[Buildbot] #3412: Documentation Presenting False Secruity when setting up hooks and way hooks implemented seam wrong
trac at buildbot.net
Fri Jan 15 03:00:42 UTC 2016
#3412: Documentation Presenting False Secruity when setting up hooks and way hooks
implemented seam wrong
Reporter: oiaohm | Owner:
Type: defect | Status: new
Priority: critical | Milestone: ongoing
Version: master | Keywords:
All the webhooks say do like the following.
http://user:firstname.lastname@example.org/bbot/change_hook/<change for type>
This is fatally flawed. Issue here is user:password by http travels over
the wire not encrypted. So anyone snooping locally on the network can
get this password and make your build server do what ever they liked
anyhow. Even limiting IP does not stop IP impersonation.
To be secure you can only use user:password at url with https. http with
user:password is no different to using telnet.
I have looked deeper at github
https://developer.github.com/webhooks/securing/ also does not work because
Yep SHA1 it depends on is broken and being removed from web browsers.
I cannot see where github web hooks support messaging a https server if it
can support messaging to https recommendation should be
http://docs.buildbot.net/latest/manual/cfg-www.html configure up ssl proxy
for buildbot so user:password at url can in fact work correctly and block non
https traffic to those paths by proxy.
How can we do this if we don't trust the information that web hook
Simple enough make web hook trigger a gitpoller to download the current
https and if message to web hook does not match content gitpoller got you
know someone is playing silly buggers with your web hook.
Basically documentation at min requires rewording. I am not great at
doing that myself.
Ticket URL: <http://trac.buildbot.net/ticket/3412>
Buildbot: build/test automation
More information about the bugs