From 1f746597ea6ce9f0a4554108bc853f256e150b0b Mon Sep 17 00:00:00 2001 From: Benjamin Wang Date: Thu, 6 Apr 2023 21:57:23 +0900 Subject: [PATCH] test: add an e2e test to reproduce https://nvd.nist.gov/vuln/detail/CVE-2021-28235 Signed-off-by: Benjamin Wang --- tests/e2e/cluster_test.go | 6 ++++ tests/e2e/ctl_v3_auth_security_test.go | 49 ++++++++++++++++++++++++++ tests/e2e/ctl_v3_test.go | 6 ++++ 3 files changed, 61 insertions(+) create mode 100644 tests/e2e/ctl_v3_auth_security_test.go diff --git a/tests/e2e/cluster_test.go b/tests/e2e/cluster_test.go index dcbc540b3..9186accd1 100644 --- a/tests/e2e/cluster_test.go +++ b/tests/e2e/cluster_test.go @@ -131,6 +131,8 @@ type etcdProcessClusterConfig struct { MaxConcurrentStreams uint32 // default is math.MaxUint32 WatchProcessNotifyInterval time.Duration + + debug bool } // newEtcdProcessCluster launches a new cluster from etcd processes, returning @@ -272,6 +274,10 @@ func (cfg *etcdProcessClusterConfig) etcdServerProcessConfigs() []*etcdServerPro args = append(args, "--experimental-watch-progress-notify-interval", cfg.WatchProcessNotifyInterval.String()) } + if cfg.debug { + args = append(args, "--debug") + } + etcdCfgs[i] = &etcdServerProcessConfig{ execPath: cfg.execPath, args: args, diff --git a/tests/e2e/ctl_v3_auth_security_test.go b/tests/e2e/ctl_v3_auth_security_test.go new file mode 100644 index 000000000..884fb1dc6 --- /dev/null +++ b/tests/e2e/ctl_v3_auth_security_test.go @@ -0,0 +1,49 @@ +// Copyright 2023 The etcd Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +//go:build !cluster_proxy + +package e2e + +import ( + "github.com/stretchr/testify/require" + "testing" +) + +// TestAuth_CVE_2021_28235 verifies https://nvd.nist.gov/vuln/detail/CVE-2021-28235 +func TestAuth_CVE_2021_28235(t *testing.T) { + testCtl(t, authTest_CVE_2021_28235, withCfg(configNoTLS), withDebug(true)) +} + +func authTest_CVE_2021_28235(cx ctlCtx) { + // create root user with root role + rootPass := "changeme123" + err := ctlV3User(cx, []string{"add", "root", "--interactive=false"}, "User root created", []string{rootPass}) + require.NoError(cx.t, err) + err = ctlV3User(cx, []string{"grant-role", "root", "root"}, "Role root is granted to user root", nil) + require.NoError(cx.t, err) + err = ctlV3AuthEnable(cx) + require.NoError(cx.t, err) + + // issue a put request + cx.user, cx.pass = "root", rootPass + err = ctlV3Put(cx, "foo", "bar", "") + require.NoError(cx.t, err) + + // GET /debug/requests + httpEndpoint := cx.epc.procs[0].EndpointsHTTP()[0] + req := cURLReq{endpoint: "/debug/requests?fam=grpc.Recv.Auth&b=0&exp=1", timeout: 5} + err = curl(httpEndpoint, "GET", req, clientNonTLS, rootPass) + require.Error(cx.t, err) +} diff --git a/tests/e2e/ctl_v3_test.go b/tests/e2e/ctl_v3_test.go index 280079484..b2a2c093e 100644 --- a/tests/e2e/ctl_v3_test.go +++ b/tests/e2e/ctl_v3_test.go @@ -143,6 +143,12 @@ func withMaxConcurrentStreams(streams uint32) ctlOption { } } +func withDebug(debug bool) ctlOption { + return func(cx *ctlCtx) { + cx.cfg.debug = debug + } +} + func getDefaultCtlCtx(t *testing.T) ctlCtx { return ctlCtx{ t: t,