Pentest-Report Vitess 02.2019 Cure53, Dr.-Ing. M. Heiderich, M. Wege, MSc. N. Krein, MSc. D. Weißer, J. Larsson Index Introduction Scope Test Methodology Phase 1. Manual Code Auditing Phase 2. Code-Assisted goals that were closely linked to the areas in scope. The initial phase (Phase 1) mostly comprised manual source code reviews, in particular in terms of the API endpoints, input handlers and parsers. The Kubernetes environment. Phase 1. Manual Code Auditing The following list of items presents the noteworthy steps undertaken during the first part of the test, which entailed the manual code audit of the sources

instantly, as the shard fuzzer found more special cases in the shard name than were found during the manual auditing. Ada Logics added the three fuzzers to Vitess's OSS-Fuzz integration, allowing them to &vtctldatapb.GetKeyspacesRequest{}) c.topoReadPool.Release() if err != nil { return nil, err } var ( m sync.Mutex wg sync.WaitGroup rec concurrency.AllErrorRecorder keyspaces = make([]*vtadminpb.Keyspace Keyspace{ Cluster: c.ToProto(), Keyspace: ks, Shards: shards, 26 Vitess Security Audit, 2023 } m.Lock() defer m.Unlock() keyspaces[i] = keyspace }(i, ks) } wg.Wait() if rec.HasErrors() { return nil, rec

Completed 0 2m42s pod/commerce -apply-vschema -initial -9wb2k 0/1 Completed 0 2m42s pod/vtctld -58bd955948 -pgz7k 1/1 Running 0 2m43s pod/vtgate -zone1-c7444bbf6 -t5xc6 1/1 Running 3 2m43s pod/zone1-commerce 0/1 Completed 0 2m42s pod/zone1-commerce -0-replica -0 2/2 Running 0 2m42s pod/zone1-commerce -0-replica -1 2/2 Running 0 2m42s pod/zone1-commerce -0-replica -2 2/2 Running 0 2m42s NAME COMPLETIONS batch/commerce -apply-schema-initial 1/1 94s 2m43s job.batch/commerce -apply-vschema -initial 1/1 87s 2m43s job.batch/zone1-commerce -0-init-shard-master 1/1 90s 2m43s 42 Setup Port-forward For ease-of-use

-5twrs 0/1 Completed 0 2m21s pod/commerce -apply-vschema -initial -z87rp 0/1 Completed 0 2m21s pod/etcd -1578351858-0 1/1 Running 0 7m21s pod/etcd-global -mvbkhllcwz 1/1 Running 0 2m21s pod/etcd-operator -866875d5dc-czhmf 1/1 Running 0 4m57s pod/etcd-zone1-x8khdmnbhk 1/1 Running 0 2m21s pod/vtctld -66487b49f5-wdb68 1/1 Running 2 2m21s pod/vtgate -zone1 -5999cbcd49-x22f9 1/1 Running 2 2m21s pod/zone1-commerce 0/1 Completed 0 2m21s pod/zone1-commerce -0-rdonly -0 5/6 Running 0 2m21s pod/zone1-commerce -0-replica -0 5/6 Running 0 2m21s 25 pod/zone1-commerce -0-replica -1 6/6 Running 0 2m21s NAME COMPLETIONS

_vt_EVAC_6ace8bcef73211ea87e9f875a4d24e90_20200918192031. The table sits still for Y houtrs/days. I’m thinking this period will be pre-defined by vitess. The purpose of this state is to wait a reasonable Completed 0 2m42s pod/commerce -apply-vschema -initial -9wb2k 0/1 Completed 0 2m42s pod/vtctld -58bd955948 -pgz7k 1/1 Running 0 2m43s pod/vtgate -zone1-c7444bbf6 -t5xc6 1/1 Running 3 2m43s pod/zone1-commerce 0/1 Completed 0 2m42s pod/zone1-commerce -0-replica -0 2/2 Running 0 2m42s pod/zone1-commerce -0-replica -1 2/2 Running 0 2m42s pod/zone1-commerce -0-replica -2 2/2 Running 0 2m42s NAME COMPLETIONS

Completed 0 2m44s pod/commerce -apply-vschema -initial -mfhvl 0/1 Completed 0 2m44s pod/vtctld -6f955957bb -67bq7 1/1 Running 0 2m44s pod/vtgate -zone1 -86b7cb87d6 -vckzw 1/1 Running 3 2m44s pod/zone1-commerce 0/1 Completed 0 2m44s pod/zone1-commerce -0-replica -0 5/6 Running 0 2m44s pod/zone1-commerce -0-replica -1 5/6 Running 0 2m44s pod/zone1-commerce -0-replica -2 5/6 Running 0 2m44s NAME COMPLETIONS batch/commerce -apply-schema-initial 1/1 118s 2m44s job.batch/commerce -apply-vschema -initial 1/1 109s 2m44s job.batch/zone1-commerce -0-init-shard-master 1/1 115s 2m44s Setup Aliases For ease-of-use, Vitess

Completed 0 2m42s pod/commerce -apply-vschema -initial -9wb2k 0/1 Completed 0 2m42s pod/vtctld -58bd955948 -pgz7k 1/1 Running 0 2m43s pod/vtgate -zone1-c7444bbf6 -t5xc6 1/1 Running 3 2m43s pod/zone1-commerce 0/1 Completed 0 2m42s pod/zone1-commerce -0-replica -0 2/2 Running 0 2m42s pod/zone1-commerce -0-replica -1 2/2 Running 0 2m42s pod/zone1-commerce -0-replica -2 2/2 Running 0 2m42s NAME COMPLETIONS batch/commerce -apply-schema-initial 1/1 94s 2m43s job.batch/commerce -apply-vschema -initial 1/1 87s 2m43s job.batch/zone1-commerce -0-init-shard-master 1/1 90s 2m43s 30 Setup Port-forward For ease-of-use

_vt_EVAC_6ace8bcef73211ea87e9f875a4d24e90_20200918192031. The table sits still for Y houtrs/days. I’m thinking this period will be pre-defined by vitess. The purpose of this state is to wait a reasonable Completed 0 2m42s pod/commerce -apply-vschema -initial -9wb2k 0/1 Completed 0 2m42s pod/vtctld -58bd955948 -pgz7k 1/1 Running 0 2m43s pod/vtgate -zone1-c7444bbf6 -t5xc6 1/1 Running 3 2m43s pod/zone1-commerce 0/1 Completed 0 2m42s pod/zone1-commerce -0-replica -0 2/2 Running 0 2m42s pod/zone1-commerce -0-replica -1 2/2 Running 0 2m42s pod/zone1-commerce -0-replica -2 2/2 Running 0 2m42s NAME COMPLETIONS

_vt_EVAC_6ace8bcef73211ea87e9f875a4d24e90_20200918192031. The table sits still for Y houtrs/days. I’m thinking this period will be pre-defined by vitess. The purpose of this state is to wait a reasonable Completed 0 2m42s pod/commerce -apply-vschema -initial -9wb2k 0/1 Completed 0 2m42s pod/vtctld -58bd955948 -pgz7k 1/1 Running 0 2m43s pod/vtgate -zone1-c7444bbf6 -t5xc6 1/1 Running 3 2m43s pod/zone1-commerce 0/1 Completed 0 2m42s pod/zone1-commerce -0-replica -0 2/2 Running 0 2m42s pod/zone1-commerce -0-replica -1 2/2 Running 0 2m42s pod/zone1-commerce -0-replica -2 2/2 Running 0 2m42s NAME COMPLETIONS

_vt_EVAC_6ace8bcef73211ea87e9f875a4d24e90_20200918192031. The table sits still for Y houtrs/days. I’m thinking this period will be pre-defined by vitess. The purpose of this state is to wait a reasonable -zone1-vtgate-bc6cde92 -6bd99c6888 -vwcj5 1/1 Running 2 78s vitess-operator -8454d86687 -4wfnc 1/1 Running 0 2m29s Setup Port-forward {{< warning >}} The port-forward will only forward to a specific pod. Currently expensive operation and may take some time. By default the timeout for this operation is one minute (1m). This can be changed by setting the vttablet -pitr_gtid_lookup_timeout flag. VTGate will automatically