From 68076e6e0c929abf78c59202bb79a53cdc3ba462 Mon Sep 17 00:00:00 2001 From: Conrad Grobler Date: Tue, 27 Apr 2021 12:58:38 +0000 Subject: [PATCH 1/2] Stop ignoring advisories --- examples/deny.toml | 6 ------ experimental/deny.toml | 6 ------ oak_client/deny.toml | 6 ------ oak_loader/deny.toml | 6 ------ oak_runtime/deny.toml | 6 ------ sdk/deny.toml | 6 ------ 6 files changed, 36 deletions(-) diff --git a/examples/deny.toml b/examples/deny.toml index 9da76067929..c4b5daffe6e 100644 --- a/examples/deny.toml +++ b/examples/deny.toml @@ -13,12 +13,6 @@ vulnerability = "deny" unmaintained = "deny" yanked = "deny" notice = "deny" -ignore = [ - # TODO(#1267): Remove when mio no longer depends on net2. - "RUSTSEC-2020-0016", - # TODO(#1874): Remove when tonic and hyper versions are updated. - "RUSTSEC-2021-0020", -] # Deny multiple versions unless explicitly skipped. [bans] diff --git a/experimental/deny.toml b/experimental/deny.toml index 5b9e705b088..f11d6efec61 100644 --- a/experimental/deny.toml +++ b/experimental/deny.toml @@ -10,12 +10,6 @@ vulnerability = "deny" unmaintained = "deny" yanked = "deny" notice = "deny" -ignore = [ - # TODO(#1267): Remove when mio no longer depends on net2. - "RUSTSEC-2020-0016", - # TODO(#1874): Remove when tonic and hyper versions are updated. - "RUSTSEC-2021-0020", -] # Deny multiple versions unless explicitly skipped. [bans] diff --git a/oak_client/deny.toml b/oak_client/deny.toml index 0fcb097b4ec..c9afa100f11 100644 --- a/oak_client/deny.toml +++ b/oak_client/deny.toml @@ -13,12 +13,6 @@ vulnerability = "deny" unmaintained = "deny" yanked = "deny" notice = "deny" -ignore = [ - # TODO(#1267): Remove when mio no longer depends on net2. - "RUSTSEC-2020-0016", - # TODO(#1874): Remove when tonic and hyper versions are updated. - "RUSTSEC-2021-0020", -] # Deny multiple versions unless explicitly skipped. [bans] diff --git a/oak_loader/deny.toml b/oak_loader/deny.toml index 872ebc4fa6c..adc53b3f7cf 100644 --- a/oak_loader/deny.toml +++ b/oak_loader/deny.toml @@ -10,12 +10,6 @@ vulnerability = "deny" unmaintained = "deny" yanked = "deny" notice = "deny" -ignore = [ - # TODO(#1267): Remove when mio no longer depends on net2. - "RUSTSEC-2020-0016", - # TODO(#1874): Remove when tonic and hyper versions are updated. - "RUSTSEC-2021-0020", -] # Deny multiple versions unless explicitly skipped. [bans] diff --git a/oak_runtime/deny.toml b/oak_runtime/deny.toml index 1d01ad50640..b6bf0ab1999 100644 --- a/oak_runtime/deny.toml +++ b/oak_runtime/deny.toml @@ -10,12 +10,6 @@ vulnerability = "deny" unmaintained = "deny" yanked = "deny" notice = "deny" -ignore = [ - # TODO(#1267): Remove when mio no longer depends on net2. - "RUSTSEC-2020-0016", - # TODO(#1874): Remove when tonic and hyper versions are updated. - "RUSTSEC-2021-0020", -] # Deny multiple versions unless explicitly skipped. [bans] diff --git a/sdk/deny.toml b/sdk/deny.toml index b400022c9bf..382b763e5c5 100644 --- a/sdk/deny.toml +++ b/sdk/deny.toml @@ -13,12 +13,6 @@ vulnerability = "deny" unmaintained = "deny" yanked = "deny" notice = "deny" -ignore = [ - # TODO(#1267): Remove when mio no longer depends on net2. - "RUSTSEC-2020-0016", - # TODO(#1874): Remove when tonic and hyper versions are updated. - "RUSTSEC-2021-0020", -] # Deny multiple versions unless explicitly skipped. [bans] From 94e6c47fe0cf649c9af57e8f41072b4d5dd24572 Mon Sep 17 00:00:00 2001 From: Conrad Grobler Date: Tue, 27 Apr 2021 15:09:58 +0000 Subject: [PATCH 2/2] Remove unneeded code --- oak_runtime/src/node/http/server.rs | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/oak_runtime/src/node/http/server.rs b/oak_runtime/src/node/http/server.rs index e3752bf8686..420fbfe0f01 100644 --- a/oak_runtime/src/node/http/server.rs +++ b/oak_runtime/src/node/http/server.rs @@ -60,9 +60,6 @@ use oak_abi::proto::oak::identity::SignedChallenge; use prost::Message; use tokio_rustls::TlsAcceptor; -// Workaround for https://rust-lang.github.io/rust-clippy/master/index.html#borrow_interior_mutable_const. -static TRANSFER_ENCODING: http::header::HeaderName = http::header::TRANSFER_ENCODING; - /// Checks that port is not reserved (i.e., is greater than 1023). fn check_port(address: &SocketAddr) -> Result<(), ConfigurationError> { if address.port() > 1023 { @@ -309,7 +306,6 @@ struct HttpRequestHandler { impl HttpRequestHandler { async fn handle(&self, req: Request) -> anyhow::Result> { - let req = validate_request(req)?; let request = to_oak_http_request(req).await?; match get_oak_label(&request) { Ok(oak_label) => { @@ -374,23 +370,6 @@ impl HttpRequestHandler { } } -/// Check if the request contains a `TRANSFER_ENCODING` header, and reject the request in that case -/// by returning an error. -// TODO(#1874): Remove when tonic and hyper versions are updated. -fn validate_request(req: Request) -> anyhow::Result> { - if req - .headers() - .get(&TRANSFER_ENCODING.as_str().to_string()) - .is_some() - { - Err(anyhow!( - "Requests containing TRANSFER_ENCODING headers are not allowed." - )) - } else { - Ok(req) - } -} - /// HTTP requests can either provide JSON formatted labels or protobuf encoded labels. But exactly /// one of these should be provided. This method checks that exactly one label is provided in a /// header in the request and extracts it for use for further handling of the request.