Comments (6)
@lojikil The default max buffer is defined here in NewScanner. MaxScanTokenSize being
// MaxScanTokenSize is the maximum size used to buffer a token
// unless the user provides an explicit buffer with Scan.Buffer.
// The actual maximum token size may be smaller as the buffer
// may need to include, for instance, a newline.
MaxScanTokenSize = 64 * 1024
NewScanner
return &Scanner{
r: r,
split: ScanLines,
maxTokenSize: MaxScanTokenSize,
}
I could be missing something, did I?
from audit-kubernetes.
@tomsteele No no, I think that's correct from a quick read; I actually had this in there because I went looking around for it, and the first few hits were OOMs in certain edge cases, so I wanted to test that (which is nontrivial because there's not -Xmx/-Xms
that I could see (I mean there are hacks around with ulimit
but...)
from audit-kubernetes.
so it maxes at 64k (since they're using the default); can we define an ABAC policy that is longer than that?
from audit-kubernetes.
There's actually a "token too long error" so I'm good with that not being the direction here: https://github.com/golang/go/blob/master/src/bufio/scan.go#L69
from audit-kubernetes.
Aim this squarely at audit-kubernetes/src/kubernetes-1.13.4/pkg/auth/authorizer/abac/abac.go, and that the format is just problematic...
from audit-kubernetes.
TOA-K8S-016
from audit-kubernetes.
Related Issues (20)
- Kubelet crash if a command fails to yield an stdout value
- Kubelet can be used to enumerate the host network via liveness probes
- Wrong isKernelPid check HOT 2
- Directory traversal of /var/log/ on a host running kube-apiserver HOT 1
- Potential overflows in DaemonSet status
- Potential method of preventing a Deployment from completing via ReplicationController interference
- As a Malicious Internal User… HOT 1
- As an Internal Attacker... HOT 5
- As An External Attacker… HOT 1
- Encryption recommendations not in accordance with best practices HOT 1
- `kubectl cp` has insecurities when communicating with a malicious pod HOT 2
- Network tracking issue
- Custom tempFile code HOT 2
- Go services seed math/random from system time
- iSCSI Volume Storage Cleartext Secrets in Logs HOT 2
- Kubernetes does not facilitate certificate revocation HOT 1
- Excessive Resource Consumption - kube-apiserver HOT 1
- HTTPS not authenticated in many communication channels HOT 1
- Improper Chunked Response Handling
- Excessive Resource Consumption - CoreDNS
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from audit-kubernetes.