run hack/update-netparse-cve.sh

2025-12-07 18:06:21 +00:00 · 2021-08-20 01:16:14 +02:00
parent e9ddac5d85
commit 0cd75e8fec
159 changed files with 1071 additions and 988 deletions
--- a/test/integration/controlplane/synthetic_controlplane_test.go
+++ b/test/integration/controlplane/synthetic_controlplane_test.go
@@ -22,7 +22,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
-	"net"
 	"net/http"
 	"os"
 	"path"
@@ -51,6 +50,7 @@ import (
 	"k8s.io/kubernetes/pkg/controlplane"
 	"k8s.io/kubernetes/test/integration"
 	"k8s.io/kubernetes/test/integration/framework"
+	netutils "k8s.io/utils/net"
 )

 const (
@@ -638,7 +638,7 @@ func TestAPIServerService(t *testing.T) {

 func TestServiceAlloc(t *testing.T) {
 	cfg := framework.NewIntegrationTestControlPlaneConfig()
-	_, cidr, err := net.ParseCIDR("192.168.0.0/29")
+	_, cidr, err := netutils.ParseCIDRSloppy("192.168.0.0/29")
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
--- a/test/integration/dualstack/dualstack_endpoints_test.go
+++ b/test/integration/dualstack/dualstack_endpoints_test.go
@@ -19,7 +19,6 @@ package dualstack
 import (
 	"context"
 	"fmt"
-	"net"
 	"testing"
 	"time"

@@ -38,6 +37,7 @@ import (
 	"k8s.io/kubernetes/pkg/controller/endpointslice"
 	"k8s.io/kubernetes/pkg/features"
 	"k8s.io/kubernetes/test/integration/framework"
+	netutils "k8s.io/utils/net"
 )

 func TestDualStackEndpoints(t *testing.T) {
@@ -52,13 +52,13 @@ func TestDualStackEndpoints(t *testing.T) {
 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.IPv6DualStack, dualStack)()

 	cfg := framework.NewIntegrationTestControlPlaneConfig()
-	_, cidr, err := net.ParseCIDR(serviceCIDR)
+	_, cidr, err := netutils.ParseCIDRSloppy(serviceCIDR)
 	if err != nil {
 		t.Fatalf("Bad cidr: %v", err)
 	}
 	cfg.ExtraConfig.ServiceIPRange = *cidr

-	_, secCidr, err := net.ParseCIDR(secondaryServiceCIDR)
+	_, secCidr, err := netutils.ParseCIDRSloppy(secondaryServiceCIDR)
 	if err != nil {
 		t.Fatalf("Bad cidr: %v", err)
 	}
--- a/test/integration/dualstack/dualstack_test.go
+++ b/test/integration/dualstack/dualstack_test.go
@@ -54,7 +54,7 @@ func TestCreateServiceSingleStackIPv4(t *testing.T) {
 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.IPv6DualStack, true)()

 	cfg := framework.NewIntegrationTestControlPlaneConfig()
-	_, cidr, err := net.ParseCIDR(serviceCIDR)
+	_, cidr, err := netutils.ParseCIDRSloppy(serviceCIDR)
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
@@ -271,7 +271,7 @@ func TestCreateServiceDualStackIPv6(t *testing.T) {
 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.IPv6DualStack, true)()

 	cfg := framework.NewIntegrationTestControlPlaneConfig()
-	_, cidr, err := net.ParseCIDR(serviceCIDR)
+	_, cidr, err := netutils.ParseCIDRSloppy(serviceCIDR)
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
@@ -491,13 +491,13 @@ func TestCreateServiceDualStackIPv4IPv6(t *testing.T) {
 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.IPv6DualStack, true)()

 	cfg := framework.NewIntegrationTestControlPlaneConfig()
-	_, cidr, err := net.ParseCIDR(serviceCIDR)
+	_, cidr, err := netutils.ParseCIDRSloppy(serviceCIDR)
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
 	cfg.ExtraConfig.ServiceIPRange = *cidr

-	_, secCidr, err := net.ParseCIDR(secondaryServiceCIDR)
+	_, secCidr, err := netutils.ParseCIDRSloppy(secondaryServiceCIDR)
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
@@ -718,13 +718,13 @@ func TestCreateServiceDualStackIPv6IPv4(t *testing.T) {
 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.IPv6DualStack, true)()

 	cfg := framework.NewIntegrationTestControlPlaneConfig()
-	_, cidr, err := net.ParseCIDR(serviceCIDR)
+	_, cidr, err := netutils.ParseCIDRSloppy(serviceCIDR)
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
 	cfg.ExtraConfig.ServiceIPRange = *cidr

-	_, secCidr, err := net.ParseCIDR(secondaryServiceCIDR)
+	_, secCidr, err := netutils.ParseCIDRSloppy(secondaryServiceCIDR)
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
@@ -948,13 +948,13 @@ func TestUpgradeDowngrade(t *testing.T) {
 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.IPv6DualStack, true)()

 	cfg := framework.NewIntegrationTestControlPlaneConfig()
-	_, cidr, err := net.ParseCIDR(serviceCIDR)
+	_, cidr, err := netutils.ParseCIDRSloppy(serviceCIDR)
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
 	cfg.ExtraConfig.ServiceIPRange = *cidr

-	_, secCidr, err := net.ParseCIDR(secondaryServiceCIDR)
+	_, secCidr, err := netutils.ParseCIDRSloppy(secondaryServiceCIDR)
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
@@ -1063,13 +1063,13 @@ func TestConvertToFromExternalName(t *testing.T) {
 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.IPv6DualStack, true)()

 	cfg := framework.NewIntegrationTestControlPlaneConfig()
-	_, cidr, err := net.ParseCIDR(serviceCIDR)
+	_, cidr, err := netutils.ParseCIDRSloppy(serviceCIDR)
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
 	cfg.ExtraConfig.ServiceIPRange = *cidr

-	_, secCidr, err := net.ParseCIDR(secondaryServiceCIDR)
+	_, secCidr, err := netutils.ParseCIDRSloppy(secondaryServiceCIDR)
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
@@ -1153,7 +1153,7 @@ func TestExistingServiceDefaulting(t *testing.T) {
 	// Create an IPv4IPv6 dual stack control-plane
 	serviceCIDR := "10.0.0.0/16"
 	cfg := framework.NewIntegrationTestControlPlaneConfig()
-	_, cidr, err := net.ParseCIDR(serviceCIDR)
+	_, cidr, err := netutils.ParseCIDRSloppy(serviceCIDR)
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
@@ -1236,13 +1236,13 @@ func TestPreferDualStack(t *testing.T) {
 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.IPv6DualStack, true)()

 	cfg := framework.NewIntegrationTestControlPlaneConfig()
-	_, cidr, err := net.ParseCIDR(serviceCIDR)
+	_, cidr, err := netutils.ParseCIDRSloppy(serviceCIDR)
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
 	cfg.ExtraConfig.ServiceIPRange = *cidr

-	_, secCidr, err := net.ParseCIDR(secondaryServiceCIDR)
+	_, secCidr, err := netutils.ParseCIDRSloppy(secondaryServiceCIDR)
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
@@ -1321,7 +1321,7 @@ func TestServiceUpdate(t *testing.T) {
 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.IPv6DualStack, false)()

 	cfg := framework.NewIntegrationTestControlPlaneConfig()
-	_, cidr, err := net.ParseCIDR(serviceCIDR)
+	_, cidr, err := netutils.ParseCIDRSloppy(serviceCIDR)
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
@@ -1486,7 +1486,7 @@ func TestUpgradeServicePreferToDualStack(t *testing.T) {
 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.IPv6DualStack, true)()

 	cfg := framework.NewIntegrationTestControlPlaneConfig()
-	_, cidr, err := net.ParseCIDR(serviceCIDR)
+	_, cidr, err := netutils.ParseCIDRSloppy(serviceCIDR)
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
@@ -1545,7 +1545,7 @@ func TestUpgradeServicePreferToDualStack(t *testing.T) {
 	closeFn()

 	secondaryServiceCIDR := "2001:db8:1::/48"
-	_, secCidr, err := net.ParseCIDR(secondaryServiceCIDR)
+	_, secCidr, err := netutils.ParseCIDRSloppy(secondaryServiceCIDR)
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
@@ -1582,12 +1582,12 @@ func TestDowngradeServicePreferToDualStack(t *testing.T) {
 	secondaryServiceCIDR := "2001:db8:1::/48"
 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.IPv6DualStack, true)()
 	dualStackCfg := framework.NewIntegrationTestControlPlaneConfig()
-	_, cidr, err := net.ParseCIDR(serviceCIDR)
+	_, cidr, err := netutils.ParseCIDRSloppy(serviceCIDR)
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
 	dualStackCfg.ExtraConfig.ServiceIPRange = *cidr
-	_, secCidr, err := net.ParseCIDR(secondaryServiceCIDR)
+	_, secCidr, err := netutils.ParseCIDRSloppy(secondaryServiceCIDR)
 	if err != nil {
 		t.Fatalf("bad cidr: %v", err)
 	}
--- a/test/integration/etcd/server.go
+++ b/test/integration/etcd/server.go
@@ -49,6 +49,7 @@ import (
 	"k8s.io/kubernetes/cmd/kube-apiserver/app/options"
 	"k8s.io/kubernetes/test/integration"
 	"k8s.io/kubernetes/test/integration/framework"
+	netutils "k8s.io/utils/net"

 	// install all APIs
 	_ "k8s.io/kubernetes/pkg/controlplane"
@@ -68,7 +69,7 @@ func StartRealAPIServerOrDie(t *testing.T, configFuncs ...func(*options.ServerRu
 		t.Fatal(err)
 	}

-	_, defaultServiceClusterIPRange, err := net.ParseCIDR("10.0.0.0/24")
+	_, defaultServiceClusterIPRange, err := netutils.ParseCIDRSloppy("10.0.0.0/24")
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/test/integration/examples/apiserver_test.go
+++ b/test/integration/examples/apiserver_test.go
@@ -50,6 +50,7 @@ import (
 	wardlev1alpha1 "k8s.io/sample-apiserver/pkg/apis/wardle/v1alpha1"
 	wardlev1beta1 "k8s.io/sample-apiserver/pkg/apis/wardle/v1beta1"
 	sampleserver "k8s.io/sample-apiserver/pkg/cmd/server"
+	netutils "k8s.io/utils/net"
 )

 func TestAggregatedAPIServer(t *testing.T) {
@@ -80,7 +81,7 @@ func TestAggregatedAPIServer(t *testing.T) {
 	go func() {
 		o := sampleserver.NewWardleServerOptions(os.Stdout, os.Stderr)
 		o.RecommendedOptions.SecureServing.Listener = listener
-		o.RecommendedOptions.SecureServing.BindAddress = net.ParseIP("127.0.0.1")
+		o.RecommendedOptions.SecureServing.BindAddress = netutils.ParseIPSloppy("127.0.0.1")
 		wardleCmd := sampleserver.NewCommandStartWardleServer(o, stopCh)
 		wardleCmd.SetArgs([]string{
 			"--authentication-kubeconfig", wardleToKASKubeConfigFile,
--- a/test/integration/framework/controlplane_utils.go
+++ b/test/integration/framework/controlplane_utils.go
@@ -57,6 +57,7 @@ import (
 	"k8s.io/kubernetes/pkg/generated/openapi"
 	"k8s.io/kubernetes/pkg/kubeapiserver"
 	kubeletclient "k8s.io/kubernetes/pkg/kubelet/client"
+	netutils "k8s.io/utils/net"
 )

