Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stop ignoring RUSTSEC advisories #2017

Merged
merged 2 commits into from
Apr 27, 2021
Merged

Stop ignoring RUSTSEC advisories #2017

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
68076e6
Stop ignoring advisories
conradgrobler Apr 27, 2021
94e6c47
Remove unneeded code
conradgrobler Apr 27, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 0 additions & 6 deletions examples/deny.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,6 @@ vulnerability = "deny"
unmaintained = "deny"
yanked = "deny"
notice = "deny"
ignore = [
# TODO(#1267): Remove when mio no longer depends on net2.
"RUSTSEC-2020-0016",
# TODO(#1874): Remove when tonic and hyper versions are updated.
"RUSTSEC-2021-0020",
]

# Deny multiple versions unless explicitly skipped.
[bans]
Expand Down
6 changes: 0 additions & 6 deletions experimental/deny.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,6 @@ vulnerability = "deny"
unmaintained = "deny"
yanked = "deny"
notice = "deny"
ignore = [
# TODO(#1267): Remove when mio no longer depends on net2.
"RUSTSEC-2020-0016",
# TODO(#1874): Remove when tonic and hyper versions are updated.
"RUSTSEC-2021-0020",
]

# Deny multiple versions unless explicitly skipped.
[bans]
Expand Down
6 changes: 0 additions & 6 deletions oak_client/deny.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,6 @@ vulnerability = "deny"
unmaintained = "deny"
yanked = "deny"
notice = "deny"
ignore = [
# TODO(#1267): Remove when mio no longer depends on net2.
"RUSTSEC-2020-0016",
# TODO(#1874): Remove when tonic and hyper versions are updated.
"RUSTSEC-2021-0020",
]

# Deny multiple versions unless explicitly skipped.
[bans]
Expand Down
6 changes: 0 additions & 6 deletions oak_loader/deny.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,6 @@ vulnerability = "deny"
unmaintained = "deny"
yanked = "deny"
notice = "deny"
ignore = [
# TODO(#1267): Remove when mio no longer depends on net2.
"RUSTSEC-2020-0016",
# TODO(#1874): Remove when tonic and hyper versions are updated.
"RUSTSEC-2021-0020",
]

# Deny multiple versions unless explicitly skipped.
[bans]
Expand Down
6 changes: 0 additions & 6 deletions oak_runtime/deny.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,6 @@ vulnerability = "deny"
unmaintained = "deny"
yanked = "deny"
notice = "deny"
ignore = [
# TODO(#1267): Remove when mio no longer depends on net2.
"RUSTSEC-2020-0016",
# TODO(#1874): Remove when tonic and hyper versions are updated.
"RUSTSEC-2021-0020",
]

# Deny multiple versions unless explicitly skipped.
[bans]
Expand Down
21 changes: 0 additions & 21 deletions oak_runtime/src/node/http/server.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,9 +60,6 @@ use oak_abi::proto::oak::identity::SignedChallenge;
use prost::Message;
use tokio_rustls::TlsAcceptor;

// Workaround for https://rust-lang.github.io/rust-clippy/master/index.html#borrow_interior_mutable_const.
static TRANSFER_ENCODING: http::header::HeaderName = http::header::TRANSFER_ENCODING;

/// Checks that port is not reserved (i.e., is greater than 1023).
fn check_port(address: &SocketAddr) -> Result<(), ConfigurationError> {
if address.port() > 1023 {
Expand Down Expand Up @@ -309,7 +306,6 @@ struct HttpRequestHandler {

impl HttpRequestHandler {
async fn handle(&self, req: Request<Body>) -> anyhow::Result<Response<Body>> {
let req = validate_request(req)?;
let request = to_oak_http_request(req).await?;
match get_oak_label(&request) {
Ok(oak_label) => {
Expand Down Expand Up @@ -374,23 +370,6 @@ impl HttpRequestHandler {
}
}

/// Check if the request contains a `TRANSFER_ENCODING` header, and reject the request in that case
/// by returning an error.
// TODO(#1874): Remove when tonic and hyper versions are updated.
fn validate_request(req: Request<Body>) -> anyhow::Result<Request<Body>> {
if req
.headers()
.get(&TRANSFER_ENCODING.as_str().to_string())
.is_some()
{
Err(anyhow!(
"Requests containing TRANSFER_ENCODING headers are not allowed."
))
} else {
Ok(req)
}
}

/// HTTP requests can either provide JSON formatted labels or protobuf encoded labels. But exactly
/// one of these should be provided. This method checks that exactly one label is provided in a
/// header in the request and extracts it for use for further handling of the request.
Expand Down
6 changes: 0 additions & 6 deletions sdk/deny.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,6 @@ vulnerability = "deny"
unmaintained = "deny"
yanked = "deny"
notice = "deny"
ignore = [
# TODO(#1267): Remove when mio no longer depends on net2.
"RUSTSEC-2020-0016",
# TODO(#1874): Remove when tonic and hyper versions are updated.
"RUSTSEC-2021-0020",
]

# Deny multiple versions unless explicitly skipped.
[bans]
Expand Down