Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add validation for IPv6 addresses passed to Fault Injection APIs #4411

Merged
merged 3 commits into from
Oct 28, 2024
Merged

Add validation for IPv6 addresses passed to Fault Injection APIs #4411

merged 3 commits into from
Oct 28, 2024

Conversation

amogh09
Copy link
Contributor

@amogh09 amogh09 commented Oct 25, 2024
edited
Loading

Summary

Fault Injection APIs only support IPv4 addresses. However, they currently do not validate that an IP address passed to them is IPv4 and not IPv6 which causes a server error. This change makes the APIs fail with a validation error if an IP address passed is IPv6.

Testing

Did some manual testing.

bash-5.2# curl -XPOST --data '{"DelayMilliseconds": 500, "JitterMilliseconds": 0, "Sources": ["2001:db8::68"]}' ${ECS_AGENT_URI}/fault/v1/network-latency/start
{"Error":"invalid value 2001:db8::68 for parameter Sources"}bash-5.2#
bash-5.2# curl -XPOST --data '{"DelayMilliseconds": 500, "JitterMilliseconds": 0, "Sources": ["2001:db8::/32"]}' ${ECS_AGENT_URI}/fault/v1/network-latency/start
{"Error":"invalid value 2001:db8::/32 for parameter Sources"}bash-5.2#
bash-5.2# curl -XPOST --data '{"LossPercent": 50, "Sources": ["2001:db8::68"]}' ${ECS_AGENT_URI}/fault/v1/network-packet-loss/start
{"Error":"invalid value 2001:db8::68 for parameter Sources"}bash-5.2#
bash-5.2# curl -XPOST --data '{"LossPercent": 50, "Sources": ["2001:db8::/32"]}' ${ECS_AGENT_URI}/fault/v1/network-packet-loss/start
{"Error":"invalid value 2001:db8::/32 for parameter Sources"}bash-5.2#
bash-5.2# curl -XPOST --data '{"Port": 80, "Protocol": "tcp", "TrafficType": "egress", "SourcesToFilter":["2001:db8::68"]}' ${ECS_AGENT_URI}/fault/v1/network-blackhole-port/start
{"Error":"invalid value 2001:db8::68 for parameter SourcesToFilter"}bash-5.2#
bash-5.2# curl -XPOST --data '{"Port": 80, "Protocol": "tcp", "TrafficType": "egress", "SourcesToFilter":["2001:db8::/32"]}' ${ECS_AGENT_URI}/fault/v1/network-blackhole-port/start
{"Error":"invalid value 2001:db8::/32 for parameter SourcesToFilter"}bash-5.2#

New tests cover the changes: yes

Description for the changelog

Bugfix: Add validation to prevent Fault Injection APIs from accepting IPv6 addresses.

Additional Information

Does this PR include breaking model changes? If so, Have you added transformation functions?

Does this PR include the addition of new environment variables in the README?

Licensing

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@amogh09 amogh09 marked this pull request as ready for review October 25, 2024 22:10
@amogh09 amogh09 requested a review from a team as a code owner October 25, 2024 22:10
harishxr
harishxr previously approved these changes Oct 25, 2024
View reviewed changes
xxx0624
xxx0624 previously approved these changes Oct 25, 2024
View reviewed changes
ecs-agent/tmds/handlers/fault/v1/types/types.go Show resolved Hide resolved
@amogh09 amogh09 dismissed stale reviews from xxx0624 and harishxr via dc7fd5f October 25, 2024 23:44
@amogh09 amogh09 merged commit ea301d0 into aws:dev Oct 28, 2024
40 checks passed
@mye956 mye956 mentioned this pull request Oct 30, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@harishxr harishxr harishxr approved these changes

@xxx0624 xxx0624 xxx0624 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@amogh09 @xxx0624 @harishxr @amazon-ecs-bot