zuul/zuul at 5763b8e4d7ae35fe0e672780bebb33b56b756232 - zuul - OpenDev: Free Software Needs Free Tools

History

Tobias Henkel 5763b8e4d7 Add missing localhost delegation checks to some modules Currently we don't check some modules for delegation to localhost. This would make it possible to overwrite any data which is writable within the bwrap context. Further the script module allows arbitrary code execution when delegated to localhost. The following modules are affected: * assemble: add safe path check * copy: add safe path check * patch: add safe path check * script: block completely * template: add safe path check * unarchive: add tests, fixed by safe path check of copy Change-Id: I2360219f50e6a28bb134468ead08ec72148ad192 Story: 2001681		2018-03-22 20:42:01 +01:00
..
ansible	Add missing localhost delegation checks to some modules	2018-03-22 20:42:01 +01:00
cmd	Merge "Import Zuul modules at top of files"	2018-03-14 16:09:30 +00:00
connection	Add /info and /{tenant}/info route to zuul-web	2018-02-19 09:31:13 -06:00
driver	Add standard ca certificate paths	2018-03-16 16:34:18 +01:00
execution_context	Add wrapper driver execution context	2017-08-18 16:35:12 -07:00
executor	Merge "Fix runtime stats reporting for noop job"	2018-03-16 20:11:50 +00:00
lib	Merge "Unset finger client timeout after connect"	2018-03-14 18:05:20 +00:00
manager	Merge "Fix runtime stats reporting for noop job"	2018-03-16 20:11:50 +00:00
merger	Merge "Set remote url on every getRepo in merger"	2018-02-15 21:08:06 +00:00
reporter	Move status_url from webapp to web section	2018-01-29 14:16:28 +01:00
source	Support cross-source dependencies	2018-01-16 09:37:40 -08:00
sphinx	Add zuul-sphinx as a requirement	2017-08-07 14:56:17 -07:00
trigger	Remove use of six library	2017-06-19 10:34:57 -05:00
web	Serve the static files more dynamically	2018-03-09 15:32:53 -06:00
__init__.py	Initial commit.	2012-05-29 14:49:32 -07:00
_setup_hook.py	Use yarn and webpack to manage zuul-web javascript	2018-03-04 07:20:40 -06:00
change_matcher.py	Fix implied branch matchers and tags	2017-12-01 15:54:24 -08:00
configloader.py	Merge "Revert "Don't store references to secret objects from jobs""	2018-03-15 15:37:44 +00:00
exceptions.py	Support post jobs by supporting rev checkout	2016-07-12 12:51:51 +10:00
model.py	Merge "Revert "Don't store references to secret objects from jobs""	2018-03-15 15:37:44 +00:00
nodepool.py	Merge "Fix self fulfilling empty node requests"	2018-03-16 20:11:52 +00:00
rpcclient.py	Support autoholding nodes for specific changes/refs	2018-02-08 19:26:08 +01:00
rpclistener.py	Add queue size to tenant overview	2018-03-08 07:27:33 +01:00
scheduler.py	Skip autohold if no autohold was requested	2018-02-23 08:22:05 +01:00
version.py	Migrate to pbr.	2013-06-25 19:04:30 +00:00
zk.py	Better exception handling during autohold	2017-10-13 11:26:45 -04:00