Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: remove duktape from civetweb to remove debugger #1997

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

davdhacs
Copy link

Description

SAST scan showed the duktape dubugger as exploitable (https://cov01.lab.eng.brq2.redhat.com/osh/task/747071/log/rhacs-collector-container-4.6.0-1/scan-results-imp.html previous version ignored manually: https://gitlab.cee.redhat.com/osh/known-false-positives/-/blob/master/rhacs-collector-container/ignore.err?ref_type=heads). Can we remove duktape from the civetweb collector uses? (expecting CI tests to fail if collector relies on the embeeded duktape js engine). Then if it is not found in the scan, we will not need to keep ignoring it after civetweb version updates.

Checklist

  • Investigated and inspected CI test results
  • Updated documentation accordingly

Automated testing

  • Added unit tests
  • Added integration tests
  • Added regression tests

If any of these don't apply, please comment below.

Testing Performed

TODO(replace-me)
Use this space to explain how you tested your PR, or, if you didn't test it, why you did not do so. (Valid reasons include "CI is sufficient" or "No testable changes")
In addition to reviewing your code, reviewers must also review your testing instructions, and make sure they are sufficient.

For more details, ref the Confluence page about this section.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant