Fix vulnerabilities

.github/workflows/pr-checker.yml

@@ -0,0 +1,99 @@
+name: pullrequest-build-and-scan
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches:
+      - ci_dev
+      - ci_prod
+    paths-ignore:
+      - '**.md'
+jobs:
+  LINUX-build-and-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set-workflow-initiator
+        run: echo "Initiated by - ${GITHUB_ACTOR}"
+      - name: Set-branch-name-for-pr
+        if: ${{ github.event_name == 'pull_request' }}
+        run: echo "BRANCH_NAME=$(echo ${GITHUB_HEAD_REF} | tr / _)" >> $GITHUB_ENV
+      - name: Set-Env
+        run: echo "ENV=dev" >> $GITHUB_ENV
+      - name: Set-ACR-Registry
+        run: echo "ACR_REGISTRY=containerinsightsprod.azurecr.io" >> $GITHUB_ENV
+      - name: Set-ACR-Repository
+        run: echo "ACR_REPOSITORY=/public/azuremonitor/containerinsights/cidev" >> $GITHUB_ENV
+      - name: Set-image-tag-name
+        run: echo "IMAGE_TAG_NAME=cidev" >> $GITHUB_ENV
+      - name: Set-image-tag-suffix
+        run: echo "IMAGE_TAG_DATE=$(date +%m-%d-%Y)" >> $GITHUB_ENV
+      - name: Set-commit-sha
+        run: echo "COMMIT_SHA=${GITHUB_SHA::8}" >> $GITHUB_ENV
+      - name: Set-image-tag
+        run: echo "IMAGETAG=${ACR_REGISTRY}${ACR_REPOSITORY}:${IMAGE_TAG_NAME}-${BRANCH_NAME}-${IMAGE_TAG_DATE}-${COMMIT_SHA}" >> $GITHUB_ENV
+      - name: Set-image-telemetry-tag
+        run: echo "IMAGETAG_TELEMETRY=${IMAGE_TAG_NAME}-${BRANCH_NAME}-${IMAGE_TAG_DATE}-${COMMIT_SHA}" >> $GITHUB_ENV
+      - name: Set-Helm-OCI-Experimental-feature
+        run: echo "HELM_EXPERIMENTAL_OCI=1" >> $GITHUB_ENV
+      - name: Set-Helm-chart-version
+        run: echo "HELM_CHART_VERSION=0.0.1" >> $GITHUB_ENV
+      - name: Set-Helm-tag
+        run: echo "HELMTAG=${ACR_REGISTRY}${ACR_REPOSITORY}:${IMAGE_TAG_NAME}-chart-${BRANCH_NAME}-${HELM_CHART_VERSION}-${IMAGE_TAG_DATE}-${COMMIT_SHA}" >> $GITHUB_ENV
+      - name: Checkout-code
+        uses: actions/checkout@v2
+      - name: Show-versions-On-build-machine
+        run: lsb_release -a && go version && helm version && docker version
+      - name: Install-build-dependencies
+        run: sudo apt-get install build-essential -y
+      - name: Build-source-code
+        run: cd ./build/linux/ && make
+      - name: Create-docker-image
+        run: |
+            cd ./kubernetes/linux/ && docker build . --file Dockerfile -t $IMAGETAG --build-arg IMAGE_TAG=$IMAGETAG_TELEMETRY
+      - name: List-docker-images
+        run: docker images --digests --all
+      - name: Run-trivy-scanner-on-docker-image
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: "${{ env.IMAGETAG }}"
+          format: 'table'
+          severity: 'CRITICAL,HIGH'
+          vuln-type: 'os,library'
+          skip-dirs: 'opt/telegraf'
+          exit-code: '1'
+          timeout: '5m0s'
+  WINDOWS-build:
+    runs-on: windows-latest
+    steps:
+      - name: Set-workflow-initiator
+        run: echo ("Initiated by -" + $env:GITHUB_ACTOR)
+      - name: Set-branch-name-for-pr
+        if: ${{ github.event_name == 'pull_request' }}
+        run: echo ("BRANCH_NAME=" + $env:GITHUB_HEAD_REF.replace('/','_')) >> $env:GITHUB_ENV
+      - name: Set-Env
+        run: echo ("ENV=dev") >> $env:GITHUB_ENV
+      - name: Set-ACR-Registry
+        run: echo ("ACR_REGISTRY=containerinsightsprod.azurecr.io") >> $env:GITHUB_ENV
+      - name: Set-ACR-Repository
+        run: echo ("ACR_REPOSITORY=/public/azuremonitor/containerinsights/cidev") >> $env:GITHUB_ENV
+      - name: Set-image-tag-name
+        run: echo ("IMAGE_TAG_NAME=cidev-win") >> $env:GITHUB_ENV
+      - name: Set-image-tag-suffix
+        run: echo ("IMAGE_TAG_DATE="+ (Get-Date -Format "MM-dd-yyyy")) >> $env:GITHUB_ENV
+      - name: Set-commit-sha
+        run: echo ("COMMIT_SHA=" + $env:GITHUB_SHA.SubString(0,8)) >> $env:GITHUB_ENV
+      - name: Set-image-tag
+        run: echo ("IMAGETAG=" + $env:ACR_REGISTRY + $env:ACR_REPOSITORY + ":" + $env:IMAGE_TAG_NAME + "-" + $env:BRANCH_NAME + "-" + $env:IMAGE_TAG_DATE + "-" + $env:COMMIT_SHA) >> $env:GITHUB_ENV
+      - name: Set-image-telemetry-tag
+        run: echo ("IMAGETAG_TELEMETRY=" + $env:IMAGE_TAG_NAME + "-" + $env:BRANCH_NAME + "-" + $env:IMAGE_TAG_DATE + "-" + $env:COMMIT_SHA) >> $env:GITHUB_ENV
+      - name: Checkout-code
+        uses: actions/checkout@v2
+      - name: Show-versions-On-build-machine
+        run: systeminfo && go version && docker version
+      - name: Build-source-code
+        run: cd ./build/windows/ && & .\Makefile.ps1
+      - name: Create-docker-image
+        run: |
+            cd ./kubernetes/windows/ && docker build . --file Dockerfile -t $env:IMAGETAG --build-arg IMAGE_TAG=$env:IMAGETAG_TELEMETRY
+      - name: List-docker-images
+        run: docker images --digests --all
+

kubernetes/linux/setup.sh

@@ -27,7 +27,6 @@ sudo apt-get install jq=1.5+dfsg-2 -y
 #used to setcaps for ruby process to read /proc/env
 sudo apt-get install libcap2-bin -y
 
-#1.18 pre-release
 wget https://dl.influxdata.com/telegraf/releases/telegraf-1.18.0_linux_amd64.tar.gz
 tar -zxvf telegraf-1.18.0_linux_amd64.tar.gz
 
@@ -63,3 +62,11 @@ rm -f $TMPDIR/envmdsd
 # Remove settings for cron.daily that conflict with the node's cron.daily. Since both are trying to rotate the same files
 # in /var/log at the same time, the rotation doesn't happen correctly and then the *.1 file is forever logged to.
 rm /etc/logrotate.d/alternatives /etc/logrotate.d/apt /etc/logrotate.d/azure-mdsd /etc/logrotate.d/rsyslog
+
+#Remove gemfile.lock for http_parser gem 0.6.0
+#see  - https://github.com/fluent/fluentd/issues/3374 https://github.com/tmm1/http_parser.rb/issues/70
+if [  -e "/var/lib/gems/2.6.0/gems/http_parser.rb-0.6.0/Gemfile.lock" ]; then
+      #rename
+      echo "Renaming unused gemfile.lock for http_parser 0.6.0"
+      mv /var/lib/gems/2.6.0/gems/http_parser.rb-0.6.0/Gemfile.lock /var/lib/gems/2.6.0/gems/http_parser.rb-0.6.0/renamed_Gemfile_lock.renamed
+fi

kubernetes/windows/setup.ps1

@@ -65,6 +65,16 @@ Write-Host ('Extracting Certificate Generator Package')
     Expand-Archive -Path /opt/omsagentwindows/certificategenerator.zip -Destination /opt/omsagentwindows/certgenerator/ -Force
 Write-Host ('Finished Extracting Certificate Generator Package')
 
+Write-Host ("Removing Install folder")
+
 Remove-Item /installation -Recurse
 
-Write-Host ("Removing Install folder")
+#Remove gemfile.lock for http_parser gem 0.6.0
+#see  - https://github.com/fluent/fluentd/issues/3374 https://github.com/tmm1/http_parser.rb/issues/70
+
+$gemfile = "\ruby26\lib\ruby\gems\2.6.0\gems\http_parser.rb-0.6.0\Gemfile.lock"
+$gemfileFullPath = $Env:SYSTEMDRIVE + "\" + $gemfile
+If (Test-Path -Path $gemfile ) {
+    Write-Host ("Renaming unused gemfile.lock for http_parser 0.6.0")
+    Rename-Item -Path $gemfileFullPath -NewName  "renamed_Gemfile_lock.renamed"
+}

source/plugins/go/src/go.mod

@@ -31,4 +31,5 @@ require (
 	k8s.io/api v0.0.0-20180628040859-072894a440bd // indirect
 	k8s.io/apimachinery v0.0.0-20180621070125-103fd098999d
 	k8s.io/client-go v8.0.0+incompatible
+	golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f
 )

source/plugins/go/src/go.sum

@@ -108,6 +108,10 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90Pveol
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413 h1:ULYEB3JvPRE/IfO+9uO7vKV/xzVTO7XPAwm8xbf4w2g=
 golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975 h1:/Tl7pH94bvbAAHBdZJT947M/+gp0+CqQXDtMRC0fseo=
+golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f h1:aZp0e2vLN4MToVqnjNEYEtrEA8RH8U8FN1CU7JgqsPU=
+golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/net v0.0.0-20170809000501-1c05540f6879 h1:0rFa7EaCGdQPmZVbo9F7MNF65b8dyzS6EUnXjs9Cllk=
 golang.org/x/net v0.0.0-20170809000501-1c05540f6879/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -120,8 +124,11 @@ golang.org/x/sys v0.0.0-20171031081856-95c657629925/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0JU9kksj8+F/bnQUVLGDM=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/text v0.0.0-20170810154203-b19bf474d317 h1:WKW+OPdYPlvOTVGHuMfjnIC6yY2SI93yFB0pZ7giBmQ=
 golang.org/x/text v0.0.0-20170810154203-b19bf474d317/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=