 | 0 | 0 | | [dex:v2.37.0](v2.9.0-rc2/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 0 | 3 | 0 | | [haproxy:2.6.14-alpine](v2.9.0-rc2/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.9.0-rc2](v2.9.0-rc2/quay.io_argoproj_argocd_v2.9.0-rc2.html) | 0 | 2 | 7 | 20 | +| [argocd:v2.9.0-rc2](v2.9.0-rc2/quay.io_argoproj_argocd_v2.9.0-rc2.html) | 0 | 2 | 6 | 20 | | [redis:7.0.11-alpine](v2.9.0-rc2/redis_7.0.11-alpine.html) | 1 | 0 | 3 | 0 | | [install.yaml](v2.9.0-rc2/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.9.0-rc2/argocd-iac-namespace-install.html) | - | - | - | - | @@ -39,11 +39,11 @@ recent minor releases. | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.8.4/argocd-test.html) | 0 | 2 | 6 | 0 | +| [go.mod](v2.8.4/argocd-test.html) | 0 | 2 | 5 | 0 | | [ui/yarn.lock](v2.8.4/argocd-test.html) | 0 | 0 | 0 | 0 | | [dex:v2.37.0](v2.8.4/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 0 | 3 | 0 | | [haproxy:2.6.14-alpine](v2.8.4/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.8.4](v2.8.4/quay.io_argoproj_argocd_v2.8.4.html) | 0 | 2 | 7 | 20 | +| [argocd:v2.8.4](v2.8.4/quay.io_argoproj_argocd_v2.8.4.html) | 0 | 2 | 6 | 20 | | [redis:7.0.11-alpine](v2.8.4/redis_7.0.11-alpine.html) | 1 | 0 | 3 | 0 | | [install.yaml](v2.8.4/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.8.4/argocd-iac-namespace-install.html) | - | - | - | - | @@ -56,7 +56,7 @@ recent minor releases. | [ui/yarn.lock](v2.7.14/argocd-test.html) | 0 | 1 | 0 | 0 | | [dex:v2.37.0](v2.7.14/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 0 | 3 | 0 | | [haproxy:2.6.14-alpine](v2.7.14/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.7.14](v2.7.14/quay.io_argoproj_argocd_v2.7.14.html) | 0 | 2 | 7 | 20 | +| [argocd:v2.7.14](v2.7.14/quay.io_argoproj_argocd_v2.7.14.html) | 0 | 2 | 6 | 20 | | [redis:7.0.11-alpine](v2.7.14/redis_7.0.11-alpine.html) | 1 | 0 | 3 | 0 | | [install.yaml](v2.7.14/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.7.14/argocd-iac-namespace-install.html) | - | - | - | - | @@ -69,7 +69,7 @@ recent minor releases. | [ui/yarn.lock](v2.6.15/argocd-test.html) | 0 | 1 | 0 | 0 | | [dex:v2.37.0](v2.6.15/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 0 | 3 | 0 | | [haproxy:2.6.14-alpine](v2.6.15/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.6.15](v2.6.15/quay.io_argoproj_argocd_v2.6.15.html) | 0 | 2 | 7 | 20 | +| [argocd:v2.6.15](v2.6.15/quay.io_argoproj_argocd_v2.6.15.html) | 0 | 2 | 6 | 20 | | [redis:7.0.11-alpine](v2.6.15/redis_7.0.11-alpine.html) | 1 | 0 | 3 | 0 | | [install.yaml](v2.6.15/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.6.15/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 418bfdecc40fa..cdbbcd216e583 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

Snyk test report

-

October 22nd 2023, 12:17:18 am (UTC+00:00)

+

October 15th 2023, 12:17:18 am (UTC+00:00)

Scanned the following path: diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index d5402379c9056..5ab8913fc9766 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

Snyk test report

-

October 22nd 2023, 12:17:28 am (UTC+00:00)

+

October 15th 2023, 12:17:30 am (UTC+00:00)

Scanned the following path: diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index baf98e4e8af70..de493e0e6e42c 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

Snyk test report

-

October 22nd 2023, 12:14:48 am (UTC+00:00)

+

October 15th 2023, 12:14:41 am (UTC+00:00)

Scanned the following paths: @@ -466,9 +466,9 @@

Snyk test report

-
6 known vulnerabilities
-
19 vulnerable dependency paths
-
1965 dependencies
+
5 known vulnerabilities
+
18 vulnerable dependency paths
+
1922 dependencies
@@ -476,65 +476,6 @@

Snyk test report

-
-

LGPL-3.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: golang -
  • -
  • - Module: - - gopkg.in/retry.v1 -
  • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
  • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - gopkg.in/retry.v1@1.0.3 - - - -
  • -
- -
- -
- -

LGPL-3.0 license

- -
- - - -

MPL-2.0 license

diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.37.0.html index d5818b81cb2f5..d9d7bb771d57e 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.37.0.html @@ -456,7 +456,7 @@

Snyk test report

-

October 22nd 2023, 12:15:00 am (UTC+00:00)

+

October 15th 2023, 12:14:53 am (UTC+00:00)

Scanned the following paths: @@ -651,7 +651,6 @@

References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -734,7 +733,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • diff --git a/docs/snyk/master/haproxy_2.6.14-alpine.html b/docs/snyk/master/haproxy_2.6.14-alpine.html index b0b4060ee0d33..1f696570c59d5 100644 --- a/docs/snyk/master/haproxy_2.6.14-alpine.html +++ b/docs/snyk/master/haproxy_2.6.14-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:15:08 am (UTC+00:00)

    +

    October 15th 2023, 12:15:00 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index 4241230700e76..1009be1e34406 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:15:33 am (UTC+00:00)

    +

    October 15th 2023, 12:15:23 am (UTC+00:00)

    Scanned the following paths: @@ -466,9 +466,9 @@

    Snyk test report

    -
    31 known vulnerabilities
    -
    123 vulnerable dependency paths
    -
    2320 dependencies
    +
    29 known vulnerabilities
    +
    120 vulnerable dependency paths
    +
    2278 dependencies
    @@ -534,7 +534,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -963,146 +962,6 @@

    References

    More about this vulnerability

    -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
    • -
    • - Module: - - gopkg.in/retry.v1 -
    • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - gopkg.in/retry.v1@v1.0.3 - - - -
    • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - - - -
    -
    -

    Memory Leak

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - glibc/libc-bin -
    • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.35-0ubuntu3.4 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - glibc/libc-bin@2.35-0ubuntu3.4 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - glibc/libc6@2.35-0ubuntu3.4 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 glibc.

