Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update NetBackup Documentation #89

Open
wants to merge 135 commits into
base: create-branch
Choose a base branch
from
Open

Update NetBackup Documentation #89

wants to merge 135 commits into from

Conversation

MHemavathi
Copy link

sgupta03 and others added 30 commits June 20, 2018 11:30
* Update README.md

* Update README.md

* Update README.md

* Update README.md
Config Management and Admin APIs code samples
NetBackup 8.2 API Perl scripts for Config, Admin APIs
NetBackup 8.2 API golang scripts for config, admin APIs
Added perl scripts for all GET APIs for VM server credentials and resource limits.
inital work posting to github.   looking to work with the community and veritas on the ansible deployments.    msdp_create and vmware_resourcelimits need some assitance.   although it looks right from the swagger docs, it seems to through an api error.
Python script for NetBackup AssetDB Cleanup for Cloud workload
updated body yaml to correct syntax.
ashviniwaghmode and others added 20 commits September 9, 2020 11:10
…i_based_python_code

Feature/backup restore api based python code
Get a list of VMware vmServers
Modified to use Python3 print statements
ClientBackup.ps1 is a PowerShell script designed to backup a Windows
client using a command line specified policy name and API key.

Didn't exactly fit into the directory structure so put in powershell
directory.
…_PolicyDetails

Create new sample Get-NB-PolicyDetails
 - added MSSQL recipes
 - sample json payloads for various API requests
 - snippets to GET Assets and Recoverypoints
loop count corrected
…_workflow

Adding in samples on how to do a restore given multiple copies
@MHemavathi MHemavathi changed the title NetBackup Documentation Update NetBackup Documentation Mar 28, 2023
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

//##############################################################
func GetHTTPClient() *http.Client {
tlsConfig := &tls.Config {
InsecureSkipVerify: true, //for this test, ignore ssl certificate

Check failure

Code scanning / CodeQL

Disabled TLS certificate check High

InsecureSkipVerify should not be used in production code.

Copilot Autofix AI 1 day ago

To fix the problem, we need to ensure that TLS certificate verification is enabled. This involves setting InsecureSkipVerify to false and ensuring that the client is configured with the appropriate certificates for verification.

  1. General Fix Approach:

    • Set InsecureSkipVerify to false.
    • Load the system's root CA certificates or specify a custom CA certificate if needed.
  2. Detailed Fix:

    • Modify the GetHTTPClient function to set InsecureSkipVerify to false.
    • Optionally, load the system's root CA certificates using x509.SystemCertPool() or specify a custom CA certificate.
  3. Specific Changes:

    • Change line 58 to InsecureSkipVerify: false.
    • Optionally, add code to load the system's root CA certificates.
Suggested changeset 1
recipes/go/storage/StorageHelper/StorageHelper.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/recipes/go/storage/StorageHelper/StorageHelper.go b/recipes/go/storage/StorageHelper/StorageHelper.go
--- a/recipes/go/storage/StorageHelper/StorageHelper.go
+++ b/recipes/go/storage/StorageHelper/StorageHelper.go
@@ -18,2 +18,3 @@
     "crypto/tls"
+    "crypto/x509"
     "encoding/json"
@@ -56,4 +57,6 @@
 func GetHTTPClient() *http.Client {
+    rootCAs, _ := x509.SystemCertPool()
     tlsConfig := &tls.Config {
-        InsecureSkipVerify: true, //for this test, ignore ssl certificate
+        InsecureSkipVerify: false,
+        RootCAs: rootCAs,
     }
EOF
@@ -18,2 +18,3 @@
"crypto/tls"
"crypto/x509"
"encoding/json"
@@ -56,4 +57,6 @@
func GetHTTPClient() *http.Client {
rootCAs, _ := x509.SystemCertPool()
tlsConfig := &tls.Config {
InsecureSkipVerify: true, //for this test, ignore ssl certificate
InsecureSkipVerify: false,
RootCAs: rootCAs,
}
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
storagePath: /mnt/msdp/vol0
credentials:
userName: msdp
password: msdp

Check failure

Code scanning / CodeQL

Password in configuration file High

Hard-coded password 'msdp' in configuration file.

func getHTTPClient() http.Client {
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},

Check failure

Code scanning / CodeQL

Disabled TLS certificate check High

InsecureSkipVerify should not be used in production code.

Copilot Autofix AI 1 day ago

To fix the problem, we need to ensure that the TLS certificate verification is enabled. This involves setting InsecureSkipVerify to false and ensuring that the client is configured with the appropriate certificates to perform verification.

  1. General Fix Approach:

    • Set InsecureSkipVerify to false.
    • Optionally, load and set the root CA certificates if they are not in the default location.
  2. Detailed Fix:

    • Modify the getHTTPClient function to set InsecureSkipVerify to false.
    • Ensure that the tls.Config is properly configured to use the system's root CA certificates.
  3. Specific Changes:

    • Update the getHTTPClient function in the snippets/go/netbackup.go file.
Suggested changeset 1
snippets/go/netbackup.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/snippets/go/netbackup.go b/snippets/go/netbackup.go
--- a/snippets/go/netbackup.go
+++ b/snippets/go/netbackup.go
@@ -12,2 +12,3 @@
 	"os"
+	"crypto/x509"
 )
@@ -239,4 +240,13 @@
 func getHTTPClient() http.Client {
+	// Load system's root CA certificates
+	rootCAs, _ := x509.SystemCertPool()
+	if rootCAs == nil {
+		rootCAs = x509.NewCertPool()
+	}
+
 	tr := &http.Transport{
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: false,
+			RootCAs:            rootCAs,
+		},
 	}
EOF
@@ -12,2 +12,3 @@
"os"
"crypto/x509"
)
@@ -239,4 +240,13 @@
func getHTTPClient() http.Client {
// Load system's root CA certificates
rootCAs, _ := x509.SystemCertPool()
if rootCAs == nil {
rootCAs = x509.NewCertPool()
}

tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
TLSClientConfig: &tls.Config{
InsecureSkipVerify: false,
RootCAs: rootCAs,
},
}
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.