Entrypoint cache should expire items #332
Labels
good first issue
Denotes an issue ready for a new contributor, according to the "help wanted" guidelines.
meaty-juicy-coding-work
This task is mostly about implementation!!! And docs and tests of course but that's a given
Comments
imjasonh
added
good first issue
knative-prow-robot
pushed a commit
that referenced
this issue
Jan 15, 2019
Use a lru cache that will only keep the most recently-used entrypoints cached and drop entrypoints haven't been used recently, in order to present a risk of DoS. 1. replace internal map in original Cache with lru.Cache 2. fix incorrect entrypoint_test package name Signed-off-by: mathspanda <[email protected]>
Makes sense, thanks for the vigilance @afrittoli !! |
pradeepitm12
pushed a commit
to pradeepitm12/pipeline
that referenced
this issue
Jan 28, 2021
BREAKING CHANGE: Users will have to delete, and recreate resources after updating its API group. Fixes tektoncd#332 Signed-off-by: Dibyo Mukherjee <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When we lookup entrypoints for remote images, we cache it for later lookups. Items are never removed from the cache, so if the controller runs for long enough and sees enough unique builder images, it will consume more and more memory. This could present a risk of DoS, since a malicious user can craft valid build requests that fill the cache, especially with large values for entrypoints.
We should use a LRU cache (here's a popular one in Go) that will only keep the most recently-used entrypoints cached and drop entrypoints we haven't used recently.
The text was updated successfully, but these errors were encountered: