| Re: [eclipse.org-committers] Malicious executable content in Gerrit contributions |
This issue may have already been addressed by other services. e.g., when someone sends a pull-request to a project hosted on github with a travis-ci trigger, the build is triggered and can almost do the same amount of damages that we are talking about. Does anybody know how do they cope with this?
Executable checks alone won't help – it is just as possible for a junit test to do something naughty.
Alex
Sent from my iPhat 6
> On 10 Dec 2014, at 14:08, LETAVERNIER Camille <Camille.LETAVERNIER@xxxxxx> wrote:
>
> Hi Denis,
>
> Maybe having a white-list of usual contributors (Allowed to have an auto-trigger) would help. For others, only manual-trigger (From a Committer) would be allowed.
>
> Camille
>
> -----Message d'origine-----
> De : eclipse.org-committers-bounces@xxxxxxxxxxx [mailto:eclipse.org-committers-bounces@xxxxxxxxxxx] De la part de Denis Roy
> Envoyé : mercredi 10 décembre 2014 14:54
> À : eclipse.org-committers@xxxxxxxxxxx
> Objet : [eclipse.org-committers] Malicious executable content in Gerrit contributions
>
> Well, the moment I've been dreading has finally come... malicious virus/malware is now in our Gerrit database.
>
> Witness: https://git.eclipse.org/r/#/c/37910/
>
> This shows the intention of the contributor:
>
> https://git.eclipse.org/r/#/c/37910/1/features/papyrus-tests-features/org.eclipse.papyrus.tests.build.feature/epl-v10.html
>
>
> In this case, the bad contribution was picked up and built by Hudson...
> Many projects also run tests on these unknown contributions, which means Hudson not only builds the malicious code, but executes it too.
>
> I am convinced that this practice, albeit convenient for projects, can ultimately lead to really bad things.
>
> Discuss in this bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=375350
>
> The Hudson Gerrit plugin allows several trigger events... "Patchset Created" is probably not the best event to use. Right now I cannot see any other events, but having a first human verification that the contribution is not a Linux executable or shell script is definitely what I would recommend.
>
> Denis
> _______________________________________________
> eclipse.org-committers mailing list
> eclipse.org-committers@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/eclipse.org-committers
>
> IMPORTANT: Membership in this list is generated by processes internal to the Eclipse Foundation. To be permanently removed from this list, you must contact emo@xxxxxxxxxxx to request removal.
> _______________________________________________
> eclipse.org-committers mailing list
> eclipse.org-committers@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/eclipse.org-committers
>
> IMPORTANT: Membership in this list is generated by processes internal to the Eclipse Foundation. To be permanently removed from this list, you must contact emo@xxxxxxxxxxx to request removal.
_______________________________________________
eclipse.org-committers mailing list
eclipse.org-committers@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/eclipse.org-committers
IMPORTANT: Membership in this list is generated by processes internal to the Eclipse Foundation. To be permanently removed from this list, you must contact emo@xxxxxxxxxxx to request removal.