[JIRA] (JENKINS-49745) Too many CrumbFilter log entries per second
Title: Message Title Tobias Gruetzmacher closed an issue as Fixed Jenkins / JENKINS-49745 Too many CrumbFilter log entries per second Change By: Tobias Gruetzmacher Status: Resolved Closed Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49745) Too many CrumbFilter log entries per second
Title: Message Title Tobias Gruetzmacher updated JENKINS-49745 Fixed in dashboard-view plugin 2.10. Jenkins / JENKINS-49745 Too many CrumbFilter log entries per second Change By: Tobias Gruetzmacher Status: Fixed but Unreleased Resolved Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49745) Too many CrumbFilter log entries per second
Title: Message Title Daniel Beck commented on JENKINS-49745 Re: Too many CrumbFilter log entries per second After 10 unsuccessful requests, further updates are suspended Might be interesting for you to look at what the "Jenkins is (re)starting" screen in Jenkins core does – it distinguishes between getting no response or getting a 500 response from anything different. This way, the UI survives a Jenkins restart, but would show legitimate errors if they appear. https://github.com/jenkinsci/jenkins/blob/b1ff026023c71202cdfc1894a33cd0c85ddc11e2/core/src/main/resources/hudson/util/HudsonIsRestarting/index.jelly#L60 https://github.com/jenkinsci/jenkins/blob/b1ff026023c71202cdfc1894a33cd0c85ddc11e2/war/src/main/webapp/scripts/loading.js Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49745) Too many CrumbFilter log entries per second
Title: Message Title Tobias Gruetzmacher updated JENKINS-49745 This is now a bit saner: Only one request for all fields After 10 unsuccessful requests, further updates are suspended Test build will probably be available later: https://ci.jenkins.io/blue/organizations/jenkins/Plugins%2Fdashboard-view-plugin/branches Jenkins / JENKINS-49745 Too many CrumbFilter log entries per second Change By: Tobias Gruetzmacher Status: Open Fixed but Unreleased Resolution: Fixed Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to
[JIRA] (JENKINS-49745) Too many CrumbFilter log entries per second
Title: Message Title Tobias Gruetzmacher assigned an issue to Tobias Gruetzmacher Jenkins / JENKINS-49745 Too many CrumbFilter log entries per second Change By: Tobias Gruetzmacher Assignee: Tobias Gruetzmacher Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49745) Too many CrumbFilter log entries per second
Title: Message Title Daniel Beck commented on JENKINS-49745 Re: Too many CrumbFilter log entries per second It also seems wrong that if the permission for Jenkins are such that anyone (anonymous) can view a URL, then GET requests for that URL shouldn't need a CSRF token and should never raise a 403. GET doesn't have CSRF protection, this sends POST. Possibly because it's the default. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49745) Too many CrumbFilter log entries per second
Title: Message Title
Christian Höltje edited a comment on JENKINS-49745
Re: Too many CrumbFilter log entries per second
I'm glad my extra research helped identify the culprit (dashboard-view).I'm not familiar enough with Jelly to know exactly what's going on but it looks like some of the problems are:* It doesn't check the return value (or {{try}}/{{catch}} if done that way) in case there is an error (e.g. a 403). This means there is nothing to bounce the page to the login page (if it requires auth) or refetch a CSRF token. * It fetches everything, even if only some items are needed.* This stuff, if everything is needed, could be returned as a single struct. * Did I miss anything? I'm not familiar with how the CSRF stuff is implemented in Jenkins. It also seems wrong that if the permission for Jenkins are such that anyone (anonymous) can view a URL, then {{GET}} requests for that URL shouldn't need a CSRF token and should never raise a 403.
Add Comment
This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49745) Too many CrumbFilter log entries per second
Title: Message Title Christian Höltje commented on JENKINS-49745 Re: Too many CrumbFilter log entries per second I'm glad my extra research helped identify the culprit (dashboard-view). I'm not familiar enough with Jelly to know exactly what's going on but it looks like some of the problems are: It doesn't check the return value (or try/catch if done that way) in case there is an error (e.g. a 403). It fetches everything, even if only some items are needed. This stuff, if everything is needed, could be returned as a single struct. It also seems wrong that if the permission for Jenkins are such that anyone (anonymous) can view a URL, then GET requests for that URL shouldn't need a CSRF token and should never raise a 403. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49745) Too many CrumbFilter log entries per second
Title: Message Title Daniel Beck commented on JENKINS-49745 Re: Too many CrumbFilter log entries per second https://github.com/jenkinsci/dashboard-view-plugin/blob/392aaa7c4631a459ce7af801a66ee0fdd09cab08/src/main/resources/hudson/plugins/view/dashboard/stats/StatSlaves/statslaves.jelly#L32...L47 seems to be overly simplistic. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49745) Too many CrumbFilter log entries per second
Title: Message Title Daniel Beck commented on JENKINS-49745 Re: Too many CrumbFilter log entries per second I consider this to be a bug in Dashboard View Plugin that seems to provide these URLs and doesn't seem to handle 403 well (https://github.com/jenkinsci/dashboard-view-plugin/blob/392aaa7c4631a459ce7af801a66ee0fdd09cab08/src/main/java/hudson/plugins/view/dashboard/stats/StatSlaves.java). Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49745) Too many CrumbFilter log entries per second
Title: Message Title Daniel Beck updated an issue Jenkins / JENKINS-49745 Too many CrumbFilter log entries per second Change By: Daniel Beck Component/s: dashboard-view-plugin Component/s: core Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49745) Too many CrumbFilter log entries per second
Title: Message Title Oleg Nenashev updated an issue Jenkins / JENKINS-49745 Too many CrumbFilter log entries per second Change By: Oleg Nenashev Labels: newbie-friendly Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49745) Too many CrumbFilter log entries per second
Title: Message Title Oleg Nenashev commented on JENKINS-49745 Re: Too many CrumbFilter log entries per second There were some fixes in the recent core for not showing these warning for requests coming from old open browser pages after restart in 2.82: JENKINS-40344 . Maybe the fix was not complete. Seems Christian Höltje has a discussion there as well. Also CC Daniel Beck Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49745) Too many CrumbFilter log entries per second
Title: Message Title Oleg Nenashev updated an issue Jenkins / JENKINS-49745 Too many CrumbFilter log entries per second Change By: Oleg Nenashev Labels: newbie-friendly Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49745) Too many CrumbFilter log entries per second
Title: Message Title Oleg Nenashev commented on JENKINS-49745 Re: Too many CrumbFilter log entries per second CC Wadeck Follonier Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49745) Too many CrumbFilter log entries per second
Title: Message Title Christian Höltje created an issue Jenkins / JENKINS-49745 Too many CrumbFilter log entries per second Issue Type: Bug Assignee: Unassigned Components: core Created: 2018-02-26 15:24 Environment: Jenkins 2.89.4 Priority: Major Reporter: Christian Höltje The hudson.security.csrf.CrumbFilter generates so many log entries it causes parts of Jenkins to stall until the rate of log messages slows down. 2018-02-24 05:17:10.406+ [id=20011] WARNING hudson.security.csrf.CrumbFilter#doFilter: Found invalid crumb 418a20cb74b577eaae393aa8ac0e. Will check remaining parameters for a valid one... 2018-02-24 05:17:10.406+ [id=20011] WARNING hudson.security.csrf.CrumbFilter#doFilter: No valid crumb was included in request for /$stapler/bound/419618ba-22aa-4afb-8528-b112a604cce9/getOnlineSlaves by joecool. Returning 403. The amount of these logs was causing my Jenkins to stop working: The executors were not being released by jobs (even after they were done running) until the log entry could be written. I checked through the logs and all the entries I have are for these URLs (there could be more, due to the logs rolling so quick): /$stapler/bound/419618ba-22aa-4afb-8528-b112a604cce9/getDisconnectedSlaves /$stapler/bound/419618ba-22aa-4afb-8528-b112a604cce9/getOfflineSlaves
