Connect, secure, control, and observe services.
2535 matches across 12 categories. Click a row to expand file-level details.
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | prow/integ-suite-kind.sh | 1 | #!/bin/bash |
| LOW | prow/release-commit.sh | 1 | #!/bin/bash |
| LOW | prow/lib.sh | 1 | #!/bin/bash |
| LOW | prow/release-test.sh | 1 | #!/bin/bash |
| LOW | prow/benchtest.sh | 1 | #!/bin/bash |
| LOW | prow/coverage.sh | 1 | #!/bin/bash |
| LOW | tools/build-base-images.sh | 1 | #!/usr/bin/env bash |
| LOW | tools/build-kind-image.sh | 1 | #!/usr/bin/env bash |
| LOW | tools/dump-docker-logs.sh | 1 | #!/bin/bash |
| LOW | tools/skip-image.sh | 1 | #!/bin/bash |
| LOW | tools/convert_RbacConfig_to_ClusterRbacConfig.sh | 1 | #!/bin/bash |
| LOW | tools/docker-copy.sh | 1 | #!/bin/bash |
| LOW | tools/gen_istio_image_list.sh | 1 | #!/bin/bash |
| LOW | tools/dump_kubernetes.sh | 1 | #!/bin/bash |
| LOW | tools/commonfiles-postprocess.sh | 1 | #!/bin/bash |
| LOW | tools/packaging/postinst.sh | 1 | #!/bin/bash |
| LOW | tools/packaging/common/istio-start.sh | 1 | #!/bin/bash |
| LOW | tools/istio-nftables/pkg/capture/run.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-nftables/pkg/capture/run_test.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-nftables/pkg/capture/run_linux_test.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-nftables/pkg/nft/program.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-nftables/pkg/constants/constants.go | 1 | // Copyright Istio Authors |
| LOW | …ls/istio-nftables/pkg/builder/nftables_builder_impl.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-nftables/pkg/builder/nftables_api.go | 1 | // Copyright Istio Authors |
| LOW | …ls/istio-nftables/pkg/builder/nftables_builder_test.go | 1 | // Copyright Istio Authors |
| LOW | tools/docker-builder/docker.go | 1 | // Copyright Istio Authors |
| LOW | tools/docker-builder/docker.go | 41 | // construct a big build plan which docker can execute in parallel. This provides order of magnitude |
| LOW | tools/docker-builder/types.go | 1 | // Copyright Istio Authors |
| LOW | tools/docker-builder/crane.go | 1 | // Copyright Istio Authors |
| LOW | tools/docker-builder/crane.go | 41 | // the configured base image, and add a new layer for all the copies. This layer is constructed in a |
| LOW | tools/docker-builder/common.go | 1 | // Copyright Istio Authors |
| LOW | tools/docker-builder/main.go | 1 | // Copyright Istio Authors |
| LOW | tools/docker-builder/dockerfile/parse.go | 1 | // Copyright Istio Authors |
| LOW | tools/docker-builder/builder/tar.go | 1 | // Copyright Istio Authors |
| LOW | tools/docker-builder/builder/crane.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-iptables/pkg/cmd/root.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-iptables/pkg/capture/run.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-iptables/pkg/capture/run_test.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-iptables/pkg/capture/helper.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-iptables/pkg/capture/run_linux_test.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-iptables/pkg/constants/constants.go | 1 | // Copyright Istio Authors |
| LOW | …istio-iptables/pkg/dependencies/implementation_test.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-iptables/pkg/dependencies/interface.go | 1 | // Copyright Istio Authors |
| LOW | …ptables/pkg/dependencies/implementation_unspecified.go | 1 | //go:build !linux |
| LOW | tools/istio-iptables/pkg/dependencies/implementation.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-iptables/pkg/dependencies/implementation.go | 121 | // It is not sufficient to check for the presence of one binary or the other in $PATH - |
| LOW | …iptables/pkg/dependencies/implementation_linux_test.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-iptables/pkg/dependencies/stub.go | 1 | // Copyright Istio Authors |
| LOW | …stio-iptables/pkg/dependencies/implementation_linux.go | 1 | // Copyright Istio Authors |
| LOW | …stio-iptables/pkg/dependencies/implementation_linux.go | 201 | // In our case, the culprit is the `xt_owner` (`-m owner`) module in iptables calls the `passwd` service to lookup the |
| LOW | …ls/istio-iptables/pkg/builder/iptables_builder_test.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-iptables/pkg/builder/helper.go | 1 | // Copyright Istio Authors |
| LOW | …ls/istio-iptables/pkg/builder/iptables_builder_impl.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-iptables/pkg/validation/vld.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-iptables/pkg/validation/validator.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-iptables/pkg/validation/vld_unix.go | 1 | // Copyright Istio Authors |
| LOW | tools/istio-iptables/pkg/validation/vld_unspecified.go | 1 | //go:build !unix |
| LOW | tools/common/config/config.go | 1 | // Copyright Istio Authors |
| LOW | tools/common/config/config_other.go | 1 | //go:build !linux |
| LOW | tools/common/config/types.go | 1 | // Copyright Istio Authors |
| 2364 more matches not shown… | |||
| Severity | File | Line | Snippet |
|---|---|---|---|
| MEDIUM | tests/testdata/certs/generate.sh | 137 | # Create a certificate authority |
| MEDIUM | tests/testdata/certs/generate.sh | 146 | # Create a server certificate |
| MEDIUM | tests/testdata/certs/generate.sh | 151 | # Create a client certificate |
| MEDIUM | tests/testdata/certs/generate.sh | 156 | # Create a DNS client certificate |
| MEDIUM | tests/testdata/certs/generate.sh | 161 | # Create a server certificate for MountedCerts test |
| MEDIUM | tests/testdata/certs/generate.sh | 166 | # Create a client certificate for MountedCerts test |
| MEDIUM | …p-externalistiod-config-integration-test-defaults.yaml | 1 | # This file provides some defaults for integration testing. |
| MEDIUM | tests/integration/iop-integration-test-defaults.yaml | 1 | # This file provides some defaults for integration testing. |
| MEDIUM | tests/integration/create_cluster_gke.sh | 107 | # Create the cluster |
| MEDIUM | …tegration/iop-integration-test-defaults-with-quic.yaml | 1 | # This file provides some defaults for integration testing. |
| MEDIUM | tests/integration/iop-wds.yaml | 1 | # This file provides some defaults for integration testing. |
| MEDIUM | …-externalistiod-primary-integration-test-defaults.yaml | 1 | # This file provides some defaults for integration testing. |
| MEDIUM | tests/integration/iop-ambient-test-defaults.yaml | 1 | # This file provides some defaults for integration testing. |
| MEDIUM | …/integration/iop-remote-integration-test-defaults.yaml | 1 | # This file provides some defaults for integration testing. |
| MEDIUM | …/integration/iop-remote-integration-test-gateways.yaml | 1 | # This file provides some defaults for integration testing. |
| MEDIUM | tests/integration/base-clustertrustbundle.yaml | 1 | # This file provides some defaults for integration testing. |
| MEDIUM | tests/integration/base.yaml | 1 | # This file provides some defaults for integration testing. |
| MEDIUM | samples/extauthz/local-ext-authz.yaml | 17 | # Define the service entry for the local ext-authz service on port 8000. |
| MEDIUM | samples/extauthz/local-ext-authz.yaml | 33 | # Define the service entry for the local ext-authz service on port 9000. |
| MEDIUM | samples/bookinfo/platform/kube/bookinfo-dualstack.yaml | 16 | # This file defines the services, service accounts, and deployments for the Bookinfo sample. |
| MEDIUM | samples/bookinfo/platform/kube/bookinfo.yaml | 16 | # This file defines the services, service accounts, and deployments for the Bookinfo sample. |
| MEDIUM | samples/bookinfo/platform/kube/bookinfo-psa.yaml | 16 | # This file defines the same services, service accounts, and deployments as bookinfo.yaml with |
| MEDIUM | common/scripts/kind_provisioner.sh | 310 | # Create the clusters. |
| MEDIUM | common/scripts/setup_env.sh | 162 | # This function is designed for maximum compatibility with various platforms. This runs on |
| MEDIUM | istioctl/pkg/kubeinject/kubeinject.go | 496 | # Create a persistent version of the deployment with Istio sidecar injected. |
| MEDIUM | istioctl/pkg/multicluster/remote_secret.go | 97 | Example: ` # Create a secret to access cluster c0's apiserver and install it in cluster c1. |
| MEDIUM | istioctl/pkg/multicluster/remote_secret.go | 105 | # Create a secret access a remote cluster with an auth plugin |
| MEDIUM | istioctl/pkg/multicluster/remote_secret.go | 484 | outputHeader = "# This file is autogenerated, do not edit.\n" |
| MEDIUM | istioctl/pkg/multicluster/remote_secret_test.go | 115 | return fmt.Sprintf(`# This file is autogenerated, do not edit. |
| MEDIUM | istioctl/pkg/multicluster/remote_secret_test.go | 148 | return fmt.Sprintf(`# This file is autogenerated, do not edit. |
| MEDIUM | istioctl/pkg/multicluster/remote_secret_test.go | 644 | want := `# This file is autogenerated, do not edit. |
| MEDIUM | istioctl/pkg/tag/tag.go | 118 | Example: ` # Create a revision tag from the "1-8-0" revision |
| MEDIUM | istioctl/pkg/tag/tag.go | 171 | Example: ` # Create a revision tag from the "1-8-0" revision |
| MEDIUM | …fests/charts/istio-control/istio-discovery/values.yaml | 563 | # Define the security context for the pod. |
| MEDIUM | …-discovery/templates/remote-istiod-endpointslices.yaml | 9 | # This file is only used for remote `istiod` installs. |
| MEDIUM | …l/istio-discovery/templates/remote-istiod-service.yaml | 2 | # This file is only used for remote |
| MEDIUM | manifests/charts/gateway/values.yaml | 36 | # Define the security context for the pod. |
| MEDIUM | pkg/testcerts/generate-certs.sh | 56 | # Create a certificate authority |
| MEDIUM | pkg/testcerts/generate-certs.sh | 60 | # Create a server certificate |
| MEDIUM | pkg/testcerts/generate-certs.sh | 65 | # Create a client certificate |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | prow/release-commit.sh | 51 | # If not specified, we can just create a temporary directory |
| MEDIUM | tools/bug-report/pkg/bugreport/bugreport.go | 427 | // TODO(stewartbutler): output the logs to a more robust/complete structure. |
| LOW | tests/integration/security/fuzz/fuzzers/jwt_tool/run.sh | 18 | # The jwt_tool.py always return non-zero exit code, overwrite to just return zero as the test code will check the report |
| LOW | …sts/integration/security/fuzz/fuzzers/dotdotpwn/run.sh | 18 | # The dotdotpwn.pl always return non-zero exit code, overwrite to just return zero as the test code will check the repor |
| MEDIUM | tests/integration/ambient/main_test.go | 47 | // Below are various preconfigured echo deployments. Whenever possible, tests should utilize these |
| MEDIUM | tests/integration/ambient/cnirepair/main_test.go | 42 | // Below are various preconfigured echo deployments. Whenever possible, tests should utilize these |
| MEDIUM | tests/integration/ambient/cni/main_test.go | 52 | // Below are various preconfigured echo deployments. Whenever possible, tests should utilize these |
| MEDIUM | tests/integration/ambient/cniupgrade/main_test.go | 46 | // Below are various preconfigured echo deployments. Whenever possible, tests should utilize these |
| MEDIUM | tests/integration/pilot/main_test.go | 31 | // Below are various preconfigured echo deployments. Whenever possible, tests should utilize these |
| MEDIUM | tests/integration/pilot/agentgateway/main_test.go | 31 | // Below are various preconfigured echo deployments. Whenever possible, tests should utilize these |
| MEDIUM | tests/integration/pilot/nftables/main_test.go | 31 | // Below are various preconfigured echo deployments. Whenever possible, tests should utilize these |
| MEDIUM | …egration/pilot/localwatcher/localsecretwatcher_test.go | 32 | // Below are various preconfigured echo deployments. Whenever possible, tests should utilize these |
| MEDIUM | pilot/pkg/security/authz/builder/builder.go | 382 | // can utilize these metadata to trigger the enforcement conditionally. |
| MEDIUM | …/pkg/networking/core/loadbalancer/loadbalancer_test.go | 830 | // TODO Below assertions are not robust to ordering changes in cluster.LoadAssignment.Endpoints[i] |
| MEDIUM | …/pkg/networking/core/loadbalancer/loadbalancer_test.go | 990 | // TODO Below assertions are not robust to ordering changes in cluster.LoadAssignment.Endpoints[i] |
| MEDIUM | pilot/pkg/model/endpointshards.go | 332 | // completed until after a response after the update. Essentially, we transition from v0 -> v1 -> |
| LOW | manifests/charts/ztunnel/values.yaml | 2 | # For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. |
| LOW | manifests/charts/istio-cni/values.yaml | 2 | # For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. |
| LOW | manifests/charts/default/values.yaml | 2 | # For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. |
| LOW | manifests/charts/gateways/istio-egress/values.yaml | 2 | # For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. |
| LOW | manifests/charts/gateways/istio-ingress/values.yaml | 2 | # For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. |
| LOW | …fests/charts/istio-control/istio-discovery/values.yaml | 2 | # For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. |
| MEDIUM | …fests/charts/istio-control/istio-discovery/values.yaml | 179 | # to utilize a remote instance. |
| LOW | manifests/charts/base/values.yaml | 2 | # For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. |
| LOW | manifests/charts/gateway/values.yaml | 2 | # For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. |
| MEDIUM | pkg/test/framework/components/echo/config.go | 372 | // TODO this can be more robust to not require labeling initial echo config (check namespace + isWaypoint + not sidecar |
| MEDIUM | pkg/security/security.go | 72 | // SDSExternalCredentialPrefix is the prefix for the credentialName which will utilize external SDS connections defined |
| MEDIUM | pkg/istio-agent/xds_proxy_test.go | 346 | // this ensures we are robust against cases where envoy rapidly disconnects and reconnects |
| MEDIUM | pkg/kube/krt/collection.go | 135 | // Where possible, we utilize the reverse-indexing to get the precise list of potentially changed objects. |
| MEDIUM | pkg/kube/multicluster/secretcontroller_test.go | 546 | // Test our (lack of) ability to do seamless updates of a cluster. |
| MEDIUM | pkg/kube/multicluster/secretcontroller_test.go | 578 | // If this is an update and we have a previous component, use seamless migration |
| MEDIUM | pkg/kube/multicluster/secretcontroller_test.go | 621 | // With seamless migration implemented, we should get 'delete/initial, add/later, update/common'. |
| MEDIUM | pkg/kube/multicluster/secretcontroller_test.go | 622 | // The test should fail until seamless migration properly implements UPDATE events for objects that exist in both old a |
| MEDIUM | pkg/kube/multicluster/secretcontroller.go | 261 | // During a cluster update, a new component is constructed before the old one is removed for seamless migration. |
| MEDIUM | pkg/kube/multicluster/cluster.go | 73 | // for seamless migration (comparing old vs new state). |
| MEDIUM | pkg/kube/multicluster/component.go | 80 | // until the new one has synced, ensuring seamless access without gaps. |
| MEDIUM | pkg/kube/multicluster/component.go | 85 | // New component hasn't synced yet, return old component for seamless access |
| MEDIUM | pkg/kube/multicluster/component.go | 136 | // Store old component temporarily so constructor can access it for seamless migration |
| MEDIUM | pkg/kube/multicluster/component.go | 225 | // wrappedEventHandler wraps an event handler to provide seamless migration during cluster updates. |
| MEDIUM | pkg/kube/multicluster/component.go | 238 | // This ensures that components consuming these events see a seamless transition without unnecessary |
| MEDIUM | pkg/kube/controllers/common.go | 38 | // Object is a union of runtime + meta objects. Essentially every k8s object meets this interface. |
| Severity | File | Line | Snippet |
|---|---|---|---|
| CRITICAL | istioctl/pkg/describe/describe.go | 307 | printSpaces(initPrintNum+printLevel1), dr.Spec.TrafficPolicy.Tls.Mode.String()) |
| CRITICAL | operator/pkg/webhook/webhook.go | 167 | if names.Contains(m.Resource.Metadata.FullName.Name.String()) { |
| CRITICAL | operator/pkg/apis/validation/validation.go | 87 | cniEnabled := iop.Spec.Components != nil && iop.Spec.Components.Cni != nil && iop.Spec.Components.Cni.Enabled.GetValueO |
| CRITICAL | operator/pkg/apis/validation/validation.go | 88 | ztunnelEnabled := iop.Spec.Components != nil && iop.Spec.Components.Ztunnel != nil && iop.Spec.Components.Ztunnel.Enabl |
| CRITICAL | pkg/ctrlz/assets/static/js/jquery-3.2.1.slim.min.js | 3 | }),this},r.extend({isReady:!1,readyWait:1,ready:function(a){(a===!0?--r.readyWait:r.isReady)||(r.isReady=!0,a!==!0&&--r. |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | prow/integ-suite-kind.sh | 229 | # Check if the user is running the clusters in manual mode. |
| LOW | …integration/security/fuzz/fuzzers/jwt_tool/jwtconf.ini | 12 | # Set this to the URL you are hosting your custom JWKS file - your own server, or maybe use this cheeky reflective URL ( |
| LOW | …integration/security/fuzz/fuzzers/jwt_tool/jwtconf.ini | 14 | # Set this to the base URL of a Collaborator server, somewhere you can read live logs, a Request Bin etc. |
| LOW | release/downloadIstioCtl.sh | 136 | # Print message |
| LOW | istioctl/pkg/kubeinject/testdata/mesh-config.yaml | 1 | # Set enableTracing to false to disable request tracing. |
| LOW | istioctl/pkg/kubeinject/testdata/istio-operator.yaml | 8 | # Set enableTracing to false to disable request tracing. |
| LOW | manifests/charts/gateways/istio-egress/values.yaml | 70 | # Set this to "external" if and only if you want the egress gateway to |
| Severity | File | Line | Snippet |
|---|---|---|---|
| MEDIUM | tests/testdata/config/none.yaml | 9 | # This is the first test using the new isolated model, you can use it as a template to create more |
| MEDIUM | …/bookinfo/platform/kube/bookinfo-ratings-v2-mysql.yaml | 40 | # if you would like to use mysqldb then you can use this file |
| LOW | istioctl/pkg/kubeinject/testdata/mesh-config.yaml | 7 | # NOTE: If you change any values in this section, make sure to make |
| Severity | File | Line | Snippet |
|---|---|---|---|
| HIGH | cni/pkg/nodeagent/server_linux.go | 67 | // Error while detecting the artifacts. Default to nftables (as requested) for a fail-safe behavior. |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | bin/diff_yaml.py | 20 | |
| LOW | security/tools/jwt/sa-jwt.py | 22 | |
| LOW | security/tools/jwt/samples/gen-jwt.py | 22 | |
| LOW | samples/helloworld/src/app.py | 19 | |
| LOW | samples/bookinfo/src/productpage/productpage.py | 17 | |
| LOW | samples/bookinfo/src/productpage/productpage.py | 18 |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | samples/bookinfo/src/ratings/ratings.js | 229 | function getLocalReviewsSuccessful(res, productId) { |
| LOW | samples/bookinfo/src/ratings/ratings.js | 234 | function getLocalReviewsServiceUnavailable(res) { |
| LOW | samples/bookinfo/src/details/details.rb | 84 | def fetch_details_from_external_service(isbn, id, headers) |
| LOW | …ookinfo/src/productpage/tests/unit/test_productpage.py | 34 | def test_header_propagation_reviews(self, m): |
| LOW | …ookinfo/src/productpage/tests/unit/test_productpage.py | 62 | def test_header_propagation_ratings(self, m): |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | pkg/kube/krt/krttest/helpers.go | 34 | // Example usage: |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | security/tools/jwt/samples/gen-jwt.py | 30 |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | samples/bookinfo/src/ratings/ratings.js | 252 | function handleRequest (request, response) { |