[Buildbot-commits] [Buildbot] #2186: github change_hook needs security by default
Buildbot
nobody at buildbot.net
Mon Jan 30 00:13:29 UTC 2012
#2186: github change_hook needs security by default
------------------------+------------------------
Reporter: stefanha | Owner:
Type: enhancement | Status: new
Priority: major | Milestone: undecided
Version: 0.8.5 | Keywords: github,web
------------------------+------------------------
The github change_hook allows Github POST requests to trigger builds. It
is part of WebStatus and can be accessed via
http://server/change_hook/github.
The buildbot documentation does not explain the security implications of
enabling this change_hook. From what I can tell there are no checks in
place to ensure the HTTP request is really from Github.
Anyone who pokes this URL will be able to trigger builds. It's also not
clear to me whether builds are restricted to just the git repositories
configured on the buildmaster or whether the repo URL from the HTTP
request will be used.
Please document the security implications of the github change_hook.
I suggest supporting a secret token that can be configured both on the
buildmaster and github side. If the HTTP request does not include the
secret token then it will be denied. One way of doing this would be to
customize the github change_hook URI, e.g.
http://server/change_hook/1e505aa83c25910, so that it is not guessable.
--
Ticket URL: <http://trac.buildbot.net/ticket/2186>
Buildbot <http://buildbot.net/>
Buildbot: build/test automation
More information about the Commits
mailing list