From 4924d44748a9eb15551c53f6d315115cdd062ba1 Mon Sep 17 00:00:00 2001
From: Amol Agrawal <amagraw@microsoft.com>
Date: Wed, 20 Jul 2022 22:17:19 +0000
Subject: [PATCH] fix telegraf vulns

---
 .trivyignore                 | 10 +++++-----
 kubernetes/linux/setup.sh    |  7 ++++---
 kubernetes/windows/setup.ps1 |  2 +-
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/.trivyignore b/.trivyignore
index 56ac504d5..0e3293641 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -2,10 +2,10 @@
 #[vishwa] - Fix telegraf & test all for next release - see work item #https://msazure.visualstudio.com/InfrastructureInsights/_workitems/edit/13322134
 # Unfixed as of 4/28/2022
 CVE-2019-3826
-CVE-2022-27191
-
-#still present in mdsd telegraf
-CVE-2021-42836
+CVE-2022-1996
+CVE-2022-29190
+CVE-2022-29222
+CVE-2022-29189
 
 # ruby in /usr/lib
 CVE-2020-36327
@@ -16,4 +16,4 @@ CVE-2021-31799
 CVE-2021-28965
 
 #dpkg vulnerability in ubuntu
-CVE-2022-1304
\ No newline at end of file
+CVE-2022-1304
diff --git a/kubernetes/linux/setup.sh b/kubernetes/linux/setup.sh
index c478af0e5..004fe7806 100644
--- a/kubernetes/linux/setup.sh
+++ b/kubernetes/linux/setup.sh
@@ -25,6 +25,7 @@ fi
 /usr/bin/dpkg -i $TMPDIR/azure-mdsd*.deb
 cp -f $TMPDIR/mdsd.xml /etc/mdsd.d
 cp -f $TMPDIR/envmdsd /etc/mdsd.d
+rm /usr/sbin/telegraf
 
 # log rotate conf for mdsd and can be extended for other log files as well
 cp -f $TMPDIR/logrotate.conf /etc/logrotate.d/ci-agent
@@ -40,10 +41,10 @@ sudo apt-get install jq=1.5+dfsg-2 -y
 #used to setcaps for ruby process to read /proc/env
 sudo apt-get install libcap2-bin -y
 
-wget https://dl.influxdata.com/telegraf/releases/telegraf-1.22.2_linux_$ARCH.tar.gz
-tar -zxvf telegraf-1.22.2_linux_$ARCH.tar.gz
+wget https://dl.influxdata.com/telegraf/releases/telegraf-1.23.2_linux_$ARCH.tar.gz
+tar -zxvf telegraf-1.23.2_linux_$ARCH.tar.gz
 
-mv /opt/telegraf-1.22.2/usr/bin/telegraf /opt/telegraf
+mv /opt/telegraf-1.23.2/usr/bin/telegraf /opt/telegraf
 
 chmod 544 /opt/telegraf
 
diff --git a/kubernetes/windows/setup.ps1 b/kubernetes/windows/setup.ps1
index 2fd429e43..c5f1f422d 100644
--- a/kubernetes/windows/setup.ps1
+++ b/kubernetes/windows/setup.ps1
@@ -35,7 +35,7 @@ Write-Host ('Finished Installing Fluentbit')
 
 Write-Host ('Installing Telegraf');
 try {
-    $telegrafUri='https://dl.influxdata.com/telegraf/releases/telegraf-1.22.2_windows_amd64.zip'
+    $telegrafUri='https://dl.influxdata.com/telegraf/releases/telegraf-1.23.2_windows_amd64.zip'
     Invoke-WebRequest -Uri $telegrafUri -OutFile /installation/telegraf.zip
     Expand-Archive -Path /installation/telegraf.zip -Destination /installation/telegraf
     Move-Item -Path /installation/telegraf/*/* -Destination /opt/telegraf/ -ErrorAction SilentlyContinue