 // Config is a struct of configuration directives for NewControlPlaneComponents.
@@ -205,7 +206,7 @@ func startAPIServerOrDie(controlPlaneConfig *controlplane.Config, incomingServer
 	}

 	if controlPlaneConfig.ExtraConfig.ServiceIPRange.IP == nil {
-		controlPlaneConfig.ExtraConfig.ServiceIPRange = net.IPNet{IP: net.ParseIP("10.0.0.0"), Mask: net.CIDRMask(24, 32)}
+		controlPlaneConfig.ExtraConfig.ServiceIPRange = net.IPNet{IP: netutils.ParseIPSloppy("10.0.0.0"), Mask: net.CIDRMask(24, 32)}
 	}
 	m, err = controlPlaneConfig.Complete().New(genericapiserver.NewEmptyDelegate())
 	if err != nil {
@@ -263,7 +264,7 @@ func NewIntegrationTestControlPlaneConfig() *controlplane.Config {
 // configured with the provided options.
 func NewIntegrationTestControlPlaneConfigWithOptions(opts *ControlPlaneConfigOptions) *controlplane.Config {
 	controlPlaneConfig := NewControlPlaneConfigWithOptions(opts)
-	controlPlaneConfig.GenericConfig.PublicAddress = net.ParseIP("192.168.10.4")
+	controlPlaneConfig.GenericConfig.PublicAddress = netutils.ParseIPSloppy("192.168.10.4")
 	controlPlaneConfig.ExtraConfig.APIResourceConfigSource = controlplane.DefaultAPIResourceConfigSource()

 	// TODO: get rid of these tests or port them to secure serving
--- a/test/integration/framework/test_server.go
+++ b/test/integration/framework/test_server.go
@@ -40,6 +40,7 @@ import (
 	"k8s.io/kubernetes/cmd/kube-apiserver/app/options"
 	"k8s.io/kubernetes/pkg/controlplane"
 	"k8s.io/kubernetes/test/utils"
+	netutils "k8s.io/utils/net"
 )

 // This key is for testing purposes only and is not considered secure.
@@ -63,7 +64,7 @@ func StartTestServer(t *testing.T, stopCh <-chan struct{}, setup TestServerSetup
 		os.RemoveAll(certDir)
 	}()

-	_, defaultServiceClusterIPRange, _ := net.ParseCIDR("10.0.0.0/24")
+	_, defaultServiceClusterIPRange, _ := netutils.ParseCIDRSloppy("10.0.0.0/24")
 	proxySigningKey, err := utils.NewPrivateKey()
 	if err != nil {
 		t.Fatal(err)
@@ -105,7 +106,7 @@ func StartTestServer(t *testing.T, stopCh <-chan struct{}, setup TestServerSetup

 	kubeAPIServerOptions := options.NewServerRunOptions()
 	kubeAPIServerOptions.SecureServing.Listener = listener
-	kubeAPIServerOptions.SecureServing.BindAddress = net.ParseIP("127.0.0.1")
+	kubeAPIServerOptions.SecureServing.BindAddress = netutils.ParseIPSloppy("127.0.0.1")
 	kubeAPIServerOptions.SecureServing.ServerCert.CertDirectory = certDir
 	kubeAPIServerOptions.ServiceAccountSigningKeyFile = saSigningKeyFile.Name()
 	kubeAPIServerOptions.Etcd.StorageConfig.Prefix = path.Join("/", uuid.New().String(), "registry")
--- a/test/integration/ipamperf/ipam_test.go
+++ b/test/integration/ipamperf/ipam_test.go
@@ -26,6 +26,7 @@ import (
 	"time"

 	"k8s.io/klog/v2"
+	netutils "k8s.io/utils/net"

 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/informers"
@@ -117,8 +118,8 @@ func TestPerformance(t *testing.T) {
 	apiURL, apiserverShutdown := util.StartApiserver()
 	defer apiserverShutdown()

-	_, clusterCIDR, _ := net.ParseCIDR("10.96.0.0/11") // allows up to 8K nodes
-	_, serviceCIDR, _ := net.ParseCIDR("10.94.0.0/24") // does not matter for test - pick upto  250 services
+	_, clusterCIDR, _ := netutils.ParseCIDRSloppy("10.96.0.0/11") // allows up to 8K nodes
+	_, serviceCIDR, _ := netutils.ParseCIDRSloppy("10.94.0.0/24") // does not matter for test - pick upto  250 services
 	subnetMaskSize := 24

 	var (