Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: Add ModelMesh test for CVE-2024-7557 #1861

Open
wants to merge 43 commits into
base: master
Choose a base branch
from

Conversation

rnetser
Copy link
Contributor

@rnetser rnetser commented Sep 26, 2024

No description provided.

Signed-off-by: rnetser <[email protected]>

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
 into auth-multi-modes

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
 into auth-multi-modes

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
Signed-off-by: rnetser <[email protected]>

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
 into auth-multi-modes

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
Signed-off-by: rnetser <[email protected]>

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
 into auth-multi-modes

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
Signed-off-by: rnetser <[email protected]>

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
Signed-off-by: rnetser <[email protected]>

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
Signed-off-by: rnetser <[email protected]>

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
 into auth-multi-modes

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
Signed-off-by: rnetser <[email protected]>

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
Signed-off-by: rnetser <[email protected]>

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
 into auth-multi-modes

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
Signed-off-by: rnetser <[email protected]>

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
 into auth-multi-modes

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
Signed-off-by: rnetser <[email protected]>

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
Signed-off-by: rnetser <[email protected]>

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
Signed-off-by: rnetser <[email protected]>

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
 into auth-multi-modes

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
Signed-off-by: rnetser <[email protected]>

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
Signed-off-by: rnetser <[email protected]>

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Robocop found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

Copy link
Contributor

Robot Results

✅ Passed ❌ Failed ⏭️ Skipped Total Pass %
546 0 0 546 100

@rnetser rnetser requested review from lugi0 and mwaykole September 26, 2024 18:31
 into auth-multi-modes

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
Signed-off-by: rnetser <[email protected]>

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
# Even if kw fails, deleting the whole project will also delete the model
# Failure will be shown in the logs of the run nonetheless
IF ${MODEL_CREATED}
Clean All Models Of Current User
ELSE
Log Model not deployed, skipping deletion step during teardown console=true
END
${projects}= Create List ${PRJ_TITLE}
${projects}= Create List ${project_name}

Check notice

Code scanning / Robocop

{{ create_keyword }} can be replaced with VAR Note test

Create List can be replaced with VAR
@@ -218,7 +226,8 @@ Get Model Serving Access Token via UI
${token}= Get Single Model Token ${service_account_name}
ELSE
SeleniumLibrary.Wait Until Page Contains Element xpath://td[@data-label="Tokens"]/button
SeleniumLibrary.Click Element xpath://td[@data-label="Tokens"]/button
SeleniumLibrary.Click Button
... xpath://*[@id="expand-table-row-${model_name}-1-undefined-1"]/../../td[@data-label='Tokens']//button
${token}= SeleniumLibrary.Get Element Attribute
... xpath://div[.="${service_account_name} "]/../../td[@data-label="Token Secret"]//input value
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Xpath can be inproved

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mwaykole please advise how

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
@@ -211,14 +219,28 @@
Get Model Serving Access Token via UI
[Documentation] Returns the token used for authentication to the serving route
... TODO: There can be multiple tokens defined for each model server, handle this case as well
[Arguments] ${service_account_name}=default-name ${single_model}=${FALSE} ${model_name}=${NONE}
[Arguments] ${service_account_name}=default-name ${single_model}=${FALSE}

Check notice

Code scanning / Robocop

There is too many arguments per continuation line ({{ arguments_count }} / {{ max_arguments_count }}) Note test

There is too many arguments per continuation line (2 / 1)
@@ -1,4 +1,4 @@
# robocop: off=wrong-case-in-keyword-name,too-many-arguments,too-long-keyword
# robocop: off=wrong-case-in-keyword-name,too-many-arguments,too-long-keyword,line-too-long

Check warning

Code scanning / Robocop

Inconsistent use of tabs and spaces in file Warning test

Inconsistent use of tabs and spaces in file
rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
 into auth-multi-modes

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
 into auth-multi-modes

rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
@@ -244,10 +228,12 @@
Get Access Token Via UI
[Documentation] Returns the access token for models deployed in a specific project
... by using the UI of DSP
[Arguments] ${project_name} ${service_account_name}=default-name ${single_model}=${FALSE}
... ${model_name}=${NONE}
[Arguments] ${project_name} ${service_account_name}=default-name

Check notice

Code scanning / Robocop

There is too many arguments per continuation line ({{ arguments_count }} / {{ max_arguments_count }}) Note test

There is too many arguments per continuation line (2 / 1)
[Arguments] ${project_name} ${service_account_name}=default-name ${single_model}=${FALSE}
... ${model_name}=${NONE}
[Arguments] ${project_name} ${service_account_name}=default-name
... ${single_model}=${FALSE} ${model_name}=${NONE}

Check notice

Code scanning / Robocop

There is too many arguments per continuation line ({{ arguments_count }} / {{ max_arguments_count }}) Note test

There is too many arguments per continuation line (2 / 1)
rh-pre-commit.version: 2.3.1
rh-pre-commit.check-secrets: ENABLED
Copy link

sonarcloud bot commented Oct 1, 2024

@mwaykole
Copy link
Member

mwaykole commented Oct 1, 2024

hey @rnetser u can add a label Product bug and mention RHOAIENG-12314 in the comment , i guess we can merge it after that

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants