Disable CNA by default and only enable for object bucket #23008
pull_requests.yaml
on: pull_request
modules-on-demand-tests-check
7s
Matrix: integration-tests
unit-tests
10m 3s
Matrix: push-docker-fast
compile-and-upload-binaries
9m 4s
run-swagger
45s
vulnerability-scanning
2m 42s
sast-scanning
1m 59s
buf-checks
12s
Matrix: acceptance-tests-large
Matrix: acceptance-tests
Matrix: modules-acceptance-tests
Matrix: modules-acceptance-tests-api
Matrix: modules-acceptance-tests-large
Matrix: modules-acceptance-tests-light
codecov
11s
generate-docker-report
5s
acceptance-tests-windows
2m 19s
push-docker
0s
Annotations
1 error and 13 warnings
|
modules-acceptance-tests (--only-module-backup-gcs)
Final attempt failed. Child_process exited with error code 1
|
|
[MEDIUM] Accidental Mutation of Shared URL Struct in Go Code:
adapters/handlers/rest/operations/authz/add_permissions_urlbuilder.go#L67
Details:
The Shared URL struct might have been unintentionally modified. Verify that this
modification is intentional.
Recommendation:
Review the usage of the shared URL struct to ensure that any mutations are
intentional and do not introduce security vulnerabilities. Consider using
immutable structures or appropriate synchronization mechanisms.
Impact: LOW | Likelihood: LOW | Confidence: LOW
|
|
[HIGH] Potential Misuse of Read() with io.EOF in Go:
adapters/repos/db/lsmkv/segment_serialization_inverted.go#L436
Details:
The Read() function in Go can return fewer bytes than requested along with an
io.EOF error. It is important to handle this correctly to avoid logic errors in
your program. Always check the number of bytes read and handle io.EOF
appropriately.
Recommendation:
Ensure that the Read() function is properly checked for the number of bytes read
and the io.EOF error to avoid incorrect assumptions about the end of input data.
|
|
[HIGH] Missing RUnlock on RWMutex before function return:
adapters/repos/db/lsmkv/segment_group.go#L490
Details:
Ensure that `RUnlock` is called on an `RWMutex` (`$T` variable) lock before
exiting a function to prevent potential deadlocks.
Recommendation:
Ensure that every RWMutex lock acquired with RLock is properly released with
RUnlock before returning from a function. This prevents potential deadlocks and
ensures proper resource management in concurrent Go applications.
Impact: MEDIUM | Likelihood: HIGH | Confidence: MEDIUM
|
|
[HIGH] Missing RUnlock on RWMutex before function return:
adapters/repos/db/lsmkv/segment_group.go#L490
Details:
Ensure that `RUnlock` is called on an `RWMutex` (`$T` variable) lock before
exiting a function to prevent potential deadlocks.
Recommendation:
Ensure that every RWMutex lock acquired with RLock is properly released with
RUnlock before returning from a function. This prevents potential deadlocks and
ensures proper resource management in concurrent Go applications.
Impact: MEDIUM | Likelihood: HIGH | Confidence: MEDIUM
|
|
[HIGH] Missing RUnlock on RWMutex before function return:
adapters/repos/db/lsmkv/segment_group.go#L479
Details:
Ensure that `RUnlock` is called on an `RWMutex` (`$T` variable) lock before
exiting a function to prevent potential deadlocks.
Recommendation:
Ensure that every RWMutex lock acquired with RLock is properly released with
RUnlock before returning from a function. This prevents potential deadlocks and
ensures proper resource management in concurrent Go applications.
Impact: MEDIUM | Likelihood: HIGH | Confidence: MEDIUM
|
|
[HIGH] Missing RUnlock on RWMutex before function return:
adapters/repos/db/lsmkv/segment_group.go#L479
Details:
Ensure that `RUnlock` is called on an `RWMutex` (`$T` variable) lock before
exiting a function to prevent potential deadlocks.
Recommendation:
Ensure that every RWMutex lock acquired with RLock is properly released with
RUnlock before returning from a function. This prevents potential deadlocks and
ensures proper resource management in concurrent Go applications.
Impact: MEDIUM | Likelihood: HIGH | Confidence: MEDIUM
|
|
[HIGH] Exposed Go Profiling Endpoint Can Leak Sensitive Information:
adapters/handlers/rest/configure_api.go#L1699
Details:
Go's built-in profiling service can be accessed through the `/debug/pprof`
endpoint when the `net/http/pprof` package is imported. This endpoint does not
require authentication, allowing anonymous access, which poses a risk of exposing
sensitive information. It is advised to disable this profiling feature in
production environments by removing the `net/http/pprof` import from your code.
Recommendation:
Remove the `net/http/pprof` import to disable the profiling service in
production. This prevents unauthorized access to the `/debug/pprof` endpoint,
which can expose sensitive data.
|
|
[HIGH] Exposed Go Profiling Endpoint Can Leak Sensitive Information:
adapters/handlers/rest/configure_api.go#L1695
Details:
Go's built-in profiling service can be accessed through the `/debug/pprof`
endpoint when the `net/http/pprof` package is imported. This endpoint does not
require authentication, allowing anonymous access, which poses a risk of exposing
sensitive information. It is advised to disable this profiling feature in
production environments by removing the `net/http/pprof` import from your code.
Recommendation:
Remove the `net/http/pprof` import to disable the profiling service in
production. This prevents unauthorized access to the `/debug/pprof` endpoint,
which can expose sensitive data.
|
|
[HIGH] Exposed Go Profiling Endpoint Can Leak Sensitive Information:
adapters/handlers/rest/configure_api.go#L272
Details:
Go's built-in profiling service can be accessed through the `/debug/pprof`
endpoint when the `net/http/pprof` package is imported. This endpoint does not
require authentication, allowing anonymous access, which poses a risk of exposing
sensitive information. It is advised to disable this profiling feature in
production environments by removing the `net/http/pprof` import from your code.
Recommendation:
Remove the `net/http/pprof` import to disable the profiling service in
production. This prevents unauthorized access to the `/debug/pprof` endpoint,
which can expose sensitive data.
|
|
sast-scanning
Unexpected input(s) 'fetch-depth', valid inputs are ['entryPoint', 'args', 'api_token', 'exit_code', 'no_color', 'project_key', 'silent', 'disable_err_report', 'path', 'exclude_paths', 'format', 'output', 'timeout', 'preview_lines', 'console_output', 'config', 'show_annotations', 'max_file_size', 'display_name', 'debug', 'log_path']
|
|
compile-and-upload-binaries
No files were found with the provided path: dist/weaviate_linux_arm64. No artifacts will be uploaded.
|
|
compile-and-upload-binaries
No files were found with the provided path: dist/weaviate_windows_arm64. No artifacts will be uploaded.
|
|
modules-acceptance-tests (--only-module-backup-gcs)
Attempt 1 failed. Reason: Timeout of 900000ms hit
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
binaries-linux-amd64
|
60.5 MB |
sha256:836bef0a307d5e44b4eeb2ae216af08bf098e802c668bd205bfdf796e7aa6b1a
|
|
|
binaries-macos-unsigned
|
121 MB |
sha256:33ae79c6af28272b2f0094d7da007bd0a20b28e4b0a3415bc8d53683949c7f6a
|
|
|
binaries-windows-amd64
|
61 MB |
sha256:6098d1a824f24e811ac250977ee2570b104202653d21d92b9dfdcce7ee151035
|
|
|
coverage-report-integration--integration-vector-package-only
|
898 KB |
sha256:ca35699ebfcf5346c2f395908c6c34a0c3689767b7487764898196ec3e81410f
|
|
|
coverage-report-integration--integration-without-vector-package
|
2.42 MB |
sha256:622ebed6344dcd007104a5c10ea79e13b0f23cf9227ebb850807d2485c29171f
|
|
|
coverage-report-unit
|
655 KB |
sha256:3c587adbcc99580c3f2d0a4d3da34b28bc131f5044e1baeb2da527f6f856ce48
|
|