    -

    References

    - - -
    - - -

    MPL-2.0 license

    diff --git a/docs/snyk/master/redis_7.0.11-alpine.html b/docs/snyk/master/redis_7.0.11-alpine.html index a63c98a15030a..d4cf7fe946b5b 100644 --- a/docs/snyk/master/redis_7.0.11-alpine.html +++ b/docs/snyk/master/redis_7.0.11-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:15:40 am (UTC+00:00)

    +

    October 15th 2023, 12:15:30 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.6.15/argocd-iac-install.html b/docs/snyk/v2.6.15/argocd-iac-install.html index 90c875983c384..b38345ee04e69 100644 --- a/docs/snyk/v2.6.15/argocd-iac-install.html +++ b/docs/snyk/v2.6.15/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:27:56 am (UTC+00:00)

    +

    October 15th 2023, 12:28:31 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.6.15/argocd-iac-namespace-install.html b/docs/snyk/v2.6.15/argocd-iac-namespace-install.html index 1bd89d9664d2d..e6cf243f42cc2 100644 --- a/docs/snyk/v2.6.15/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.6.15/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:28:06 am (UTC+00:00)

    +

    October 15th 2023, 12:28:43 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.6.15/argocd-test.html b/docs/snyk/v2.6.15/argocd-test.html index 2672f4aef0e82..d48c69439bc60 100644 --- a/docs/snyk/v2.6.15/argocd-test.html +++ b/docs/snyk/v2.6.15/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:25:59 am (UTC+00:00)

    +

    October 15th 2023, 12:26:23 am (UTC+00:00)

    Scanned the following paths: @@ -936,7 +936,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -3187,7 +3186,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • diff --git a/docs/snyk/v2.6.15/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.6.15/ghcr.io_dexidp_dex_v2.37.0.html index cf45377b1b6b5..682d6d00feadc 100644 --- a/docs/snyk/v2.6.15/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.6.15/ghcr.io_dexidp_dex_v2.37.0.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:26:08 am (UTC+00:00)

    +

    October 15th 2023, 12:26:31 am (UTC+00:00)

    Scanned the following paths: @@ -651,7 +651,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -734,7 +733,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • diff --git a/docs/snyk/v2.6.15/haproxy_2.6.14-alpine.html b/docs/snyk/v2.6.15/haproxy_2.6.14-alpine.html index e107d327e33f3..1d1b7ac0b764b 100644 --- a/docs/snyk/v2.6.15/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.6.15/haproxy_2.6.14-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:26:13 am (UTC+00:00)

    +

    October 15th 2023, 12:26:35 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.6.15/quay.io_argoproj_argocd_v2.6.15.html b/docs/snyk/v2.6.15/quay.io_argoproj_argocd_v2.6.15.html index 4afe990dd0ffb..cd0e96a404b08 100644 --- a/docs/snyk/v2.6.15/quay.io_argoproj_argocd_v2.6.15.html +++ b/docs/snyk/v2.6.15/quay.io_argoproj_argocd_v2.6.15.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:26:35 am (UTC+00:00)

    +

    October 15th 2023, 12:27:03 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    47 known vulnerabilities
    -
    159 vulnerable dependency paths
    +
    46 known vulnerabilities
    +
    157 vulnerable dependency paths
    2063 dependencies
    @@ -702,7 +702,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -873,7 +872,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -1122,8 +1120,6 @@

    References

  • secalert@redhat.com
  • secalert@redhat.com
  • secalert@redhat.com
  • -
  • secalert@redhat.com
  • -
  • secalert@redhat.com

  • @@ -1282,25 +1278,37 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy - handshake.

    -

    When curl is asked to pass along the host name to the SOCKS5 proxy to allow - that to resolve the address instead of it getting done by curl itself, the - maximum length that host name can be is 255 bytes.

    -

    If the host name is detected to be longer, curl switches to local name - resolving and instead passes on the resolved address only. Due to this bug, - the local variable that means "let the host resolve the name" could get the - wrong value during a slow SOCKS5 handshake, and contrary to the intention, - copy the too long host name to the target buffer instead of copying just the - resolved address there.

    -

    The target buffer being a heap based buffer, and the host name coming from the - URL that curl has been told to operate with.

    +

    in the SOCKS5 proxy handshake process when the hostname is longer than the target buffer. + The local variable socks5_resolve_local could get the wrong value during a slow SOCKS5 handshake. + Since the code wrongly thinks it should pass on the hostname, even though the hostname is too long to fit, the memory copy can overflow the allocated target buffer.

    +

    This is only exploitable if the SOCKS5 handshake is slow enough to trigger a local variable bug and the client uses a hostname longer than the download buffer.

    +

    Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system under certain conditions.

    +

    Note:

    +

    An overflow is only possible in applications that don't set CURLOPT_BUFFERSIZE or set it smaller than 65541. + Since the curl tool sets CURLOPT_BUFFERSIZE to 100kB by default, it is not vulnerable unless the user sets the rate limiting to a rate smaller than 65541 bytes/second.

    +

    The options that cause SOCKS5 with remote hostname to be used in libcurl:

    +
      +
    1. CURLOPT_PROXYTYPE set to type CURLPROXY_SOCKS5_HOSTNAME, or: + CURLOPT_PROXY or CURLOPT_PRE_PROXY set to use the scheme socks5h://

      +
    2. +
    3. One of the proxy environment variables can be set to use the socks5h:// scheme. For example, http_proxy, HTTPS_PROXY or ALL_PROXY.

      +
    4. +
    +

    The options that cause SOCKS5 with remote hostname to be used in the curl tool:

    +
      +
    1. --socks5-hostname, --proxy or --preproxy set to use the scheme socks5h://

      +
    2. +
    3. Environment variables as described in the libcurl section.

      +
    4. +
    +

    Changelog:

    +

    2023-10-04: Initial publication

    +

    2023-10-11: Published updated information, including CWE, CVSS, official references and affected versions range.

    Remediation

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.14 or higher.

    References


    @@ -2374,89 +2382,6 @@

    References

    More about this vulnerability

    -
    -
    -

    Memory Leak

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - glibc/libc-bin -
    • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.6.15 and glibc/libc-bin@2.35-0ubuntu3.1 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.15 - - glibc/libc-bin@2.35-0ubuntu3.1 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.15 - - glibc/libc6@2.35-0ubuntu3.1 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 glibc.

    -

    References

    - - -
    - - -

    MPL-2.0 license

    @@ -5052,29 +4977,12 @@

    Detailed paths


    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    This flaw allows an attacker to insert cookies at will into a running program - using libcurl, if the specific series of conditions are met.

    -

    libcurl performs transfers. In its API, an application creates "easy handles" - that are the individual handles for single transfers.

    -

    libcurl provides a function call that duplicates en easy handle called - curl_easy_duphandle.

    -

    If a transfer has cookies enabled when the handle is duplicated, the - cookie-enable state is also cloned - but without cloning the actual - cookies. If the source handle did not read any cookies from a specific file on - disk, the cloned version of the handle would instead store the file name as - none (using the four ASCII letters, no quotes).

    -

    Subsequent use of the cloned handle that does not explicitly set a source to - load cookies from would then inadvertently load cookies from a file named - none - if such a file exists and is readable in the current directory of the - program using libcurl. And if using the correct file format of course.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.14 or higher.

    References


    diff --git a/docs/snyk/v2.6.15/redis_7.0.11-alpine.html b/docs/snyk/v2.6.15/redis_7.0.11-alpine.html index 4517b6875556d..9145ccc25b134 100644 --- a/docs/snyk/v2.6.15/redis_7.0.11-alpine.html +++ b/docs/snyk/v2.6.15/redis_7.0.11-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:26:40 am (UTC+00:00)

    +

    October 15th 2023, 12:27:08 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.7.14/argocd-iac-install.html b/docs/snyk/v2.7.14/argocd-iac-install.html index ab8ddd883ddd9..2ec1b5c084982 100644 --- a/docs/snyk/v2.7.14/argocd-iac-install.html +++ b/docs/snyk/v2.7.14/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:25:32 am (UTC+00:00)

    +

    October 15th 2023, 12:25:57 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.7.14/argocd-iac-namespace-install.html b/docs/snyk/v2.7.14/argocd-iac-namespace-install.html index d185574255ccc..7eb1bed27e1fe 100644 --- a/docs/snyk/v2.7.14/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.7.14/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:25:44 am (UTC+00:00)

