Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix logic issue in template - (and ((not false) false)) = true #4792

Closed
wants to merge 1 commit into from
Closed

Fix logic issue in template - (and ((not false) false)) = true #4792

wants to merge 1 commit into from
+1 −1

Conversation

MMeent
Copy link
Contributor

@MMeent MMeent commented Nov 28, 2019

somehow, this is weird but true. Previously, either owasp was disabled globally and rendered in all locations, or it was enabled globally. This commit fixes the logic issue by fixing the and-clause in the if-statement. This reduces baseline global modsecurity-enabled resource usage.

What this PR does / why we need it:
The current logic in the template dictates that when you enable modsecurity globally, you either also enable the owasp rule sets globally, or the owasp rulesets are rendered into each location, increasing memory usage per-location without a way to turn this off.

Which issue this PR fixes fixes #4629

Special notes for your reviewer: If possible, please backport to 0.26.x

@MMeent
Fix kubernetes#4629 - (and ((not false) false)) = true
44c55ae 
somehow, this is weird but true. Previously, either owasp was disabled globally and rendered in all locations, or it was enabled globally. This commit fixes the logic issue by fixing the and-clause in the if-statement. This reduces baseline global modsecurity-enabled resource usage.
@k8s-ci-robot k8s-ci-robot added the do-not-merge/invalid-commit-message Indicates that a PR should not merge because it has an invalid commit message. label Nov 28, 2019
@k8s-ci-robot
Copy link
Contributor

Keywords which can automatically close issues and at(@) mentions are not allowed in commit messages.

The list of commits with invalid commit messages:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Nov 28, 2019
@k8s-ci-robot
Copy link
Contributor

Hi @MMeent. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Nov 28, 2019
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: MMeent
To complete the pull request process, please assign elvinefendi
You can assign the PR to them by writing /assign @elvinefendi in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@MMeent MMeent changed the title Fix #4629 - (and ((not false) false)) = true Fix logic issue in template - (and ((not false) false)) = true Nov 28, 2019
@MMeent
Copy link
Contributor Author

MMeent commented Nov 28, 2019
edited
Loading

well, I can't update commit messages, so i've re-committed the changes into another merge request #4793

@MMeent MMeent closed this Nov 28, 2019
@MMeent MMeent deleted the patch-1 branch November 28, 2019 13:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aledbf aledbf Awaiting requested review from aledbf

@cmluciano cmluciano Awaiting requested review from cmluciano

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/invalid-commit-message Indicates that a PR should not merge because it has an invalid commit message. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Since v0.25.0(maybe?), memory footprint increased by factor of 7 (0.24.1 to 0.26.1, no other change)
2 participants
@MMeent @k8s-ci-robot