[Buildbot-devel] Security with repourls

Gunnison, Brian brian.gunnison at intel.com
Tue Jun 15 17:07:29 UTC 2010


I have a Repo URL of the form:

MasterRepoURL = 'https://myusername:mypasswd@xxx.xxx.com/'

I can put the above in the clear in master.cfg, but that is not safe.

I then did this:

import base64
passwd = base64.b64decode('rgthyde34=-')           #not the real string obviously
MasterRepoURL =  'https://myusername:%s@xxx.xxx.com/' % passwd

This is better, as editors of master.cfg will have to do a bit of work, I'll improve this by putting the base64 invocation in another file.

Now the buildbot log files and the waterfall all have the password in the clear, so I modified buildstep.py where cmd.args is logged to not log if the dict contains "repourl".

Any other security leaks?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://buildbot.net/pipermail/devel/attachments/20100615/6296bca4/attachment.html>

More information about the devel mailing list