Monday, 2016-06-20

« Sunday, 2016-06-19 Index Tuesday, 2016-06-21 »
*** dave-mccowan has joined #openstack-security00:01
*** M00nr41n has joined #openstack-security00:33
*** M00nr41n has left #openstack-security00:33
*** M00nr41n has joined #openstack-security00:36
*** dave-mccowan has quit IRC00:52
*** yuanying has quit IRC01:00
*** M00nr41n has quit IRC01:15
*** M00nr41n has joined #openstack-security02:04
*** dave-mccowan has joined #openstack-security02:29
*** yarkot1 has joined #openstack-security02:30
*** M00nr41n has quit IRC03:12
*** dave-mccowan has quit IRC03:45
*** yuanying has joined #openstack-security04:08
*** markvoelker has joined #openstack-security04:18
*** M00nr41n has joined #openstack-security04:21
*** markvoelker has quit IRC04:22
*** rcernin has joined #openstack-security06:13
*** markvoelker has joined #openstack-security06:18
*** markvoelker has quit IRC06:23
*** pcaruana has joined #openstack-security06:24
*** liverpooler has joined #openstack-security06:59
*** agireud has quit IRC08:06
*** agireud has joined #openstack-security08:12
*** agireud has quit IRC08:17
*** markvoelker has joined #openstack-security08:19
*** markvoelker has quit IRC08:24
*** agireud has joined #openstack-security08:28
*** yuanying has quit IRC08:31
*** yuanying has joined #openstack-security09:48
*** shakamunyi has quit IRC09:48
*** shakamunyi has joined #openstack-security09:56
*** hyakuhei has quit IRC10:03
*** hyakuhei has joined #openstack-security10:03
*** hyakuhei has joined #openstack-security10:03
*** yuanying has quit IRC10:17
*** markvoelker has joined #openstack-security10:20
*** markvoelker has quit IRC10:24
*** rcernin is now known as rcernin|lunch10:37
*** yuanying has joined #openstack-security10:44
*** yuanying has quit IRC10:45
*** yuanying has joined #openstack-security10:51
*** yuanying has quit IRC10:55
*** yuanying has joined #openstack-security10:59
*** yuanying has quit IRC11:01
*** yuanying has joined #openstack-security11:13
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/33162611:18
*** yuanying has quit IRC11:19
*** yuanying has joined #openstack-security11:20
*** yuanying has quit IRC11:22
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/33162611:26
*** yuanying has joined #openstack-security11:35
*** yuanying has quit IRC11:37
*** yuanying has joined #openstack-security11:39
*** yuanying has quit IRC11:44
*** rcernin|lunch is now known as rcernin11:53
*** dave-mccowan has joined #openstack-security12:06
*** yuanying has joined #openstack-security12:09
*** yuanying has quit IRC12:12
*** markvoelker has joined #openstack-security12:12
*** agireud has quit IRC12:13
*** LongyanG has quit IRC12:14
*** LongyanG has joined #openstack-security12:14
*** agireud has joined #openstack-security12:16
*** B_Smith has quit IRC12:22
*** yuanying has joined #openstack-security12:28
*** B_Smith has joined #openstack-security12:28
*** yuanying has quit IRC12:31
*** B_Smith has quit IRC12:32
*** yuanying has joined #openstack-security12:32
*** B_Smith has joined #openstack-security12:33
*** liverpooler has quit IRC12:35
*** tkelsey has joined #openstack-security12:38
*** yuanying has quit IRC12:43
*** aurelien__ has joined #openstack-security12:51
*** aurelien__ has quit IRC12:59
*** yuanying has joined #openstack-security13:05
*** yuanying has quit IRC13:09
*** edmondsw has joined #openstack-security13:15
*** liverpooler has joined #openstack-security13:44
*** M00nr41n has quit IRC13:58
*** _sigmavirus24 is now known as sigmavirus2414:00
*** sigmavirus24 has joined #openstack-security14:00
*** canaimro1234 has joined #openstack-security14:18
*** canaimro1234 has quit IRC14:18
*** vinaypotluri has joined #openstack-security14:31
*** mvaldes has joined #openstack-security14:35
*** jhfeng has joined #openstack-security14:37
*** zul_ is now known as zul14:40
*** austin987 has quit IRC15:32
*** unrahul has joined #openstack-security15:40
*** austin987 has joined #openstack-security15:44
*** pcaruana has quit IRC15:45
*** ccneill has joined #openstack-security15:49
*** rcernin has quit IRC15:55
*** zul has quit IRC16:00
openstackgerritRahul U Nair proposed openstack/syntribos: signals check-file to fingerprint the SUT  https://review.openstack.org/33134016:03
*** M00nr41n has joined #openstack-security16:22
openstackgerritMichael Dong proposed openstack/syntribos: Moved SSL test out of BaseFuzzTestCase  https://review.openstack.org/33128816:26
*** ibravo has joined #openstack-security16:30
*** mvaldes has quit IRC16:35
*** mdong has joined #openstack-security16:37
unrahulHey ccneill mdong vinaypotluri , for stacktrace detection checks, what approach should we choose...?16:50
ccneillthis is the approach tristanC took with his fuzzer: http://softwarefactory-project.io/r/gitweb?p=restfuzz.git;a=blob;f=restfuzz/health.py;h=3acb38fda92fd0c25f35c3c30e4ddb59fd2b46f6;hb=refs/heads/master16:51
ccneillbasically, look for the "cookie", then look for a well-formatted stacktrace16:52
ccneillbased on the length of lines16:52
tristanCccneill: heh, that code is really a proof of concept, but it does extract traceback from log files16:53
*** rcernin has joined #openstack-security16:53
tristanCand it compute a hash to check for uniq/new tracebacks16:53
ccneilltristanC: I think we can at least use it as an example to start from for our purposes16:55
tristanCccneill: yes sure, it's quite handy for local inspection, feel free to borrow that code16:56
unrahultristanC: thank u, ccneill:  agreed, it looks straightforward, I think its a good example to start working on ours..16:56
tristanCideally you want a logstash gig to chop logs and index all api logs16:57
ccneilltristanC: we'll just be analyzing responses from the API to see if they contain stacktraces, not actually looking at the stacktraces from the app node16:58
unrahulccneill: +1 tristanC:   so I guess we don't need to really something like that, something simple and straightforward to get a possible signal on whats going on16:59
ccneillunrahul: we don't necessarily have to parse the stacktrace into an actual structure, we just have to be relatively sure that there is one17:00
ccneillI suppose we COULD go that far, but I don't know how much it buys us17:00
unrahulccneill: yup , yeah I also dont think that is really needed ryt now.. for the initial checks.. may be a value add sometime later.17:00
ccneilltristanC: thank you by the way for writing up that blog post about your tool. I've been trying to figure out how we might be able to work together between our two tools17:01
tristanCccneill: that's very nice to hear, you're welcome!17:01
ccneilltristanC: I think there are a lot of similarities, but we're each taking a slightly different approach17:01
tristanCccneill: my last work-in-progress on restfuzz was to add a "--printer" mode to just output http trace... perhaps this can be used to feed api call in syntribos. it's http://softwarefactory-project.io/r/#/c/2652/17:03
ccneillhmmm interesting17:04
ccneillI'll look over it17:05
ccneillah so this is for spitting out raw HTTP requests generated by the YAML files?17:06
ccneillthat might be very handy indeed..17:06
*** tkelsey has quit IRC17:07
tristanCccneill: yep exactly. however to get interesting call you need valid uuid.17:07
ccneillright. that's one thing we don't really have a notion of at this point is purposefully CRUDing objects17:07
ccneillwe just kind of slam the API with whatever we can come up with, but we don't have a structure of "this is what's expected by the API, and this is what we expect to receive as a response"17:08
ccneillsince we haven't really solved for SPECIFIC APIs, but more the general case17:08
ccneillwell17:08
ccneillwe do have a notion of what's expected in terms of variable names, etc., but they aren't distinct data types as in your tool17:09
ccneillwhich might be something worth looking at for us at some point17:09
ccneillbrb17:09
tristanCccneill: it's important to keep a generic approach, but api that uses uuid really need a tool capable of inspecting or re-using valid uuid to test behind early checks17:14
*** rcernin has quit IRC17:18
*** tkelsey has joined #openstack-security17:21
ccneilltristanC: yep, we definitely want to get there in the future17:21
ccneilltristanC: makes it possible to test for stuff like stored XSS that we don't have a great answer for right now17:22
*** mdong has quit IRC17:28
*** ametts has joined #openstack-security17:39
*** ibravo has quit IRC17:41
*** ibravo has joined #openstack-security17:42
*** browne has joined #openstack-security17:52
*** rcernin has joined #openstack-security17:52
openstackgerritCharles Neill proposed openstack/syntribos: Creates SynSignal and SignalHolder classes  https://review.openstack.org/33128617:55
*** ibravo has quit IRC18:01
*** ibravo has joined #openstack-security18:02
*** ibravo has quit IRC18:03
*** ibravo has joined #openstack-security18:04
*** mvaldes has joined #openstack-security18:04
*** ibravo has quit IRC18:07
*** mdong has joined #openstack-security18:15
*** shakamunyi has quit IRC18:17
*** ccneill has quit IRC18:33
*** ccneill has joined #openstack-security18:46
*** xsallowed has joined #openstack-security18:48
*** xsallowed has quit IRC18:48
*** zul has joined #openstack-security18:53
*** zul has quit IRC18:54
*** zul has joined #openstack-security18:54
*** tkelsey has quit IRC19:00
*** mdong has quit IRC19:00
*** mdong_ has joined #openstack-security19:01
*** mdong_ is now known as mdong19:01
*** jhfeng has quit IRC19:19
*** davidjd-gh has joined #openstack-security19:25
davidjd-ghhola19:25
*** M00nr41n has quit IRC19:27
*** davidjd-gh has quit IRC19:30
mdonghey ccneill: can I get a +1 workflow on the reporting change?19:33
ccneillyeah, just wanted to make sure we were happy with it and didn't need to make any changes before +workflow19:33
ccneilldone19:41
openstackgerritMerged openstack/syntribos: Formatter now reports by issue rather than by test  https://review.openstack.org/33024419:45
openstackgerritMerged openstack/syntribos: Moved SSL test out of BaseFuzzTestCase  https://review.openstack.org/33128819:49
*** jhfeng has joined #openstack-security19:50
openstackgerritCharles Neill proposed openstack/syntribos: Creates SynSignal and SignalHolder classes  https://review.openstack.org/33128620:16
*** zul has quit IRC20:18
*** zul has joined #openstack-security20:22
openstackgerritCharles Neill proposed openstack/syntribos: Creates SynSignal and SignalHolder classes  https://review.openstack.org/33128620:22
*** jhfeng has quit IRC20:24
*** jhfeng has joined #openstack-security20:30
*** rcernin has quit IRC20:31
*** zul has quit IRC20:39
openstackgerritMichael Dong proposed openstack/syntribos: Simplified imports and added constants  https://review.openstack.org/33183120:42
*** ibravo2 has joined #openstack-security20:44
*** ibravo2 has quit IRC20:49
*** ibravo has joined #openstack-security20:50
*** mvaldes has quit IRC20:50
openstackgerritCharles Neill proposed openstack/syntribos: Modifies HTTP client to use checks/signals  https://review.openstack.org/33183320:51
*** jhfeng has quit IRC20:52
*** jhfeng has joined #openstack-security20:53
*** zul has joined #openstack-security20:57
openstackgerritCharles Neill proposed openstack/syntribos: Modifies HTTP client to use checks/signals  https://review.openstack.org/33183321:10
*** zul has quit IRC21:14
*** mvaldes has joined #openstack-security21:15
*** zul has joined #openstack-security21:16
*** salv-orlando has joined #openstack-security21:22
*** zul has quit IRC21:25
*** zul has joined #openstack-security21:31
openstackgerritRahul U Nair proposed openstack/syntribos: signals check-file to fingerprint the SUT  https://review.openstack.org/33134021:42
*** mvaldes has quit IRC21:48
*** ccneill has quit IRC21:55
openstackgerritRahul U Nair proposed openstack/syntribos: signals check-file to fingerprint the SUT  https://review.openstack.org/33134021:56
*** tkelsey has joined #openstack-security21:59
*** zul has quit IRC22:03
*** tkelsey has quit IRC22:03
*** sigmavirus24 is now known as sigmavirus24_awa22:04
*** edmondsw has quit IRC22:07
*** ccneill has joined #openstack-security22:23
openstackgerritMichael Dong proposed openstack/syntribos: added min and max severity and confidence filtering  https://review.openstack.org/33186822:25
openstackgerritMichael Dong proposed openstack/syntribos: Simplified imports and added constants  https://review.openstack.org/33183122:27
*** ametts has quit IRC22:27
*** ibravo has quit IRC22:36
*** woodburn has quit IRC22:55
*** julian1 has joined #openstack-security22:56
*** mdong has quit IRC22:59
*** tkelsey has joined #openstack-security23:00
*** julian1 has quit IRC23:03
*** julian1 has joined #openstack-security23:03
*** tkelsey has quit IRC23:04
openstackgerritCharles Neill proposed openstack/syntribos: Modifies HTTP client to use checks/signals  https://review.openstack.org/33183323:06
openstackgerritCharles Neill proposed openstack/syntribos: Modifies HTTP client to use checks/signals  https://review.openstack.org/33183323:07
*** julian1 has quit IRC23:17
*** jhfeng has quit IRC23:17
*** salv-orlando has quit IRC23:25
*** yuanying has joined #openstack-security23:31
*** sdake has joined #openstack-security23:38
openstackgerritMerged openstack/bandit: Allow output to default to stdout using argparse  https://review.openstack.org/32614823:42
*** sdake_ has joined #openstack-security23:42
*** sdake has quit IRC23:43
*** ccneill has quit IRC23:44
« Sunday, 2016-06-19 Index Tuesday, 2016-06-21 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!