    +

    October 15th 2023, 12:26:08 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.7.14/argocd-test.html b/docs/snyk/v2.7.14/argocd-test.html index f004e6e9bd197..0ac0a0289e1fa 100644 --- a/docs/snyk/v2.7.14/argocd-test.html +++ b/docs/snyk/v2.7.14/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:23:29 am (UTC+00:00)

    +

    October 15th 2023, 12:23:35 am (UTC+00:00)

    Scanned the following paths: @@ -936,7 +936,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -3299,7 +3298,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • diff --git a/docs/snyk/v2.7.14/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.7.14/ghcr.io_dexidp_dex_v2.37.0.html index 1b9f8a4109329..0227ad9f0c750 100644 --- a/docs/snyk/v2.7.14/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.7.14/ghcr.io_dexidp_dex_v2.37.0.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:23:36 am (UTC+00:00)

    +

    October 15th 2023, 12:23:43 am (UTC+00:00)

    Scanned the following paths: @@ -651,7 +651,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -734,7 +733,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • diff --git a/docs/snyk/v2.7.14/haproxy_2.6.14-alpine.html b/docs/snyk/v2.7.14/haproxy_2.6.14-alpine.html index 007cb149e346e..abf669350cd1a 100644 --- a/docs/snyk/v2.7.14/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.7.14/haproxy_2.6.14-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:23:41 am (UTC+00:00)

    +

    October 15th 2023, 12:23:47 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.7.14/quay.io_argoproj_argocd_v2.7.14.html b/docs/snyk/v2.7.14/quay.io_argoproj_argocd_v2.7.14.html index 03bd4c6c6ccf8..2bf2450f0d958 100644 --- a/docs/snyk/v2.7.14/quay.io_argoproj_argocd_v2.7.14.html +++ b/docs/snyk/v2.7.14/quay.io_argoproj_argocd_v2.7.14.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:24:02 am (UTC+00:00)

    +

    October 15th 2023, 12:24:23 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    40 known vulnerabilities
    -
    150 vulnerable dependency paths
    +
    39 known vulnerabilities
    +
    148 vulnerable dependency paths
    2065 dependencies
    @@ -534,7 +534,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -696,7 +695,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -879,8 +877,6 @@

    References

  • secalert@redhat.com
  • secalert@redhat.com
  • secalert@redhat.com
  • -
  • secalert@redhat.com
  • -
  • secalert@redhat.com

  • @@ -1039,25 +1035,37 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy - handshake.

    -

    When curl is asked to pass along the host name to the SOCKS5 proxy to allow - that to resolve the address instead of it getting done by curl itself, the - maximum length that host name can be is 255 bytes.

    -

    If the host name is detected to be longer, curl switches to local name - resolving and instead passes on the resolved address only. Due to this bug, - the local variable that means "let the host resolve the name" could get the - wrong value during a slow SOCKS5 handshake, and contrary to the intention, - copy the too long host name to the target buffer instead of copying just the - resolved address there.

    -

    The target buffer being a heap based buffer, and the host name coming from the - URL that curl has been told to operate with.

    +

    in the SOCKS5 proxy handshake process when the hostname is longer than the target buffer. + The local variable socks5_resolve_local could get the wrong value during a slow SOCKS5 handshake. + Since the code wrongly thinks it should pass on the hostname, even though the hostname is too long to fit, the memory copy can overflow the allocated target buffer.

    +

    This is only exploitable if the SOCKS5 handshake is slow enough to trigger a local variable bug and the client uses a hostname longer than the download buffer.

    +

    Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system under certain conditions.

    +

    Note:

    +

    An overflow is only possible in applications that don't set CURLOPT_BUFFERSIZE or set it smaller than 65541. + Since the curl tool sets CURLOPT_BUFFERSIZE to 100kB by default, it is not vulnerable unless the user sets the rate limiting to a rate smaller than 65541 bytes/second.

    +

    The options that cause SOCKS5 with remote hostname to be used in libcurl:

    +
      +
    1. CURLOPT_PROXYTYPE set to type CURLPROXY_SOCKS5_HOSTNAME, or: + CURLOPT_PROXY or CURLOPT_PRE_PROXY set to use the scheme socks5h://

      +
    2. +
    3. One of the proxy environment variables can be set to use the socks5h:// scheme. For example, http_proxy, HTTPS_PROXY or ALL_PROXY.

      +
    4. +
    +

    The options that cause SOCKS5 with remote hostname to be used in the curl tool:

    +
      +
    1. --socks5-hostname, --proxy or --preproxy set to use the scheme socks5h://

      +
    2. +
    3. Environment variables as described in the libcurl section.

      +
    4. +
    +

    Changelog:

    +

    2023-10-04: Initial publication

    +

    2023-10-11: Published updated information, including CWE, CVSS, official references and affected versions range.

    Remediation

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.14 or higher.

    References


    @@ -1843,89 +1851,6 @@

    References

    More about this vulnerability

    -
    -
    -

    Memory Leak

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - glibc/libc-bin -
    • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.14 and glibc/libc-bin@2.35-0ubuntu3.1 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.14 - - glibc/libc-bin@2.35-0ubuntu3.1 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.14 - - glibc/libc6@2.35-0ubuntu3.1 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 glibc.

    -

    References

    - - -
    - - -

    MPL-2.0 license

    @@ -4521,29 +4446,12 @@

    Detailed paths


    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    This flaw allows an attacker to insert cookies at will into a running program - using libcurl, if the specific series of conditions are met.

    -

    libcurl performs transfers. In its API, an application creates "easy handles" - that are the individual handles for single transfers.

    -

    libcurl provides a function call that duplicates en easy handle called - curl_easy_duphandle.

    -

    If a transfer has cookies enabled when the handle is duplicated, the - cookie-enable state is also cloned - but without cloning the actual - cookies. If the source handle did not read any cookies from a specific file on - disk, the cloned version of the handle would instead store the file name as - none (using the four ASCII letters, no quotes).

    -

    Subsequent use of the cloned handle that does not explicitly set a source to - load cookies from would then inadvertently load cookies from a file named - none - if such a file exists and is readable in the current directory of the - program using libcurl. And if using the correct file format of course.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.14 or higher.

    References


    diff --git a/docs/snyk/v2.7.14/redis_7.0.11-alpine.html b/docs/snyk/v2.7.14/redis_7.0.11-alpine.html index abb0d46e599d1..69df11ccdc4a9 100644 --- a/docs/snyk/v2.7.14/redis_7.0.11-alpine.html +++ b/docs/snyk/v2.7.14/redis_7.0.11-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:24:07 am (UTC+00:00)

    +

    October 15th 2023, 12:24:30 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.8.4/argocd-iac-install.html b/docs/snyk/v2.8.4/argocd-iac-install.html index 74bfd26bd5685..f7ede8ff7e0aa 100644 --- a/docs/snyk/v2.8.4/argocd-iac-install.html +++ b/docs/snyk/v2.8.4/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:22:54 am (UTC+00:00)

    +

    October 15th 2023, 12:22:59 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.8.4/argocd-iac-namespace-install.html b/docs/snyk/v2.8.4/argocd-iac-namespace-install.html index ad9dd5a08070e..e4cfddbb16d3b 100644 --- a/docs/snyk/v2.8.4/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.8.4/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:23:05 am (UTC+00:00)

    +

    October 15th 2023, 12:23:11 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.8.4/argocd-test.html b/docs/snyk/v2.8.4/argocd-test.html index a1275415abd1f..1de80ab7cac2f 100644 --- a/docs/snyk/v2.8.4/argocd-test.html +++ b/docs/snyk/v2.8.4/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:20:43 am (UTC+00:00)

    +

    October 15th 2023, 12:20:42 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    8 known vulnerabilities
    -
    162 vulnerable dependency paths
    +
    7 known vulnerabilities
    +
    161 vulnerable dependency paths
    1851 dependencies
    @@ -797,7 +797,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -3113,7 +3112,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -3128,65 +3126,6 @@

    References

    More about this vulnerability

    -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
    • -
    • - Module: - - gopkg.in/retry.v1 -
    • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - gopkg.in/retry.v1@1.0.3 - - - -
    • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - - -

    MPL-2.0 license

    diff --git a/docs/snyk/v2.8.4/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.8.4/ghcr.io_dexidp_dex_v2.37.0.html index 23d448e47235c..8317707e30243 100644 --- a/docs/snyk/v2.8.4/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.8.4/ghcr.io_dexidp_dex_v2.37.0.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:20:50 am (UTC+00:00)

    +

    October 15th 2023, 12:20:56 am (UTC+00:00)

    Scanned the following paths: @@ -651,7 +651,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -734,7 +733,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • diff --git a/docs/snyk/v2.8.4/haproxy_2.6.14-alpine.html b/docs/snyk/v2.8.4/haproxy_2.6.14-alpine.html index d69638239b8f3..07dbf17451bd3 100644 --- a/docs/snyk/v2.8.4/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.8.4/haproxy_2.6.14-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:20:56 am (UTC+00:00)

    +

    October 15th 2023, 12:21:02 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.8.4/quay.io_argoproj_argocd_v2.8.4.html b/docs/snyk/v2.8.4/quay.io_argoproj_argocd_v2.8.4.html index 41972f87bb6f3..3fa6411766044 100644 --- a/docs/snyk/v2.8.4/quay.io_argoproj_argocd_v2.8.4.html +++ b/docs/snyk/v2.8.4/quay.io_argoproj_argocd_v2.8.4.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:21:18 am (UTC+00:00)

    +

    October 15th 2023, 12:21:24 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    39 known vulnerabilities
    -
    148 vulnerable dependency paths
    +
    37 known vulnerabilities
    +
    145 vulnerable dependency paths
    2116 dependencies
    @@ -534,7 +534,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -617,7 +616,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -720,8 +718,6 @@

    References

  • secalert@redhat.com
  • secalert@redhat.com
  • secalert@redhat.com
  • -
  • secalert@redhat.com
  • -
  • secalert@redhat.com

  • @@ -871,25 +867,37 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy - handshake.

    -

    When curl is asked to pass along the host name to the SOCKS5 proxy to allow - that to resolve the address instead of it getting done by curl itself, the - maximum length that host name can be is 255 bytes.

    -

    If the host name is detected to be longer, curl switches to local name - resolving and instead passes on the resolved address only. Due to this bug, - the local variable that means "let the host resolve the name" could get the - wrong value during a slow SOCKS5 handshake, and contrary to the intention, - copy the too long host name to the target buffer instead of copying just the - resolved address there.

    -

    The target buffer being a heap based buffer, and the host name coming from the - URL that curl has been told to operate with.

    +

    in the SOCKS5 proxy handshake process when the hostname is longer than the target buffer. + The local variable socks5_resolve_local could get the wrong value during a slow SOCKS5 handshake. + Since the code wrongly thinks it should pass on the hostname, even though the hostname is too long to fit, the memory copy can overflow the allocated target buffer.

    +

    This is only exploitable if the SOCKS5 handshake is slow enough to trigger a local variable bug and the client uses a hostname longer than the download buffer.

    +

    Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system under certain conditions.

    +

    Note:

    +

    An overflow is only possible in applications that don't set CURLOPT_BUFFERSIZE or set it smaller than 65541. + Since the curl tool sets CURLOPT_BUFFERSIZE to 100kB by default, it is not vulnerable unless the user sets the rate limiting to a rate smaller than 65541 bytes/second.

    +

    The options that cause SOCKS5 with remote hostname to be used in libcurl:

    +
      +
    1. CURLOPT_PROXYTYPE set to type CURLPROXY_SOCKS5_HOSTNAME, or: + CURLOPT_PROXY or CURLOPT_PRE_PROXY set to use the scheme socks5h://

      +
    2. +
    3. One of the proxy environment variables can be set to use the socks5h:// scheme. For example, http_proxy, HTTPS_PROXY or ALL_PROXY.

      +
    4. +
    +

    The options that cause SOCKS5 with remote hostname to be used in the curl tool:

    +
      +
    1. --socks5-hostname, --proxy or --preproxy set to use the scheme socks5h://

      +
    2. +
    3. Environment variables as described in the libcurl section.

      +
    4. +
    +

    Changelog:

    +

    2023-10-04: Initial publication

    +

    2023-10-11: Published updated information, including CWE, CVSS, official references and affected versions range.

    Remediation

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.14 or higher.

    References


    @@ -1675,146 +1683,6 @@

    References

    More about this vulnerability

    -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
    • -
    • - Module: - - gopkg.in/retry.v1 -
    • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - gopkg.in/retry.v1@v1.0.3 - - - -
    • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - - - -
    -
    -

    Memory Leak

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - glibc/libc-bin -
    • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.4 and glibc/libc-bin@2.35-0ubuntu3.3 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.4 - - glibc/libc-bin@2.35-0ubuntu3.3 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.4 - - glibc/libc6@2.35-0ubuntu3.3 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 glibc.

    -

    References

    - - -
    - - -

    MPL-2.0 license

    @@ -4401,29 +4269,12 @@

    Detailed paths


    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    This flaw allows an attacker to insert cookies at will into a running program - using libcurl, if the specific series of conditions are met.

    -

    libcurl performs transfers. In its API, an application creates "easy handles" - that are the individual handles for single transfers.

    -

    libcurl provides a function call that duplicates en easy handle called - curl_easy_duphandle.

    -

    If a transfer has cookies enabled when the handle is duplicated, the - cookie-enable state is also cloned - but without cloning the actual - cookies. If the source handle did not read any cookies from a specific file on - disk, the cloned version of the handle would instead store the file name as - none (using the four ASCII letters, no quotes).

    -

    Subsequent use of the cloned handle that does not explicitly set a source to - load cookies from would then inadvertently load cookies from a file named - none - if such a file exists and is readable in the current directory of the - program using libcurl. And if using the correct file format of course.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.14 or higher.

