[jenkinsci/gerrit-code-review-plugin] a02a89: [SECURITY-2847] Introduce apiKey/jobName to WebHoo...

Mon, 22 Jan 2024 12:40:54 -0800 

  Branch: refs/heads/master
  Home:   https://github.com/jenkinsci/gerrit-code-review-plugin
  Commit: a02a89fc4dc6b93af4f50052c8cdfb2df160f84c
      
https://github.com/jenkinsci/gerrit-code-review-plugin/commit/a02a89fc4dc6b93af4f50052c8cdfb2df160f84c
  Author: Luca Milanesio <luca.milane...@gmail.com>
  Date:   2024-01-18 (Thu, 18 Jan 2024)

  Changed paths:
    M src/main/java/jenkins/plugins/gerrit/GerritSCMSource.java
    M src/main/java/jenkins/plugins/gerrit/GerritWebHook.java
    M src/main/resources/jenkins/plugins/gerrit/GerritSCMNavigator/config.jelly
    A 
src/main/resources/jenkins/plugins/gerrit/GerritSCMNavigator/help-apiKey.html
    M 
src/main/resources/jenkins/plugins/gerrit/GerritSCMSource/config-detail.jelly
    A src/main/resources/jenkins/plugins/gerrit/GerritSCMSource/help-apiKey.html
    A src/test/java/hudson/util/TestSecret.java
    M src/test/java/jenkins/plugins/gerrit/GerritWebHookTriggerTest.java

  Log Message:
  -----------
  [SECURITY-2847] Introduce apiKey/jobName to WebHooks to prevent abuse

The /gerrit-webhook/ endpoint allows the rescan of the SCM branches
as soon as a Gerrit ref-update (or other event) is received, thanks to
the integration with Gerrit web-hooks. However, the trigger can be also
executed by a malicious user that could "guess" the project name by
suffix and therefore cause a significant server overload due to the
retriggering of the SCM scans.

Introduce an additional apiKey parameter to the Gerrit SCM Source
as an additional layer of security to prevent abuse by a malicious
REST-API execution.

P.S. The apiKey needs to be specified as URL query parameter because
of the current lack of support of extra HTTP headers by Gerrit
web-hooks.

Also add a secondary 'jobName' in the query string for preventing
the accidental matching of projects by SCM source suffixes: only the
multi-branch pipeline matching exactly the job name specified will
be considered for triggering the SCM source events.

NOTE: This is a breaking change for existing job definitions
and webhooks configuration because the apiKey is a mandatory
parameter, its absence would cause the webhook to fail and existing
jobs to miss the automatic triggering.

Change-Id: I55ceb10a00981f6c0f889616ee906f1d002782cb


-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/gerrit-code-review-plugin/push/refs/heads/master/d9df64-a02a89%40github.com.

Reply via email to