Deprecated fix

[Nithunikzz]

No description provided.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	❕	10 findings
Sensitive Files Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request focus on improving the error handling and robustness of the kubviz application. The key changes include:

1. Replacing log.Fatal() with log.Println() in the CheckErr function of the event_metrics_utils.go file. This change ensures that errors are logged instead of causing the program to terminate, making the application more resilient.

2. Enhancing the kubePreUpgrade plugin to better handle deprecated and deleted Kubernetes APIs during the pre-upgrade process. This includes downloading the Kubernetes Swagger file, populating an API map, detecting deprecated and deleted APIs, and publishing the findings to a NATS JetStream context for further processing and monitoring.

These changes are positive from an application security perspective, as they improve the overall error handling and robustness of the application, as well as provide better visibility and control over Kubernetes API changes during the pre-upgrade process. This helps reduce the risk of breaking changes and ensures a smoother upgrade experience for users.

Files Changed:

1. agent/kubviz/plugins/events/event_metrics_utils.go:

   • The CheckErr function has been modified to use log.Println() instead of log.Fatal(), improving error handling and preventing the program from terminating.

2. agent/kubviz/plugins/kubepreupgrade/kubePreUpgrade.go:

   • The code has been enhanced to download the Kubernetes Swagger file, populate an API map, detect deprecated and deleted APIs, and publish the findings to a NATS JetStream context.
   • The code also handles various errors, permissions issues, and discovers preferred resource names and group-version for the detected APIs.
   • These changes improve the pre-upgrade process by providing better visibility and control over Kubernetes API changes, reducing the risk of breaking changes during the upgrade.

Powered by DryRun Security