New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Escape terminal special characters in kubectl #112553
Conversation
Welcome @dgl! |
Hi @dgl. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/sig cli |
/ok-to-test |
/assign @soltysh |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
if truncated { | ||
fmt.Fprint(output, "...") | ||
} | ||
default: | ||
fmt.Fprint(output, val) | ||
WriteEscaped(output, fmt.Sprint(val)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I'm not fully aware of the context of this change. Why we are fmt.Sprint(val)
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's to get val into a string
(i.e. via Stringer or the rules fmt uses), it made sense to me to make the new WriteEscaped
take a string, rather than put the formatting over there, which might not match all caller's expectations.
e.Reason, | ||
e.InvolvedObject.Kind, e.InvolvedObject.Name, | ||
strings.TrimSpace(e.Message), | ||
printers.EscapeTerminal(e.Type), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aren't events only generated by kubernetes itself?, how user can generate events needed to be escaped?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See the kubectl create
command mentioned in #101695 (comment) -- it's possible for a user (with enough permission against say a namespace) to do this, which could then be viewed by an admin or other user.
It might also be possible to get a \x1B
into an error message that an operator or other component ends up putting into an event -- it doesn't make sense that every component should have to consider terminal escaping that is only relevant to kubectl (in the same way HTML escaping is usually done by the component that renders the HTML).
@@ -148,11 +149,13 @@ func (pw *prefixWriter) Write(level int, format string, a ...interface{}) { | |||
for i := 0; i < level; i++ { | |||
prefix += levelSpace | |||
} | |||
fmt.Fprintf(pw.out, prefix+format, a...) | |||
output := fmt.Sprintf(prefix+format, a...) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fmt.Sprintf
automatically escapes special characters?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This formats it into a string, where WriteEscaped on the next line does that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
we still have annotations to cover as mentioned in the original issue, I doesn't look like this PR covers that bit, but since it's improving the current situation it's definitely worthy merge as is, and work on annotations in a follow
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dgl, pacoxu, soltysh The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/labe tide/merge-method-squash |
/label tide/merge-method-squash |
/retest |
Will this fix be available in 1.25 and 1.24? I tried to find relevant guidance in the Kubernetes security documentation but did not see anything. thanks |
* Escape terminal special characters in kubectl * Add escaping for kubectl alpha events
Fixes #101695.
What type of PR is this?
/kind bug
What this PR does / why we need it:
Escapes terminal special characters in kubectl output. These can be used to confuse the user of kubectl, or potentially more serious attacks if their terminal emulator has a bug, as mentioned in the related issue.
Which issue(s) this PR fixes:
Fixes #101695
Special notes for your reviewer:
I've covered:
kubectl get
(default table view)kubectl get events -o custom-columns=message:".message"
kubectl describe
kubectl alpha events
Which I believe covers the original report along with the follow-up mentioned in #107617. Additionally I've confirmed that
kubectl get -o json
andkubectl get -o yaml
perform their own escaping.In addition to the original report I noticed that
\r
is allowed in various contexts, which can be used to replace the current line, and therefore still trick a user, so that is also escaped.There are some cases which will not be covered, e.g. users using
-o template=...
, this is harder to fix as the user could be expecting to parse these outputs and ad-hoc human readable escaping may not be suitable. I believe these are less of a concern as the main commands are covered (we could consider detecting if the tty is a terminal or not, as done in some places in kubectl already, but then there are still issues, e.g. a user piping to grep).Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: