[Buildbot] #3412: Documentation Presenting False Secruity when setting up hooks and way hooks implemented seam wrong

Buildbot trac trac at buildbot.net
Fri Jan 15 03:00:42 UTC 2016

#3412: Documentation Presenting False Secruity when setting up hooks and way hooks
implemented seam wrong
Reporter:  oiaohm    |      Owner:
    Type:  defect    |     Status:  new
Priority:  critical  |  Milestone:  ongoing
 Version:  master    |   Keywords:

 All the webhooks say do like the following.
 http://user:password@builds.example.com/bbot/change_hook/<change for type>

 This is fatally flawed.   Issue here is user:password by http travels over
 the wire not encrypted.   So anyone snooping locally on the network can
 get this password and make your build server do what ever they liked
 anyhow.   Even limiting IP does not stop IP impersonation.

 To be secure you can only use user:password at url with https.   http with
 user:password is no different to using telnet.

 I have looked deeper at github
 https://developer.github.com/webhooks/securing/ also does not work because


 Yep SHA1 it depends on is broken and being removed from web browsers.

 I cannot see where github web hooks support messaging a https server if it
 can support messaging to https recommendation should be
 http://docs.buildbot.net/latest/manual/cfg-www.html configure up ssl proxy
 for buildbot so user:password at url can in fact work correctly and block non
 https traffic to those paths by proxy.

 How can we do this if we don't trust the information that web hook

 Simple enough make web hook trigger a gitpoller to download the current
 https and if message to web hook does not match content gitpoller got you
 know someone is playing silly buggers with your web hook.

 Basically documentation at min requires rewording.  I am not great at
 doing that myself.

Ticket URL: <http://trac.buildbot.net/ticket/3412>
Buildbot <http://buildbot.net/>
Buildbot: build/test automation

More information about the bugs mailing list