    References


    diff --git a/docs/snyk/v2.8.4/redis_7.0.11-alpine.html b/docs/snyk/v2.8.4/redis_7.0.11-alpine.html index fe91f261fcc18..3a5dc5021f2e9 100644 --- a/docs/snyk/v2.8.4/redis_7.0.11-alpine.html +++ b/docs/snyk/v2.8.4/redis_7.0.11-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:21:23 am (UTC+00:00)

    +

    October 15th 2023, 12:21:29 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.9.0-rc2/argocd-iac-install.html b/docs/snyk/v2.9.0-rc2/argocd-iac-install.html index 3d521f9f74881..34bc0c556c3d0 100644 --- a/docs/snyk/v2.9.0-rc2/argocd-iac-install.html +++ b/docs/snyk/v2.9.0-rc2/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:20:12 am (UTC+00:00)

    +

    October 15th 2023, 12:20:10 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.9.0-rc2/argocd-iac-namespace-install.html b/docs/snyk/v2.9.0-rc2/argocd-iac-namespace-install.html index 8280d0891ebd1..b55f00109791b 100644 --- a/docs/snyk/v2.9.0-rc2/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.9.0-rc2/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:20:23 am (UTC+00:00)

    +

    October 15th 2023, 12:20:21 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.9.0-rc2/argocd-test.html b/docs/snyk/v2.9.0-rc2/argocd-test.html index edf48da06d740..7e647f138369b 100644 --- a/docs/snyk/v2.9.0-rc2/argocd-test.html +++ b/docs/snyk/v2.9.0-rc2/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:17:48 am (UTC+00:00)

    +

    October 15th 2023, 12:17:43 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    8 known vulnerabilities
    -
    167 vulnerable dependency paths
    +
    7 known vulnerabilities
    +
    166 vulnerable dependency paths
    1920 dependencies
    @@ -814,7 +814,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -3202,7 +3201,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -3217,65 +3215,6 @@

    References

    More about this vulnerability

    -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
    • -
    • - Module: - - gopkg.in/retry.v1 -
    • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - gopkg.in/retry.v1@1.0.3 - - - -
    • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - - -

    MPL-2.0 license

    diff --git a/docs/snyk/v2.9.0-rc2/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.9.0-rc2/ghcr.io_dexidp_dex_v2.37.0.html index 395c6ba1691e8..2051e0965c34d 100644 --- a/docs/snyk/v2.9.0-rc2/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.9.0-rc2/ghcr.io_dexidp_dex_v2.37.0.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:17:57 am (UTC+00:00)

    +

    October 15th 2023, 12:17:51 am (UTC+00:00)

    Scanned the following paths: @@ -651,7 +651,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -734,7 +733,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • diff --git a/docs/snyk/v2.9.0-rc2/haproxy_2.6.14-alpine.html b/docs/snyk/v2.9.0-rc2/haproxy_2.6.14-alpine.html index 87d2e9a0fef4b..20f19d4becc2e 100644 --- a/docs/snyk/v2.9.0-rc2/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.9.0-rc2/haproxy_2.6.14-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:18:01 am (UTC+00:00)

    +

    October 15th 2023, 12:17:55 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.9.0-rc2/quay.io_argoproj_argocd_v2.9.0-rc2.html b/docs/snyk/v2.9.0-rc2/quay.io_argoproj_argocd_v2.9.0-rc2.html index 1bf83c3e87170..0aab8254e5f9e 100644 --- a/docs/snyk/v2.9.0-rc2/quay.io_argoproj_argocd_v2.9.0-rc2.html +++ b/docs/snyk/v2.9.0-rc2/quay.io_argoproj_argocd_v2.9.0-rc2.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:18:24 am (UTC+00:00)

    +

    October 15th 2023, 12:18:18 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    39 known vulnerabilities
    -
    148 vulnerable dependency paths
    +
    37 known vulnerabilities
    +
    145 vulnerable dependency paths
    2270 dependencies
    @@ -534,7 +534,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -617,7 +616,6 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • Snyk Blog
  • @@ -720,8 +718,6 @@

    References

  • secalert@redhat.com
  • secalert@redhat.com
  • secalert@redhat.com
  • -
  • secalert@redhat.com
  • -
  • secalert@redhat.com

  • @@ -871,25 +867,37 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy - handshake.

    -

    When curl is asked to pass along the host name to the SOCKS5 proxy to allow - that to resolve the address instead of it getting done by curl itself, the - maximum length that host name can be is 255 bytes.

    -

    If the host name is detected to be longer, curl switches to local name - resolving and instead passes on the resolved address only. Due to this bug, - the local variable that means "let the host resolve the name" could get the - wrong value during a slow SOCKS5 handshake, and contrary to the intention, - copy the too long host name to the target buffer instead of copying just the - resolved address there.

    -

    The target buffer being a heap based buffer, and the host name coming from the - URL that curl has been told to operate with.

    +

    in the SOCKS5 proxy handshake process when the hostname is longer than the target buffer. + The local variable socks5_resolve_local could get the wrong value during a slow SOCKS5 handshake. + Since the code wrongly thinks it should pass on the hostname, even though the hostname is too long to fit, the memory copy can overflow the allocated target buffer.

    +

    This is only exploitable if the SOCKS5 handshake is slow enough to trigger a local variable bug and the client uses a hostname longer than the download buffer.

    +

    Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system under certain conditions.

    +

    Note:

    +

    An overflow is only possible in applications that don't set CURLOPT_BUFFERSIZE or set it smaller than 65541. + Since the curl tool sets CURLOPT_BUFFERSIZE to 100kB by default, it is not vulnerable unless the user sets the rate limiting to a rate smaller than 65541 bytes/second.

    +

    The options that cause SOCKS5 with remote hostname to be used in libcurl:

    +
      +
    1. CURLOPT_PROXYTYPE set to type CURLPROXY_SOCKS5_HOSTNAME, or: + CURLOPT_PROXY or CURLOPT_PRE_PROXY set to use the scheme socks5h://

      +
    2. +
    3. One of the proxy environment variables can be set to use the socks5h:// scheme. For example, http_proxy, HTTPS_PROXY or ALL_PROXY.

      +
    4. +
    +

    The options that cause SOCKS5 with remote hostname to be used in the curl tool:

    +
      +
    1. --socks5-hostname, --proxy or --preproxy set to use the scheme socks5h://

      +
    2. +
    3. Environment variables as described in the libcurl section.

      +
    4. +
    +

    Changelog:

    +

    2023-10-04: Initial publication

    +

    2023-10-11: Published updated information, including CWE, CVSS, official references and affected versions range.

    Remediation

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.14 or higher.

    References


    @@ -1675,146 +1683,6 @@

    References

    More about this vulnerability

    -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
    • -
    • - Module: - - gopkg.in/retry.v1 -
    • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - gopkg.in/retry.v1@v1.0.3 - - - -
    • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - - - -
    -
    -

    Memory Leak

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
    • -
    • - Vulnerable module: - - glibc/libc-bin -
    • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.9.0-rc2 and glibc/libc-bin@2.35-0ubuntu3.3 - -
    • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.0-rc2 - - glibc/libc-bin@2.35-0ubuntu3.3 - - - -
    • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.0-rc2 - - glibc/libc6@2.35-0ubuntu3.3 - - - -
    • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 glibc.

    -

    References

    - - -
    - - -

    MPL-2.0 license

    @@ -4401,29 +4269,12 @@

    Detailed paths


    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    This flaw allows an attacker to insert cookies at will into a running program - using libcurl, if the specific series of conditions are met.

    -

    libcurl performs transfers. In its API, an application creates "easy handles" - that are the individual handles for single transfers.

    -

    libcurl provides a function call that duplicates en easy handle called - curl_easy_duphandle.

    -

    If a transfer has cookies enabled when the handle is duplicated, the - cookie-enable state is also cloned - but without cloning the actual - cookies. If the source handle did not read any cookies from a specific file on - disk, the cloned version of the handle would instead store the file name as - none (using the four ASCII letters, no quotes).

    -

    Subsequent use of the cloned handle that does not explicitly set a source to - load cookies from would then inadvertently load cookies from a file named - none - if such a file exists and is readable in the current directory of the - program using libcurl. And if using the correct file format of course.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.14 or higher.

