Do not log full Slack event details in case of unmarshalling error #583
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pkosiec
force-pushed
the
slack-unmarshall-err-remove-event-details
branch
from
9256d5b
to
7813821
Compare
pkosiec
force-pushed
the
slack-unmarshall-err-remove-event-details
branch
from
7813821
to
d2ce098
Compare
mergify bot
pushed a commit
that referenced
this pull request
Jun 6, 2022
… details from logs #610 ##### ISSUE TYPE - Feature Pull Request - Bug fix Pull Request - Docs Pull Request ##### SUMMARY ~⚠️ **NOTE:** For convienence, this PR depends on #603 and needs to be rebased when #603 is merged (it should happen very soon). Actual changes: a6d91f21f25f00d679572e62b45cd2396d571075~ As the upstream fix has been merged (slack-go/slack#1067), this PR updates `slack-go/slack` dependency and removes no longer needed workaround. See the original issue: #579 See the PR that introduced the workaround: #583 ##### TESTING > **NOTE:** You can also use `pkosiec/botkube:rm-slack-workaround` Docker image for testing. The image was repushed **after** rebase. 1. Checkout this PR 2. Edit `comm_config.yaml` and enable Slack 3. Export needed envs: ```bash export KUBECONFIG=/Users/$USER/.kube/config export LOG_LEVEL=info ``` 4. Run BotKube locally: ```bash go run ./cmd/botkube/main.go ``` 5. Start Slack huddle and say something, then leave 6. Observe logs still without event details
mergify bot
pushed a commit
that referenced
this pull request
Jun 21, 2022
##### ISSUE TYPE - Feature Pull Request ##### SUMMARY Add an option to push the BotKube image automatically on PR. It's alternative approach for #604. This PR will solve the problem with manual PR builds, e.g. we had that issue here: - #601 - #593 - #582 - #583 Example run: https://github.com/mszostok/botkube/runs/6714112689?check_suite_focus=true Fixes #590 To ensure that secrets won't be available for untrusted code, first we need to build the image and share it with the second job, which doesn't check out the untrusted code and can safely push an artifact to ghcr.io. The flow is as follows: ``` Job1: image build -> image save -> artifact upload Job2: artifact download -> image load -> image push ``` Job1—runs untrusted code but without write repo perms Job2—push built image with package write perms #### Security This article describes it well: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ISSUE TYPE
SUMMARY
This is an issue of the upstream library. While I prepared a workaround, I also prepared a simple change in
slack-go/slackrepo: slack-go/slack#1067NOTE: This pull request depends on #582. Please merge #582 first, and I will rebase this one.
Actual changes on this PR: 7813821
Fixes #579
TESTING
See the original issue for testing instruction: #579
You can use
pkosiec/botkube:slack-unmarshall-errDocker image for testing the workaround.Once you run my image and try to reproduce the issue, you'll see in the logs: