Wasm sync

.azure-pipelines/linux.yml

@@ -10,6 +10,8 @@ jobs:
  CI_TARGET: 'bazel.gcc'
  compile_time_options:
  CI_TARGET: 'bazel.compile_time_options'
+ fuzz:
+ CI_TARGET: 'bazel.fuzz'
  dependsOn: [] # this removes the implicit dependency on previous stage and causes this to run in parallel.
  timeoutInMinutes: 360
  pool:
@@ -46,6 +48,13 @@ jobs:
  displayName: "Check disk space at end"
  condition: always()
 
+ - task: PublishTestResults@2
+ inputs:
+ testResultsFiles: '**/bazel-out/**/testlogs/**/test.xml'
+ testRunTitle: '$(CI_TARGET)'
+ searchFolder: $(Build.StagingDirectory)/tmp
+ condition: always()
+
  - task: PublishBuildArtifacts@1
  inputs:
  pathtoPublish: "$(Build.StagingDirectory)/envoy"

.bazelrc

@@ -16,29 +16,36 @@ build --experimental_local_memory_estimate
 build --experimental_strict_action_env=true
 build --host_force_python=PY2
 build --action_env=BAZEL_LINKLIBS=-l%:libstdc++.a
-build --action_env=BAZEL_LINKOPTS=-lm:-static-libgcc
+build --action_env=BAZEL_LINKOPTS=-lm
 build --host_javabase=@bazel_tools//tools/jdk:remote_jdk11
 build --javabase=@bazel_tools//tools/jdk:remote_jdk11
 
+# We already have absl in the build, define absl=1 to tell googletest to use absl for backtrace.
+build --define absl=1
+
 # Pass PATH, CC and CXX variables from the environment.
 build --action_env=CC
 build --action_env=CXX
 build --action_env=PATH
 
+# Common flags for sanitizers
+build:sanitizer --define tcmalloc=disabled
+build:sanitizer --linkopt -ldl
+build:sanitizer --build_tag_filters=-no_san
+build:sanitizer --test_tag_filters=-no_san
+
 # Basic ASAN/UBSAN that works for gcc
 build:asan --action_env=BAZEL_LINKLIBS=
 build:asan --action_env=BAZEL_LINKOPTS=-lstdc++:-lm
 build:asan --action_env=ENVOY_ASAN=1
+build:asan --config=sanitizer
+# ASAN install its signal handler, disable ours so the stacktrace will be printed by ASAN
+build:asan --define signal_trace=disabled
 build:asan --define ENVOY_CONFIG_ASAN=1
 build:asan --copt -fsanitize=address,undefined
 build:asan --linkopt -fsanitize=address,undefined
 build:asan --copt -fno-sanitize=vptr
 build:asan --linkopt -fno-sanitize=vptr
-build:asan --linkopt -ldl
-build:asan --define tcmalloc=disabled
-build:asan --build_tag_filters=-no_asan
-build:asan --test_tag_filters=-no_asan
-build:asan --define signal_trace=disabled
 build:asan --copt -DADDRESS_SANITIZER=1
 build:asan --copt -D__SANITIZE_ADDRESS__
 build:asan --test_env=ASAN_OPTIONS=handle_abort=1:allow_addr2line=true:check_initialization_order=true:strict_init_order=true:detect_odr_violation=1
@@ -61,22 +68,21 @@ build:macos-asan --dynamic_mode=off
 
 # Clang TSAN
 build:clang-tsan --action_env=ENVOY_TSAN=1
+build:clang-tsan --config=sanitizer
 build:clang-tsan --define ENVOY_CONFIG_TSAN=1
 build:clang-tsan --copt -fsanitize=thread
 build:clang-tsan --linkopt -fsanitize=thread
 build:clang-tsan --linkopt -fuse-ld=lld
-build:clang-tsan --linkopt -static-libsan
-build:clang-tsan --define tcmalloc=disabled
 # Needed due to https://github.com/libevent/libevent/issues/777
 build:clang-tsan --copt -DEVENT__DISABLE_DEBUG_MODE
 
 # Clang MSAN - broken today since we need to rebuild lib[std]c++ and external deps with MSAN
 # support (see https://github.com/envoyproxy/envoy/issues/443).
 build:clang-msan --action_env=ENVOY_MSAN=1
+build:clang-msan --config=sanitizer
 build:clang-msan --define ENVOY_CONFIG_MSAN=1
 build:clang-msan --copt -fsanitize=memory
 build:clang-msan --linkopt -fsanitize=memory
-build:clang-msan --define tcmalloc=disabled
 build:clang-msan --copt -fsanitize-memory-track-origins=2
 
 # Clang with libc++
@@ -111,6 +117,7 @@ build:rbe-toolchain-clang-libc++ --extra_toolchains=@rbe_ubuntu_clang_libcxx//co
 build:rbe-toolchain-clang-libc++ --action_env=CC=clang --action_env=CXX=clang++ --action_env=PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/llvm-8/bin
 build:rbe-toolchain-clang-libc++ --action_env=CXXFLAGS=-stdlib=libc++
 build:rbe-toolchain-clang-libc++ --action_env=LDFLAGS=-stdlib=libc++
+build:rbe-toolchain-clang-libc++ --define force_libcpp=enabled
 
 build:rbe-toolchain-gcc --config=rbe-toolchain
 build:rbe-toolchain-gcc --crosstool_top=@rbe_ubuntu_gcc//cc:toolchain
@@ -125,13 +132,12 @@ build:remote --auth_enabled=true
 build:remote --experimental_inmemory_jdeps_files
 build:remote --experimental_inmemory_dotd_files
 build:remote --experimental_remote_download_outputs=toplevel
-test:remote --experimental_remote_download_outputs=minimal
 
 build:remote-clang --config=remote
 build:remote-clang --config=rbe-toolchain-clang
 
 # Docker sandbox
-build:docker-sandbox --experimental_docker_image=envoyproxy/envoy-build:8246167b9d238797cbc6c03dccc9e3921c37617d
+build:docker-sandbox --experimental_docker_image=envoyproxy/envoy-build@sha256:9236915d10004a35f2439ce4a1c33c1dbb06f95f84c4a4497d4e4f95cdc9e07f
 build:docker-sandbox --spawn_strategy=docker
 build:docker-sandbox --strategy=Javac=docker
 build:docker-sandbox --strategy=Closure=docker
@@ -151,4 +157,6 @@ build:remote-ci --remote_executor=grpcs://remotebuildexecution.googleapis.com
 build:asan-fuzzer --config=asan
 build:asan-fuzzer --define=FUZZING_ENGINE=libfuzzer
 build:asan-fuzzer --copt=-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-build:asan-fuzzer --copt=-fsanitize-coverage=trace-pc-guard
+build:asan-fuzzer --copt=-fsanitize-coverage=trace-pc-guard
+# Remove UBSAN halt_on_error to avoid crashing on protobuf errors.
+build:asan-fuzzer --test_env=UBSAN_OPTIONS=print_stacktrace=1

.bazelversion

@@ -1 +1 @@
-0.28.1
+0.29.1

.circleci/config.yml

@@ -4,6 +4,7 @@ executors:
  ubuntu-build:
  description: "A regular build executor based on ubuntu image"
  docker:
+ # NOTE: Update bazel/toolchains/rbe_toolchains_config.bzl with sha256 digest to match the image here.
  - image: piotrsikora/envoy:d799827e285e2f4f42f4ecf284ff4cc999f48e35
  resource_class: xlarge
  working_directory: /source

.clang-tidy

@@ -2,6 +2,7 @@ Checks: 'abseil-*,
  bugprone-*,
  clang-analyzer-*,
  clang-diagnostic-*,
+ misc-unused-using-decls,
  modernize-*,
  performance-*,
  readability-braces-around-statements,
@@ -20,6 +21,7 @@ WarningsAsErrors: 'abseil-duration-*,
  bugprone-unused-raii,
  bugprone-use-after-move,
  clang-analyzer-core.DivideZero,
+ misc-unused-using-decls,
  modernize-deprecated-headers,
  modernize-loop-convert,
  modernize-make-shared,

.zuul/playbooks/envoy-build/run.yaml

@@ -3,6 +3,8 @@
  roles:
  - role: config-gcc
  gcc_version: 7
+ - role: config-bazel
+ bazel_version: 0.28.1
  tasks:
  - name: Build envoy
  shell:

CODEOWNERS

@@ -26,6 +26,8 @@ extensions/filters/common/original_src @snowp @klarose
 /*/extensions/filters/http/header_to_metadata @rgs1 @zuercher
 # alts transport socket extension
 /*/extensions/transport_sockets/alts @htuch @yangminzhu
+# tls transport socket extension
+/*/extensions/transport_sockets/tls @PiotrSikora @lizan
 # sni_cluster extension
 /*/extensions/filters/network/sni_cluster @rshriram @lizan
 # tracers.datadog extension
@@ -53,7 +55,9 @@ extensions/filters/common/original_src @snowp @klarose
 /*/extensions/filters/listener/http_inspector @crazyxy @PiotrSikora @lizan
 # attribute context
 /*/extensions/filters/common/expr @kyessenov @yangminzhu
-# WebAssembly extensions
+# webassembly access logger extensions
 /*/extensions/access_loggers/wasm @jplevyak @PiotrSikora
+# webassembly common extension
 /*/extensions/common/wasm @jplevyak @PiotrSikora
+# webassembly http extensions
 /*/extensions/filters/http/wasm @jplevyak @PiotrSikora

CONTRIBUTING.md

@@ -72,7 +72,11 @@ maximize the chances of your PR being merged.
  could convert from the earlier API to the new API. A field may be deprecated
  if this tool would be able to perform the conversion. For example, removing a
  field to describe HTTP/2 window settings is valid if a more comprehensive
- HTTP/2 protocol options field is being introduced to replace it.
+ HTTP/2 protocol options field is being introduced to replace it. The PR author
+ deprecating the old configuration is responsible for updating all tests and
+ canonical configuration, or guarding them with the DEPRECATED_FEATURE_TEST() macro.
+ This will be validated by the bazel.compile_time_options target, which will hard-fail when
+ deprecated configuration is used.
 * For configuration deprecations that are not covered by the above semantic
  replacement policy, any deprecation will only take place after
  community consultation on mailing lists, Slack and GitHub, over the period of

OWNERS.md

@@ -39,6 +39,7 @@ routing PRs, questions, etc. to the right place.
 * All maintainers
 * Piotr Sikora ([PiotrSikora](https://github.com/PiotrSikora)) (piotrsikora@google.com)
 * Yan Avlasov ([yanavlasov](https://github.com/yanavlasov)) (yavlasov@google.com)
+* Asra Ali ([asraa](https://github.com/asraa)) (asraa@google.com)
 
 # Emeritus maintainers
 
@@ -60,3 +61,5 @@ matter expert reviews. Feel free to loop them in as needed.
  * Bazel/build.
 * Daniel Hochman ([danielhochman](https://github.com/danielhochman)) (dhochman@lyft.com)
  * Redis, Python, configuration/operational questions.
+* Yuchen Dai ([lambdai](https://github.com/lambdai)) (lambdai@google.com)
+ * v2 xDS, listeners, filter chain discovery service.

SECURITY.md

@@ -217,11 +217,25 @@ issue fixed for your respective distribution's users.
 Before any information from the list is shared with respective members of your team required to fix
 said issue, they must agree to the same terms and only find out information on a need-to-know basis.
 
+We typically expect a single point-of-contact (PoC) at any given legal entity. Within the
+organization, it is the responsibility of the PoC to share CVE and related patches internally. This
+should be performed on a strictly need-to-know basis with affected groups to the extent that this is
+technically plausible. All teams should be aware of the embargo conditions and accept them.
+Ultimately, if an organization breaks embargo transitively through such sharing, they will lose
+the early disclosure privilege, so it's in their best interest to carefully share information internally,
+following best practices and use their judgement in balancing the tradeoff between protecting users
+and maintaining confidentiality.
+
 The embargo applies to information shared, source code and binary images. **It is a violation of the
 embargo policy to share binary distributions of the security fixes before the public release date.**
 This includes, but is not limited to, Envoy binaries and Docker images. It is expected that
 distributors have a method to stage and validate new binaries without exposing them publicly.
 
+If the information shared is under embargo from a third party, where Envoy is one of many projects
+that a disclosure is shared with, it is critical to consider that the ramifications of any leak will
+extend beyond the Envoy community and will leave us in a position in which we will be less likely to
+receive embargoed reports in the future.
+
 In the unfortunate event you share the information beyond what is allowed by this policy, you _must_
 urgently inform the envoy-security@googlegroups.com mailing list of exactly what information leaked
 and to whom. A retrospective will take place after the leak so we can assess how to prevent making the

api/CONTRIBUTING.md

@@ -8,7 +8,7 @@ API changes are regular PRs in https://github.com/envoyproxy/envoy for the API/c
 changes. They may be as part of a larger implementation PR. Please follow the standard Bazel and CI
 process for validating build/test sanity of `api/` before submitting a PR.
 
-*Note: New .proto files should be also included to [build.sh](https://github.com/envoyproxy/envoy/blob/master/docs/build.sh) and
+*Note: New .proto files should be added to
 [BUILD](https://github.com/envoyproxy/envoy/blob/master/api/docs/BUILD) in order to get the RSTs generated.*
 
 ## Documentation changes

api/bazel/BUILD

@@ -0,0 +1,12 @@
+load("@io_bazel_rules_go//proto:compiler.bzl", "go_proto_compiler")
+
+licenses(["notice"]) # Apache 2
+
+go_proto_compiler(
+ name = "pgv_plugin_go",
+ options = ["lang=go"],
+ plugin = "@com_envoyproxy_protoc_gen_validate//:protoc-gen-validate",
+ suffix = ".pb.validate.go",
+ valid_archive = False,
+ visibility = ["//visibility:public"],
+)