    References


    diff --git a/docs/snyk/v2.9.0-rc2/redis_7.0.11-alpine.html b/docs/snyk/v2.9.0-rc2/redis_7.0.11-alpine.html index 329d39f6c5098..6cb08e277c738 100644 --- a/docs/snyk/v2.9.0-rc2/redis_7.0.11-alpine.html +++ b/docs/snyk/v2.9.0-rc2/redis_7.0.11-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 22nd 2023, 12:18:30 am (UTC+00:00)

    +

    October 15th 2023, 12:18:24 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/user-guide/commands/argocd_admin_app.md b/docs/user-guide/commands/argocd_admin_app.md index 58e0f50f25846..5b2200bf1116f 100644 --- a/docs/user-guide/commands/argocd_admin_app.md +++ b/docs/user-guide/commands/argocd_admin_app.md @@ -8,21 +8,6 @@ Manage applications configuration argocd admin app [flags] ``` -### Examples - -``` - -# Compare results of two reconciliations and print diff -argocd admin app diff-reconcile-results APPNAME [flags] - -# Generate declarative config for an application -argocd admin app generate-spec APPNAME - -# Reconcile all applications and store reconciliation summary in the specified file -argocd admin app get-reconcile-results APPNAME - -``` - ### Options ``` diff --git a/docs/user-guide/commands/argocd_admin_cluster.md b/docs/user-guide/commands/argocd_admin_cluster.md index 1a469c3f818ca..14113d048214a 100644 --- a/docs/user-guide/commands/argocd_admin_cluster.md +++ b/docs/user-guide/commands/argocd_admin_cluster.md @@ -8,6 +8,20 @@ Manage clusters configuration argocd admin cluster [flags] ``` +### Examples + +``` + +# Authenticate with a Token +argocd admin cluster --auth-token YOUR_AUTH_TOKEN + +# Use a Custom Client Certificate and Key +argocd admin cluster --client-crt /path/to/client.crt --client-crt-key /path/to/client.key + +# Set Logging Format and Level +argocd admin cluster --logformat json --loglevel debug +``` + ### Options ``` diff --git a/docs/user-guide/commands/argocd_admin_cluster_kubeconfig.md b/docs/user-guide/commands/argocd_admin_cluster_kubeconfig.md index 8105605e80cd0..8ea85892686de 100644 --- a/docs/user-guide/commands/argocd_admin_cluster_kubeconfig.md +++ b/docs/user-guide/commands/argocd_admin_cluster_kubeconfig.md @@ -8,6 +8,23 @@ Generates kubeconfig for the specified cluster argocd admin cluster kubeconfig CLUSTER_URL OUTPUT_PATH [flags] ``` +### Examples + +``` + +#Generate a Kubeconfig for a Cluster and Save it to a File +argocd admin cluster kubeconfig https://cluster-api-url:6443 /path/to/output/kubeconfig.yaml + +#Generate a Kubeconfig with a Custom Cluster Name: +argocd admin cluster kubeconfig https://cluster-api-url:6443 /path/to/output/kubeconfig.yaml --cluster=my-cluster + +#Generate a Kubeconfig for a Cluster with TLS Verification Disabled +argocd admin cluster kubeconfig https://cluster-api-url:6443 /path/to/output/kubeconfig.yaml --insecure-skip-tls-verify + +#Generate a Kubeconfig with a Custom Namespace Scope +argocd admin cluster kubeconfig https://cluster-api-url:6443 /path/to/output/kubeconfig.yaml -n my-namespace +``` + ### Options ``` diff --git a/docs/user-guide/commands/argocd_admin_cluster_stats.md b/docs/user-guide/commands/argocd_admin_cluster_stats.md index 9e916288adf7e..d4d82011ad13a 100644 --- a/docs/user-guide/commands/argocd_admin_cluster_stats.md +++ b/docs/user-guide/commands/argocd_admin_cluster_stats.md @@ -8,6 +8,26 @@ Prints information cluster statistics and inferred shard number argocd admin cluster stats [flags] ``` +### Examples + +``` + +#Display Cluster Statistics for the Default Cluster +argocd admin cluster stats + +#Display Cluster Statistics for a Specific Cluster Context +argocd admin cluster stats --context=my-cluster-context + +#Display Cluster Statistics for a Cluster with Custom Configuration (Kubeconfig Path) +argocd admin cluster stats --kubeconfig=/path/to/custom/kubeconfig.yaml + +#Display Cluster Statistics with a Custom Request Timeout +argocd admin cluster stats --request-timeout=5s + +#Display Cluster Statistics for a Specific Shard +argocd admin cluster stats --shard=1 +``` + ### Options ``` diff --git a/docs/user-guide/commands/argocd_app_delete-resource.md b/docs/user-guide/commands/argocd_app_delete-resource.md index 4a305eb4b4489..f65873227473a 100644 --- a/docs/user-guide/commands/argocd_app_delete-resource.md +++ b/docs/user-guide/commands/argocd_app_delete-resource.md @@ -18,7 +18,6 @@ argocd app delete-resource APPNAME [flags] --kind string Kind --namespace string Namespace --orphan Indicates whether to force delete the resource - --project string The name of the application's project - specifying this allows the command to report "not found" instead of "permission denied" if the app does not exist --resource-name string Name of resource ``` diff --git a/docs/user-guide/commands/argocd_app_patch-resource.md b/docs/user-guide/commands/argocd_app_patch-resource.md index c849395cb3ea8..9211f410ea5b1 100644 --- a/docs/user-guide/commands/argocd_app_patch-resource.md +++ b/docs/user-guide/commands/argocd_app_patch-resource.md @@ -18,7 +18,6 @@ argocd app patch-resource APPNAME [flags] --namespace string Namespace --patch string Patch --patch-type string Which Patching strategy to use: 'application/json-patch+json', 'application/merge-patch+json', or 'application/strategic-merge-patch+json'. Defaults to 'application/merge-patch+json' (default "application/merge-patch+json") - --project string The name of the application's project - specifying this allows the command to report "not found" instead of "permission denied" if the app does not exist --resource-name string Name of resource ``` diff --git a/docs/user-guide/commands/argocd_app_resources.md b/docs/user-guide/commands/argocd_app_resources.md index 22027f74ba3d7..b704ad1c41770 100644 --- a/docs/user-guide/commands/argocd_app_resources.md +++ b/docs/user-guide/commands/argocd_app_resources.md @@ -11,10 +11,9 @@ argocd app resources APPNAME [flags] ### Options ``` - -h, --help help for resources - --orphaned Lists only orphaned resources - --output string Provides the tree view of the resources - --project string The name of the application's project - specifying this allows the command to report "not found" instead of "permission denied" if the app does not exist + -h, --help help for resources + --orphaned Lists only orphaned resources + --output string Provides the tree view of the resources ``` ### Options inherited from parent commands diff --git a/docs/user-guide/commands/argocd_proj_windows.md b/docs/user-guide/commands/argocd_proj_windows.md index dc1b68bf0191b..1a1c2009da68d 100644 --- a/docs/user-guide/commands/argocd_proj_windows.md +++ b/docs/user-guide/commands/argocd_proj_windows.md @@ -8,6 +8,27 @@ Manage a project's sync windows argocd proj windows [flags] ``` +### Examples + +``` +#Creating "MyApp" Project in Argo CD with Custom Configuration and gRPC-Web Authentication +argocd proj windows --auth-token "your-auth-token" \ + --client-crt "/path/to/client.crt" \ + --client-crt-key "/path/to/client.key" \ + --config "/path/to/custom/config.yaml" \ + --grpc-web \ + --grpc-web-root-path "/custom/root/path" \ + --server "argocd-server.example.com" \ + "MyApp" + +#Configuring "Development" Project in Argo CD with HTTP, Custom kube-context, and Debug Logging. +argocd proj windows --plaintext \ + --kube-context "my-kube-context" \ + --loglevel "debug" \ + --server "argocd-server.internal.local" \ + "Development" +``` + ### Options ``` diff --git a/docs/user-guide/commands/argocd_proj_windows_delete.md b/docs/user-guide/commands/argocd_proj_windows_delete.md index 316b25041fde2..671b579d205c2 100644 --- a/docs/user-guide/commands/argocd_proj_windows_delete.md +++ b/docs/user-guide/commands/argocd_proj_windows_delete.md @@ -8,6 +8,23 @@ Delete a sync window from a project. Requires ID which can be found by running " argocd proj windows delete PROJECT ID [flags] ``` +### Examples + +``` +#Deleting Project 'my-project-id' in Argo CD with Custom Configuration +argocd proj windows delete my-project-id \ + --auth-token "your-auth-token" \ + --kube-context "my-kube-context" \ + --loglevel "debug" + +#Deleting Project 'another-project-id' in Argo CD with Client Certificates and TLS Verification Skip +argocd proj windows delete another-project-id \ + --client-crt "/path/to/client.crt" \ + --client-crt-key "/path/to/client.key" \ + --insecure \ + --server-crt "/path/to/server.crt" +``` + ### Options ``` diff --git a/docs/user-guide/commands/argocd_proj_windows_disable-manual-sync.md b/docs/user-guide/commands/argocd_proj_windows_disable-manual-sync.md index 8951ad9371c90..4dce78961c760 100644 --- a/docs/user-guide/commands/argocd_proj_windows_disable-manual-sync.md +++ b/docs/user-guide/commands/argocd_proj_windows_disable-manual-sync.md @@ -12,6 +12,26 @@ Disable manual sync for a sync window. Requires ID which can be found by running argocd proj windows disable-manual-sync PROJECT ID [flags] ``` +### Examples + +``` +#Disabling Manual Synchronization for Project "my-project-id" in Argo CD with Custom Configuration +argocd proj windows disable-manual-sync my-project-id \ + --auth-token "your-auth-token" \ + --kube-context "my-kube-context" \ + --loglevel "debug" \ + --server "argocd-server.example.com" + + +#Disabling Manual Synchronization for Project "another-project-id" in Argo CD with Client Certificates and gRPC-Web Configuration +aargocd proj windows disable-manual-sync another-project-id \ + --client-crt "/path/to/client.crt" \ + --client-crt-key "/path/to/client.key" \ + --grpc-web \ + --grpc-web-root-path "/custom/root/path" \ + --server "argocd-server.internal.local" +``` + ### Options ``` diff --git a/docs/user-guide/commands/argocd_proj_windows_enable-manual-sync.md b/docs/user-guide/commands/argocd_proj_windows_enable-manual-sync.md index a1ca162840f7a..4d8fab4abe650 100644 --- a/docs/user-guide/commands/argocd_proj_windows_enable-manual-sync.md +++ b/docs/user-guide/commands/argocd_proj_windows_enable-manual-sync.md @@ -12,6 +12,25 @@ Enable manual sync for a sync window. Requires ID which can be found by running argocd proj windows enable-manual-sync PROJECT ID [flags] ``` +### Examples + +``` +#Enabling Manual Synchronization for Project 'my-project-id' in Argo CD with Custom Configuration: +argocd proj windows enable-manual-sync my-project-id \ + --auth-token "your-auth-token" \ + --kube-context "my-kube-context" \ + --grpc-web \ + --loglevel "debug" + + +#Enabling Manual Synchronization for Project 'another-project-id' in Argo CD with Client Certificates and Port Forwarding +argocd proj windows enable-manual-sync another-project-id \ + --client-crt "/path/to/client.crt" \ + --client-crt-key "/path/to/client.key" \ + --port-forward \ + --port-forward-namespace "my-namespace" +``` + ### Options ``` diff --git a/docs/user-guide/commands/argocd_proj_windows_list.md b/docs/user-guide/commands/argocd_proj_windows_list.md index 94073db4775b8..9d433925cf332 100644 --- a/docs/user-guide/commands/argocd_proj_windows_list.md +++ b/docs/user-guide/commands/argocd_proj_windows_list.md @@ -11,12 +11,22 @@ argocd proj windows list PROJECT [flags] ### Examples ``` -# List project windows +#Listing Windows for Project 'my-project-id' in Argo CD with Custom Configuration +argocd proj windows list my-project-id \ + --auth-token "your-auth-token" \ + --kube-context "my-kube-context" \ + --loglevel "debug" +#Listing Windows for Project 'another-project-id' in Argo CD with Client Certificates and TLS Verification Skip +argocd proj windows list another-project-id \ + --client-crt "/path/to/client.crt" \ + --client-crt-key "/path/to/client.key" \ + --insecure \ + --server-crt "/path/to/server.crt" +#List project windows argocd proj windows list PROJECT - + # List project windows in yaml format argocd proj windows list PROJECT -o yaml - ``` ### Options diff --git a/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health.lua b/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health.lua index 7422fd4104727..d24afea652c2a 100644 --- a/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health.lua +++ b/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health.lua @@ -1,17 +1,22 @@ local health_status = {} if obj.status ~= nil then if obj.status.brokersState ~= nil then - local numberBrokers = 0 - local healthyBrokers = 0 - for _, broker in pairs(obj.status.brokersState) do - numberBrokers = numberBrokers + 1 - if broker.configurationState == "ConfigInSync" then - if broker.gracefulActionState.cruiseControlState == "GracefulUpscaleSucceeded" or broker.gracefulActionState.cruiseControlState == "GracefulDownscaleSucceeded" then - healthyBrokers = healthyBrokers + 1 + local counter = 0 + local brokerReady = 0 + for i, broker in pairs(obj.status.brokersState) do + if (brokerReady <= tonumber(i)) then + brokerReady = tonumber(i)+1 + else + brokerReady = brokerReady + end + if broker.configurationState == "ConfigInSync" and broker.gracefulActionState.cruiseControlState == "GracefulUpscaleSucceeded" then + counter = counter + 1 + end + if broker.configurationState == "ConfigInSync" and broker.gracefulActionState.cruiseControlState == "GracefulDownscaleSucceeded" then + counter = counter + 1 end - end end - if numberBrokers == healthyBrokers then + if counter == brokerReady then if obj.status.cruiseControlTopicStatus == "CruiseControlTopicReady" and obj.status.state == "ClusterRunning" then health_status.message = "Kafka Brokers, CruiseControl and cluster are in Healthy State." health_status.status = "Healthy" diff --git a/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health_test.yaml b/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health_test.yaml index 776cc02739326..9446d882d941a 100644 --- a/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health_test.yaml +++ b/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health_test.yaml @@ -14,4 +14,4 @@ tests: - healthStatus: status: Healthy message: "Kafka Brokers, CruiseControl and cluster are in Healthy State." - inputPath: testdata/healthy.yaml \ No newline at end of file + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/kafka.banzaicloud.io/KafkaCluster/testdata/healthy.yaml b/resource_customizations/kafka.banzaicloud.io/KafkaCluster/testdata/healthy.yaml index 44666fd6a83a5..9dd791b9c39fe 100644 --- a/resource_customizations/kafka.banzaicloud.io/KafkaCluster/testdata/healthy.yaml +++ b/resource_customizations/kafka.banzaicloud.io/KafkaCluster/testdata/healthy.yaml @@ -20,21 +20,21 @@ spec: {} status: alertCount: 0 brokersState: - "101": + "0": configurationState: ConfigInSync gracefulActionState: cruiseControlState: GracefulUpscaleSucceeded errorMessage: CruiseControl not yet ready rackAwarenessState: | broker.rack=us-east-1,us-east-1c - "102": + "1": configurationState: ConfigInSync gracefulActionState: cruiseControlState: GracefulUpscaleSucceeded errorMessage: CruiseControl not yet ready rackAwarenessState: | broker.rack=us-east-1,us-east-1b - "103": + "2": configurationState: ConfigInSync gracefulActionState: cruiseControlState: GracefulUpscaleSucceeded diff --git a/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx b/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx index 1ef2d83815821..30b101eecc4f8 100644 --- a/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx +++ b/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx @@ -1,7 +1,7 @@ import {DataLoader} from 'argo-ui'; import * as classNames from 'classnames'; import * as React from 'react'; -import {useEffect, useState, useRef} from 'react'; +import {useEffect, useState} from 'react'; import {bufferTime, delay, retryWhen} from 'rxjs/operators'; import {LogEntry} from '../../../shared/models'; @@ -83,7 +83,6 @@ export const PodsLogsViewer = (props: PodLogsProps) => { const [highlight, setHighlight] = useState(matchNothing); const [scrollToBottom, setScrollToBottom] = useState(true); const [logs, setLogs] = useState([]); - const logsContainerRef = useRef(null); useEffect(() => { if (viewPodNames) { @@ -103,15 +102,6 @@ export const PodsLogsViewer = (props: PodLogsProps) => { useEffect(() => setScrollToBottom(true), [follow]); - useEffect(() => { - if (scrollToBottom) { - const element = logsContainerRef.current; - if (element) { - element.scrollTop = element.scrollHeight; - } - } - }, [logs, scrollToBottom]); - useEffect(() => { setLogs([]); const logsSource = services.applications @@ -135,10 +125,6 @@ export const PodsLogsViewer = (props: PodLogsProps) => { return () => logsSource.unsubscribe(); }, [applicationName, applicationNamespace, namespace, podName, group, kind, name, containerName, tail, follow, sinceSeconds, filter, previous]); - const handleScroll = (event: React.WheelEvent) => { - if (event.deltaY < 0) setScrollToBottom(false); - }; - const renderLog = (log: LogEntry, lineNum: number) => // show the pod name if there are multiple pods, pad with spaces to align (viewPodNames ? (lineNum === 0 || logs[lineNum - 1].podName !== log.podName ? podColor(podName) + log.podName + reset : ' '.repeat(log.podName.length)) + ' ' : '') + @@ -147,7 +133,7 @@ export const PodsLogsViewer = (props: PodLogsProps) => { // show the log content, highlight the filter text log.content?.replace(highlight, (substring: string) => whiteOnYellow + substring + reset); const logsContent = (width: number, height: number, isWrapped: boolean) => ( -
    +
    {logs.map((log, lineNum) => (
                         {renderLog(log, lineNum)}
    @@ -191,7 +177,11 @@ export const PodsLogsViewer = (props: PodLogsProps) => {
                                     
