Fix WS-2018-0594 potential non-random UUIDs security issue#78
Fix WS-2018-0594 potential non-random UUIDs security issue#78qiluo-msft merged 2 commits intosonic-net:masterfrom
Conversation
|
lgtm. @sumukhatv could you help review? |
|
@xumia Did test/apitest.py pass with this change? |
|
Test results: Ran 32 tests in 35.470s OK test_vrouter_not_created_all_verbs (main.ra_client_negative_tests) ... ok Ran 23 tests in 24.653s OK |
|
@sumukhatv , thanks for your comment, there is an API change, fixed. |
|
@sumukhatv , the test is based on the change: #81 |
Does it mean that we need to merge #81 for the tests to pass for this PR? |
|
@sumukhatv , this PR does not have any dependencies on the PR #81, the PR is a general fix. The test steps in the readme do not work, it should be another issue. |
|
@prsunny for visibility |
|
All the tests are passing. Good to merge: ~/sonic-restapi/test$ python apitest.py Ran 32 tests in 35.560s OK Ran 23 tests in 24.663s OK |
3 participants
A vulnerability was found in github.com/satori/go.uuid through version v1.2.0. The UUID random generator uses Read() function which has fewer bytes than asked and might cause potential non-random UUIDs.
See advisory for vulnerability details
From CERT: satori/go.uuid@75cca53
More detail alert info can be found on https://msazure.visualstudio.com/One/_componentGovernance/Networking-acs-buildimage/alert/4546641?typeId=5886163
Fix multiple-value uuid.NewV4() in single-value context issue.