Hashar has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/351606 )
Change subject: WMF: force Jenkins queries to use POST ...................................................................... WMF: force Jenkins queries to use POST To protect against Cross-Site Request Forgery vulnerabilities, Jenkins 2.46.2 now requires requests to be POST when creating/deleting nodes: https://jenkins.io/security/advisory/2017-04-26/ That can be done by passing some empty data to a Request() which trick urlopen in using a POST instead of a GET. Since Nodepool extends Jenkins class, do it in myjenkins.py instead of python-jenkins. Bug: T144106 Change-Id: I62b18d856b7a61e6a301f233848a9c4d620a9ab3 --- M nodepool/myjenkins.py 1 file changed, 3 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/debs/nodepool refs/changes/06/351606/1 diff --git a/nodepool/myjenkins.py b/nodepool/myjenkins.py index 5434614..0f5d7c5 100644 --- a/nodepool/myjenkins.py +++ b/nodepool/myjenkins.py @@ -39,7 +39,7 @@ if info['offline']: return self.jenkins_open( - urlrequest.Request(self.server + TOGGLE_OFFLINE % locals())) + urlrequest.Request(self.server + TOGGLE_OFFLINE % locals(), b'')) def enable_node(self, name): ''' @@ -53,7 +53,7 @@ return msg = '' self.jenkins_open( - urlrequest.Request(self.server + TOGGLE_OFFLINE % locals())) + urlrequest.Request(self.server + TOGGLE_OFFLINE % locals(), b'')) def get_node_config(self, name): ''' @@ -130,7 +130,7 @@ } self.jenkins_open(urlrequest.Request( - self.server + CREATE_NODE % urlparse.urlencode(params))) + self.server + CREATE_NODE % urlparse.urlencode(params), b'')) if not self.node_exists(name): raise JenkinsException('create[%s] failed' % (name)) -- To view, visit https://gerrit.wikimedia.org/r/351606 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I62b18d856b7a61e6a301f233848a9c4d620a9ab3 Gerrit-PatchSet: 1 Gerrit-Project: operations/debs/nodepool Gerrit-Branch: patch-queue/debian Gerrit-Owner: Hashar <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