                                 
                             
    -
    +
    { + if (e.deltaY < 0) setScrollToBottom(false); + }}> {({width, height}: {width: number; height: number}) => logsContent(width, height, prefs.appDetails.wrapLines)}
    diff --git a/util/notification/settings/settings.go b/util/notification/settings/settings.go index ed6a44b60f365..865a627747d31 100644 --- a/util/notification/settings/settings.go +++ b/util/notification/settings/settings.go @@ -37,7 +37,6 @@ func initGetVars(argocdService service.Service, cfg *api.Config, configMap *v1.C return expression.Spawn(&unstructured.Unstructured{Object: obj}, argocdService, map[string]interface{}{ "app": obj, "context": injectLegacyVar(context, dest.Service), - "secrets": secret.Data, }) }, nil } diff --git a/util/notification/settings/settings_test.go b/util/notification/settings/settings_test.go deleted file mode 100644 index 21c2eaf416d37..0000000000000 --- a/util/notification/settings/settings_test.go +++ /dev/null @@ -1,92 +0,0 @@ -package settings - -import ( - "fmt" - "testing" - - "github.com/argoproj/argo-cd/v2/reposerver/apiclient/mocks" - service "github.com/argoproj/argo-cd/v2/util/notification/argocd" - "github.com/argoproj/notifications-engine/pkg/api" - "github.com/argoproj/notifications-engine/pkg/services" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes/fake" -) - -const testNamespace = "default" -const testContextKey = "test-context-key" -const testContextKeyValue = "test-context-key-value" - -func TestInitGetVars(t *testing.T) { - notificationsCm := corev1.ConfigMap{ - ObjectMeta: v1.ObjectMeta{ - Namespace: testNamespace, - Name: "argocd-notifications-cm", - }, - Data: map[string]string{ - "context": fmt.Sprintf("%s: %s", testContextKey, testContextKeyValue), - "service.webhook.test": "url: https://test.com", - "template.app-created": "email:\n subject: Application {{.app.metadata.name}} has been created.\nmessage: Application {{.app.metadata.name}} has been created.\nteams:\n title: Application {{.app.metadata.name}} has been created.\n", - "trigger.on-created": "- description: Application is created.\n oncePer: app.metadata.name\n send:\n - app-created\n when: \"true\"\n", - }, - } - notificationsSecret := corev1.Secret{ - ObjectMeta: v1.ObjectMeta{ - Name: "argocd-notifications-secret", - Namespace: testNamespace, - }, - Data: map[string][]byte{ - "notification-secret": []byte("secret-value"), - }, - } - kubeclientset := fake.NewSimpleClientset(&corev1.ConfigMap{ - ObjectMeta: v1.ObjectMeta{ - Namespace: testNamespace, - Name: "argocd-notifications-cm", - }, - Data: notificationsCm.Data, - }, - &corev1.Secret{ - ObjectMeta: v1.ObjectMeta{ - Name: "argocd-notifications-secret", - Namespace: testNamespace, - }, - Data: notificationsSecret.Data, - }) - mockRepoClient := &mocks.Clientset{RepoServerServiceClient: &mocks.RepoServerServiceClient{}} - argocdService, err := service.NewArgoCDService(kubeclientset, testNamespace, mockRepoClient) - require.NoError(t, err) - defer argocdService.Close() - config := api.Config{} - testDestination := services.Destination{ - Service: "webhook", - } - emptyAppData := map[string]interface{}{} - - varsProvider, _ := initGetVars(argocdService, &config, ¬ificationsCm, ¬ificationsSecret) - - t.Run("Vars provider serves Application data on app key", func(t *testing.T) { - appData := map[string]interface{}{ - "name": "app-name", - } - result := varsProvider(appData, testDestination) - assert.NotNil(t, t, result["app"]) - assert.Equal(t, result["app"], appData) - }) - t.Run("Vars provider serves notification context data on context key", func(t *testing.T) { - expectedContext := map[string]string{ - testContextKey: testContextKeyValue, - "notificationType": testDestination.Service, - } - result := varsProvider(emptyAppData, testDestination) - assert.NotNil(t, result["context"]) - assert.Equal(t, result["context"], expectedContext) - }) - t.Run("Vars provider serves notification secrets on secrets key", func(t *testing.T) { - result := varsProvider(emptyAppData, testDestination) - assert.NotNil(t, result["secrets"]) - assert.Equal(t, result["secrets"], notificationsSecret.Data) - }) -}