Browse Source

Emit a warning when using unsafe public key url

When encrypting secrets we use a public key retrieved from zuul. If we
get this key from an unencrypted url a man in the middle attack could
replace this encryption key. To make the user aware of this we should
emit a warning when using untrusted key sources.

Change-Id: I7f26e93d863be710a558e15fa1d086b223f465bf
changes/06/543206/3
Tobias Henkel 3 years ago
parent
commit
0f3f605974
No known key found for this signature in database GPG Key ID: 3750DEC158E5FA2
1 changed files with 11 additions and 1 deletions
  1. +11
    -1
      tools/encrypt_secret.py

+ 11
- 1
tools/encrypt_secret.py View File

@ -26,9 +26,11 @@ import textwrap
try:
from urllib.request import Request
from urllib.request import urlopen
from urllib.parse import urlparse
except ImportError:
from urllib2 import Request
from urllib2 import urlopen
from urlparse import urlparse
DESCRIPTION = """Encrypt a secret for Zuul.
@ -43,7 +45,6 @@ def main():
parser.add_argument('url',
help="The base URL of the zuul server and tenant. "
"E.g., https://zuul.example.com/tenant-name")
# TODO(jeblair): Throw a fit if SSL is not used.
parser.add_argument('project',
help="The name of the project.")
parser.add_argument('--strip', action='store_true', default=False,
@ -60,6 +61,15 @@ def main():
"to standard output.")
args = parser.parse_args()
# We should not use unencrypted connections for retrieving the public key.
# Otherwise our secret can be compromised. The schemes file and https are
# considered safe.
url = urlparse(args.url)
if url.scheme not in ('file', 'https'):
sys.stderr.write("WARNING: Retrieving encryption key via an "
"unencrypted connection. Your secret may get "
"compromised.\n")
req = Request("%s/%s.pub" % (args.url.rstrip('/'), args.project))
pubkey = urlopen(req)


Loading…
Cancel
Save