reproducing an old istio bug# CVE-2021-34824 repro
## reproducing an old istio bug
This set of scripts and manifests will aid in exploring [an old Istio security issue](https://istio.io/latest/news/security/istio-security-2021-007/) which allowed malicious Istio users to access Kubernetes secrets they should not have access to. This reproduction is modeled on [this blog post](https://www.cyberark.com/resources/threat-research-blog/what-i-learned-from-analyzing-a-caching-vulnerability-in-istio) which has some problems. See [this blog post](https://rob.salmond.ca/reproing-a-repro-of-an-old-istio-vulnerability/) for details.
## Using
### See the vulnerability
1. Run `./one_time_setup.sh` to download the necessary binaries.
1. Run `./deploy_test.sh` to deploy the vulnerable version of istio in a vulnerable configuration.
1. Run `./evaluate_test.sh` to examine the results of the test.
### See the fix
1. Edit `istio_versions.sh` and switch the `ISTIO_VERSION` variable from `${ISTIO_VULN}` to `${ISTIO_SAFE}`.
1. Run `./deploy_test.sh` to deploy the fixed version of istio in the same vulnerable configuration.
1. Run `./rollpods.sh` to bounce the gateway pods so they pick up the new version.
1. Run `./check_version.sh` to verify that the fixed version of istio is running.
1. Run `./evaluate_test.sh` to examine the results again.
[4.0K] /data/pocs/a1fd710aeda46a373425c03f9e738ee7fb9e63eb
├── [ 74] check_version.sh
├── [1.2K] deploy_test.sh
├── [1.3K] evaluate_test.sh
├── [ 144] istio_versions.sh
├── [4.0K] manifests
│ ├── [4.0K] a
│ │ ├── [ 296] gateway.yaml
│ │ ├── [ 602] nginx.yaml
│ │ └── [ 287] vs.yaml
│ ├── [4.0K] b
│ │ ├── [ 296] gateway.yaml
│ │ ├── [ 602] nginx.yaml
│ │ └── [ 287] vs.yaml
│ ├── [ 390] istio-profile.yaml
│ └── [ 112] ns.yaml
├── [1.4K] one_time_setup.sh
├── [1.3K] README.md
└── [ 207] rollpods.sh
3 directories, 15 files