zuul
/
zuul
Code Issues Proposed changes
zuul/tests/fixtures
History
Tobias Henkel bf4e9893d0
Block localhost shell tasks in untrusted playbooks 
Zuul was designed to block local code execution in untrusted
environments to not only rely on bwrap to contain a job. This got
broken since the creation of a command plugin that injects the
zuul_job_id which is required for log streaming. However this plugin
doesn't do a check if the task is a localhost task. Further it is
required in trusted and untrusted environments due to log
streaming. Thus we need to fork this plugin and restrict the variant
that is used in untrusted environments.

We do this by moving actiongeneral/command.py back to action/*. We
further introduce a new catecory actiontrusted which gets the
unrestricted version of this plugin.

Change-Id: If81cc46bcae466f4c071badf09a8a88469ae6779
Story: 2007935
Task: 40391
 		2020-07-21 19:18:10 +02:00
..
auth JWT drivers: Deprecate RS256withJWKS, introduce OpenIDConnect 2020-02-11 09:30:15 +00:00
bwrap-mounts Add missing localhost delegation checks to some modules 2018-03-22 20:42:01 +01:00
cgroup Add cgroup support to ram sensor 2018-12-18 22:25:27 +01:00
config Block localhost shell tasks in untrusted playbooks 2020-07-21 19:18:10 +02:00
gearman Add ssl support to gearman / gearman_server 2017-06-14 10:10:45 -04:00
gerrit Update gerrit pagination test fixtures 2019-09-17 14:15:18 -07:00
layouts pagure: ensure files is list and not a dict_keys 2020-06-02 12:06:05 +02:00
tenants Re-enable test_delayed_repo_init 2017-08-14 23:37:56 -07:00
app_key Extend github testing using app auth 2018-05-24 00:15:32 +00:00
clonemap.yaml cloner to easily clone dependent repositories 2014-07-29 09:03:59 +00:00
fake_git.sh Add comment explaining gitpython requirement 2017-10-10 11:15:06 -07:00
fake_kubectl.sh Stream output from kubectl pods 2020-02-27 07:49:40 -08:00
git_fetch_error.sh Merger: retry network operations 2018-01-31 13:20:36 -08:00
layout-cloner.yaml Case sensitive label matching 2017-07-27 07:46:35 +02:00
layout-connections-multiple-voters.yaml Add in extra connections tests 2015-12-06 14:48:32 +11:00
layout-disable-at.yaml Case sensitive label matching 2017-07-27 07:46:35 +02:00
layout-live-reconfiguration-functions.yaml Case sensitive label matching 2017-07-27 07:46:35 +02:00
layout-merge-queues.yaml Case sensitive label matching 2017-07-27 07:46:35 +02:00
layout-requirement-vote.yaml Case sensitive label matching 2017-07-27 07:46:35 +02:00
layout-smtp.yaml Case sensitive label matching 2017-07-27 07:46:35 +02:00
layout-success-pattern.yaml Add extra test for bad url patterns 2016-04-23 10:40:12 +10:00
layout.yaml Case sensitive label matching 2017-07-27 07:46:35 +02:00
private.pem Add per-repo public and private keys 2017-03-29 12:43:41 -07:00
public.pem Serve public keys through webapp 2017-03-29 12:44:43 -07:00
ssh.pem Create per-project ssh keys 2018-09-04 15:42:41 -07:00
ssh.pub Serve project SSH keys and document 2018-09-04 15:42:43 -07:00
test_id_rsa Add SSH Agent Primitives and usage 2017-05-26 09:52:22 -07:00
test_id_rsa.pub Add SSH Agent Primitives and usage 2017-05-26 09:52:22 -07:00
zuul-admin-web-no-override.conf Web: plug the authorization engine 2019-07-30 15:32:31 +00:00
zuul-admin-web-oidc.conf OIDCAuthenticator: add capabilities, scope option 2020-03-27 16:47:21 +00:00
zuul-admin-web-token-expiry.conf authentication config: add optional max_validity_time, skew 2019-12-10 16:39:29 +01:00
zuul-admin-web.conf web: add tenant and project scoped, JWT-protected actions 2019-07-10 12:11:14 +02:00
zuul-connections-cgit.conf Make the git web url a template 2017-10-25 17:11:46 -07:00
zuul-connections-gerrit-and-github.conf Report config errors as line comments 2018-07-27 19:18:04 -07:00
zuul-connections-gitweb.conf Make the git web url a template 2017-10-25 17:11:46 -07:00
zuul-connections-merger.conf Move status_url from webapp to web section 2018-01-29 14:16:28 +01:00
zuul-connections-multiple-gerrits.conf Remove zuul_url from merger config 2017-07-31 22:28:35 +02:00
zuul-connections-same-gerrit.conf Remove zuul_url from merger config 2017-07-31 22:28:35 +02:00
zuul-crd-pagure.conf Pagure driver - https://pagure.io/pagure/ 2019-06-17 14:18:19 -07:00
zuul-default-ansible-version.conf Drop support for ansible 2.6 2020-05-15 09:22:38 +02:00
zuul-disk-accounting.conf Remove zuul_url from merger config 2017-07-31 22:28:35 +02:00
zuul-executor-ansible-callback.conf Enables whitelisting and configuring callbacks 2020-05-12 19:01:51 +02:00
zuul-executor-hostname.conf Change domain in test fixture to example.com 2017-10-19 17:28:44 +00:00
zuul-gerrit-github.conf Add cross-source tests 2018-01-16 09:37:59 -08:00
zuul-gerrit-no-stream.conf Gerrit: poll for merged changes if no stream events 2020-02-03 11:33:31 -08:00
zuul-gerrit-web.conf Report to gerrit over HTTP 2018-07-26 16:43:07 -07:00
zuul-git-driver.conf Git driver 2017-12-15 14:32:40 +01:00
zuul-github-driver.conf Extend github testing using app auth 2018-05-24 00:15:32 +00:00
zuul-gitlab-driver.conf Gitlab - bootstrap the driver structure + Webhook support 2020-02-12 21:09:58 +00:00
zuul-hold-expiration.conf Add scheduler config options for hold expiration 2019-09-18 10:06:48 -04:00
zuul-mqtt-driver.conf Fix mqtt log url reporting when report-build-page is active 2020-06-24 09:22:15 +02:00
zuul-pagure-driver-whitelist.conf Pagure: remove connectors burden and simplify code 2020-02-17 10:03:32 +01:00
zuul-pagure-driver.conf Pagure driver - https://pagure.io/pagure/ 2019-06-17 14:18:19 -07:00
zuul-push-reqs.conf Move status_url from webapp to web section 2018-01-29 14:16:28 +01:00
zuul-sql-driver-bad.conf Add tests for postgresql 2018-04-10 15:51:25 +02:00
zuul-sql-driver-prefix.conf Add tests for postgresql 2018-04-10 15:51:25 +02:00
zuul-sql-driver.conf Add tests for postgresql 2018-04-10 15:51:25 +02:00
zuul-winrm.conf Fix occasionally wrong change url with github 2020-01-14 10:24:53 +01:00
zuul.conf Add option to report build page 2019-08-08 09:46:53 -07:00