zuul
/
zuul
Code Issues Proposed changes
zuul/tests
History
Tobias Henkel 9cbb681446
Fix plugin injection vulnerability 
Currently it is possible to inject speculative plugins into untrusted
jobs. These plugins are run locally on the executor and make it
possible to run arbitraty code within the bwrap context.

There are two problems here. First the path check is broken such it
never matches a plugin dir. Further we don't check paths residing
within playbook dirs.

Change-Id: Idf1b940de2be7819afeb2dbad943fad2ae7ebc55
 		2018-03-16 18:12:35 +01:00
..
fixtures Fix plugin injection vulnerability 2018-03-16 18:12:35 +01:00
nodepool Fix nodepool-zuul-functional 2018-02-16 15:56:02 +00:00
remote Fix safe path check for directories containing symlinks 2018-03-14 20:55:43 +01:00
unit Fix plugin injection vulnerability 2018-03-16 18:12:35 +01:00
__init__.py Add non-voting jobs. 2012-08-23 23:20:09 +00:00
base.py Generate symlinks during tests 2018-03-15 11:55:20 +01:00
encrypt_secret.py Make tests' encrypt_secret.py work with python3 2017-10-19 18:09:57 +00:00
fakegithub.py Share a fake pull request database across connections 2018-01-05 13:45:25 -08:00
make_playbooks.py Use libyaml if possible 2017-04-04 11:49:05 -07:00
print_layout.py Do not add implied branch matchers in project-templates 2017-09-30 10:19:07 -07:00