Thursday, 2016-07-14

« Wednesday, 2016-07-13 Index Friday, 2016-07-15 »
*** davidjd-gh has joined #openstack-security00:28
*** davidjd-gh has left #openstack-security00:28
*** yuanying has quit IRC00:30
*** davidjd-gh has joined #openstack-security00:48
*** davidjd-gh has left #openstack-security00:49
*** edtubill has joined #openstack-security00:54
*** browne has quit IRC01:20
*** unrahul has quit IRC01:22
*** yuanying has joined #openstack-security01:36
*** edtubill has quit IRC01:38
*** vinaypotluri has quit IRC01:51
*** yuanying has quit IRC02:03
*** yuanying has joined #openstack-security02:03
*** yuanying has quit IRC02:04
*** yuanying has joined #openstack-security02:08
*** yuanying has quit IRC02:12
*** yuanying has joined #openstack-security02:14
*** yuanying has quit IRC02:26
*** dave-mccowan has quit IRC02:39
*** deblike has quit IRC02:43
*** markvoelker has quit IRC02:45
*** sdake has joined #openstack-security02:59
*** yuanying has joined #openstack-security03:13
*** yuanying has quit IRC03:18
*** yuanying has joined #openstack-security03:18
*** yuanying has quit IRC03:23
*** markvoelker has joined #openstack-security03:39
*** yuanying has joined #openstack-security03:59
*** eric_lopez has joined #openstack-security04:18
*** elo has quit IRC04:21
*** yuanying has quit IRC04:58
*** austin987 has quit IRC05:08
*** yuanying has joined #openstack-security05:08
*** austin987 has joined #openstack-security05:09
*** austin987 has quit IRC05:12
*** sdake has quit IRC05:26
*** markvoelker has quit IRC05:52
*** yuanying has quit IRC05:56
*** yuanying has joined #openstack-security05:58
*** rcernin has joined #openstack-security06:01
*** markvoelker has joined #openstack-security06:34
*** liverpooler has joined #openstack-security06:38
*** markvoelker has quit IRC06:39
*** pcaruana has joined #openstack-security06:40
*** rcernin has quit IRC07:05
*** tesseract- has joined #openstack-security07:10
*** rcernin has joined #openstack-security07:21
*** markvoelker has joined #openstack-security07:28
*** markvoelker has quit IRC07:35
*** yuanying has quit IRC07:42
*** yuanying has joined #openstack-security07:43
*** liverpooler has quit IRC07:51
*** liverpooler has joined #openstack-security07:51
*** d0ugal has joined #openstack-security07:59
*** rcernin has quit IRC08:00
*** rcernin has joined #openstack-security08:13
*** markvoelker has joined #openstack-security08:23
*** markvoelker has quit IRC08:27
*** yuanying has quit IRC08:31
*** yuanying has joined #openstack-security08:37
*** gszafranski has joined #openstack-security08:41
*** gszafranski has quit IRC08:52
*** gszafranski has joined #openstack-security08:52
*** yuanying has quit IRC08:53
*** aastha has quit IRC08:59
*** markvoelker has joined #openstack-security09:17
*** markvoelker has quit IRC09:21
*** woodburn has quit IRC09:35
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/34207109:47
*** markvoelker has joined #openstack-security10:11
*** markvoelker has quit IRC10:16
*** gszafranski has quit IRC10:27
*** gszafranski has joined #openstack-security10:28
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/34207110:56
*** gszafranski has quit IRC10:57
*** markvoelker has joined #openstack-security11:05
*** markvoelker has quit IRC11:09
*** v12aml has quit IRC11:11
*** dave-mccowan has joined #openstack-security11:41
*** markvoelker has joined #openstack-security11:59
*** markvoelker has quit IRC12:03
*** _elmiko is now known as elmiko12:46
*** d0ugal has quit IRC12:53
*** edmondsw has joined #openstack-security13:06
*** sdake__ has joined #openstack-security13:15
*** cleong has joined #openstack-security13:30
*** bigdogstl has joined #openstack-security13:31
*** bigdogstl has quit IRC13:31
*** ametts has joined #openstack-security13:33
*** ninag has joined #openstack-security13:39
*** ninag has quit IRC13:45
*** ccneill has joined #openstack-security13:46
*** woodburn has joined #openstack-security13:47
*** datadog327 has joined #openstack-security13:47
*** ametts has quit IRC13:54
*** ccneill has quit IRC13:55
*** ametts has joined #openstack-security14:07
*** edmondsw has quit IRC14:10
openstackgerritTim Kelsey proposed openstack/bandit: Adding more plugin config docs  https://review.openstack.org/34141714:14
*** catintheroof has joined #openstack-security14:16
*** aastha has joined #openstack-security14:19
*** jmckind has joined #openstack-security14:20
*** deblike has joined #openstack-security14:33
*** markvoelker has joined #openstack-security14:35
*** mvaldes has joined #openstack-security14:35
*** zul has quit IRC14:36
*** pcaruana has quit IRC14:39
*** zul has joined #openstack-security14:40
*** d0ugal has joined #openstack-security14:46
*** edtubill has joined #openstack-security14:54
*** mvaldes has quit IRC15:02
*** edmondsw has joined #openstack-security15:05
*** vinaypotluri has joined #openstack-security15:09
*** d0ugal has quit IRC15:16
*** d0ugal has joined #openstack-security15:17
*** mvaldes has joined #openstack-security15:58
*** mdong has joined #openstack-security16:03
*** jmckind_ has joined #openstack-security16:09
*** jmckind has quit IRC16:12
*** sdake__ is now known as sdake16:20
*** rcernin has quit IRC16:21
*** d0ugal has quit IRC16:49
*** mvaldes has quit IRC16:51
*** tmcpeak has joined #openstack-security16:56
*** unrahul has joined #openstack-security16:58
*** tkelsey has joined #openstack-security17:00
*** sdake has quit IRC17:00
*** sdake has joined #openstack-security17:02
*** jmckind_ has quit IRC17:03
*** jmckind has joined #openstack-security17:05
openstackgerritMerged openstack/security-doc: Adding OSSN-0068  https://review.openstack.org/31389617:15
*** jmckind has quit IRC17:25
*** rcernin has joined #openstack-security17:32
*** browne has joined #openstack-security17:32
*** sdake_ has joined #openstack-security17:42
*** tesseract- has quit IRC17:44
*** sdake has quit IRC17:44
*** catintheroof has quit IRC17:58
*** sdake has joined #openstack-security18:02
*** jmckind has joined #openstack-security18:02
*** sdake_ has quit IRC18:03
*** tkelsey has quit IRC18:09
*** sdake_ has joined #openstack-security18:16
*** sdake has quit IRC18:18
*** mvaldes has joined #openstack-security18:24
*** eric_lopez has quit IRC18:41
*** elo has joined #openstack-security18:42
*** mvaldes has quit IRC18:48
*** ccneill has joined #openstack-security18:56
*** catintheroof has joined #openstack-security19:18
*** sdake__ has joined #openstack-security19:19
*** mvaldes has joined #openstack-security19:19
*** sdake_ has quit IRC19:21
*** sdake_ has joined #openstack-security19:25
*** sdake__ has quit IRC19:28
openstackgerritRahul U Nair proposed openstack/syntribos: Adding header checks and unit tests  https://review.openstack.org/34021119:32
*** jmckind_ has joined #openstack-security19:36
*** davidjd-gh has joined #openstack-security19:39
*** davidjd-gh has left #openstack-security19:40
*** jmckind has quit IRC19:40
unrahulHey ccneill you here?19:41
unrahulHey aastha, vinaypotluri can you please review https://review.openstack.org/34021119:42
unrahulccneill: mdong  for checks like content_type, should be check the test_resp too, i feel it would be an over head to do that.. unless there is a side effect due to the fuzz string.. as if we are checking test_resp each time, for some tests, it would be an overkill, what do you guys think..?19:44
*** davidjd-gh has joined #openstack-security20:00
*** ametts has quit IRC20:00
*** davidjd-gh has left #openstack-security20:00
ccneillunrahul: I think the key is making the checks light-weight enough that the overhead is negligible20:02
ccneillunrahul: we should only do the check on the init_resp one time so that we're not just wasting time there20:02
ccneillunrahul: but an example might be if you submit a string that crashes the app and the webserve responds with a 500; so init_resp might have a JSON content type, and then test_resp has an HTML content type20:03
ccneillI think most of our overhead at this point is in waiting for the HTTP req/resp to happen, and then spitting out our results log20:04
*** tkelsey has joined #openstack-security20:04
unrahulMm.. Yeah that is a possible situation where the checks matter20:05
*** tkelsey has quit IRC20:09
*** jmckind_ has quit IRC20:14
*** ametts has joined #openstack-security20:15
*** jmckind has joined #openstack-security20:16
*** datadog327 has quit IRC20:35
ccneillI think we want to make as few of those decisions as possible. we don't want an endless list of checks, but at the same time, with APIs, there's really only so much info you can glean from any given req/resp20:37
ccneillso I think a canonical set of checks every time should be reasonable. if we find that the performance hit is too much, we can always revise20:37
ccneill(e.g. status code, content type)20:37
ccneillunrahul, mdong, vinaypotluri, aastha: some thoughts on signal convenience methods: https://gist.github.com/cneill/d004a865f5bfd5ad056fbf86184ba16a20:38
ccneilljust a couple ideas I had20:38
ccneillalso added a bunch of action items for logging: https://gist.github.com/cneill/d004a865f5bfd5ad056fbf86184ba16a20:40
ccneillunrahul: I deleted the task that was assigned to you that was basically "do logging" and broke it into smaller sub-tasks20:41
*** davidjd-gh has joined #openstack-security20:42
*** v12aml has joined #openstack-security20:42
*** davidjd-gh has left #openstack-security20:47
unrahulccneill:  was in a meeting, just seeing all these ping..20:49
*** deblike has quit IRC20:51
unrahulHey ccneill  was it a second gist20:52
unrahul?20:52
unrahuli think u posted the same gist.. twice..20:53
unrahul?20:53
*** davidjd-gh1 has joined #openstack-security20:57
*** davidjd-gh1 has left #openstack-security20:58
*** mdong has quit IRC20:58
*** mdong has joined #openstack-security21:00
*** davidjd-gh has joined #openstack-security21:03
*** davidjd-gh has left #openstack-security21:04
ccneillah, oops21:05
ccneillI meant to link the trello board on the second one21:05
ccneillhttps://trello.com/c/jH4gDppe/27-sectest-syn-remove-opencafe-from-syntribos21:05
openstackgerritMerged openstack/syntribos: Adding header checks and unit tests  https://review.openstack.org/34021121:06
ccneillunrahul: re: your comments on this CR https://review.openstack.org/#/c/340602/21:06
ccneillwe may make different sets of "default checks" based on the type of test21:07
ccneillI think that makes sense21:07
ccneillso we might have a basic set for BTC, a few more for BFTC, and then whatever you want for other test types21:07
*** edtubill has quit IRC21:20
*** rcernin has quit IRC21:24
*** cleong has quit IRC21:26
openstackgerritMichael Dong proposed openstack/syntribos: Refactored Auth test  https://review.openstack.org/34047721:37
*** catintheroof has quit IRC21:40
unrahulokay ccneill .. that makes sense..21:52
unrahulI shall update the checks to enable things like that.21:52
*** edmondsw has quit IRC21:52
unrahulls21:54
unrahul! wrong window!21:54
openstackunrahul: Error: "wrong" is not a valid command.21:54
*** ametts has quit IRC22:01
*** ccneill has quit IRC22:02
*** openstackgerrit has quit IRC22:03
*** openstackgerrit has joined #openstack-security22:03
*** elo has quit IRC22:09
*** elo has joined #openstack-security22:09
*** mvaldes has quit IRC22:12
openstackgerritMerged openstack/bandit: Adding more plugin config docs  https://review.openstack.org/34141722:21
openstackgerritEric Brown proposed openstack/bandit: Remove discover from test-requirements  https://review.openstack.org/34245522:31
*** mdong_ has joined #openstack-security22:49
*** mdong has quit IRC22:51
*** mdong_ is now known as mdong22:51
*** ccneill has joined #openstack-security23:07
*** jerrygb has joined #openstack-security23:08
*** jmckind has quit IRC23:10
openstackgerritMichael Dong proposed openstack/syntribos: Removed openCAFE dependencies from identity extension  https://review.openstack.org/33840323:20
openstackgerritMichael Dong proposed openstack/syntribos: Removed openCAFE dependencies from identity extension  https://review.openstack.org/33840323:23
*** jerrygb has quit IRC23:24
openstackgerritMichael Dong proposed openstack/syntribos: Refactored Auth test  https://review.openstack.org/34047723:25
*** mdong has quit IRC23:28
*** ccneill has quit IRC23:46
*** tmcpeak has quit IRC23:50
« Wednesday, 2016-07-13 Index Friday, 2016-07-15 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!