Friday, 2016-08-26

« Thursday, 2016-08-25 Index Saturday, 2016-08-27 »
*** chas has quit IRC00:02
*** aastha has quit IRC00:17
*** dikonoor has joined #openstack-security00:31
*** salv-orlando has joined #openstack-security00:46
*** salv-orlando has quit IRC00:51
*** dave-mccowan has quit IRC01:06
*** dikonoor has quit IRC01:15
*** dave-mccowan has joined #openstack-security01:29
*** jamielennox is now known as jamielennox|away01:50
*** salv-orlando has joined #openstack-security01:53
*** jamielennox|away is now known as jamielennox02:00
*** salv-orlando has quit IRC02:04
*** diazjf has joined #openstack-security02:07
*** sdake_ has joined #openstack-security02:08
*** sdake has quit IRC02:12
*** austin987 has joined #openstack-security02:12
*** chas has joined #openstack-security02:14
*** sdake_ has quit IRC02:17
*** chas has quit IRC02:18
*** sdake has joined #openstack-security02:19
*** sdake has quit IRC02:23
*** sdake has joined #openstack-security02:29
*** bigdogstl has joined #openstack-security02:46
*** bigdogstl has quit IRC02:51
*** bigdogstl has joined #openstack-security02:56
*** jamielennox is now known as jamielennox|away02:56
*** diazjf has quit IRC02:58
*** bigdogstl has quit IRC03:01
*** salv-orlando has joined #openstack-security03:03
*** salv-orlando has quit IRC03:06
*** jamielennox|away is now known as jamielennox03:10
*** sdake has quit IRC03:12
*** sdake has joined #openstack-security03:13
openstackgerritVinay Potluri proposed openstack/security-doc: Updated OSSN-0069  https://review.openstack.org/35671203:24
*** dikonoor has joined #openstack-security03:46
*** sdake has quit IRC03:56
*** austin987 has quit IRC04:00
*** salv-orlando has joined #openstack-security04:07
*** dave-mccowan has quit IRC04:09
*** salv-orlando has quit IRC04:14
*** chas has joined #openstack-security04:15
*** chas has quit IRC04:20
*** sdake has joined #openstack-security04:22
*** chas has joined #openstack-security04:46
*** chas has quit IRC04:50
*** austin987 has joined #openstack-security04:59
*** terri has quit IRC04:59
*** austin987 has quit IRC05:11
*** salv-orlando has joined #openstack-security05:17
*** salv-orlando has quit IRC05:20
*** salv-orlando has joined #openstack-security05:25
*** salv-orlando has quit IRC05:25
*** salv-orlando has joined #openstack-security05:26
*** austin987 has joined #openstack-security05:27
*** austin987 has quit IRC05:52
*** chas has joined #openstack-security06:12
*** rcernin has joined #openstack-security06:26
*** salv-orlando has quit IRC06:31
*** tesseract- has joined #openstack-security06:44
*** salv-orlando has joined #openstack-security06:45
*** salv-orlando has quit IRC07:16
*** jass93 has quit IRC07:39
*** jass93 has joined #openstack-security07:39
*** B_Smith has quit IRC07:54
*** B_Smith has joined #openstack-security07:54
*** salv-orlando has joined #openstack-security07:54
*** sdake has quit IRC08:05
*** sdake has joined #openstack-security08:05
*** openstackgerrit has quit IRC08:18
*** openstackgerrit has joined #openstack-security08:18
*** terri has joined #openstack-security08:30
*** sdake has quit IRC08:48
*** vinaypotluri has quit IRC09:01
*** salv-orl_ has joined #openstack-security09:17
*** salv-orlando has quit IRC09:20
*** tkelsey has joined #openstack-security09:32
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/36103809:34
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/36103809:49
*** chas_ has joined #openstack-security10:40
*** chas has quit IRC10:42
*** salv-orl_ has quit IRC11:27
*** shohel has joined #openstack-security11:35
*** chas_ has quit IRC11:51
*** woodster_ has joined #openstack-security12:34
*** nkinder has joined #openstack-security12:37
*** jass93 has quit IRC12:49
*** _elmiko is now known as elmiko12:56
*** salv-orlando has joined #openstack-security13:03
*** mvaldes has joined #openstack-security13:06
*** zul has joined #openstack-security13:07
*** dave-mccowan has joined #openstack-security13:12
openstackgerritAndreas Jaeger proposed openstack/security-analysis: Update requirements  https://review.openstack.org/36116713:13
openstackgerritAndreas Jaeger proposed openstack/security-analysis: Report sphinx errors  https://review.openstack.org/36116813:13
*** sdake has joined #openstack-security13:14
*** sdake_ has joined #openstack-security13:15
*** sdake has quit IRC13:19
*** sdake_ has quit IRC13:37
*** dikonoor has quit IRC13:38
*** sdake has joined #openstack-security13:40
*** salv-orlando has quit IRC13:40
*** shohel has quit IRC13:44
*** knangia has quit IRC13:51
*** mvaldes has quit IRC14:22
*** singlethink has joined #openstack-security14:24
*** ccneill-phone has quit IRC14:25
*** mvaldes has joined #openstack-security14:27
lhindswho are the core reviewers on openstack/security-doc ?14:31
*** cleong has joined #openstack-security14:35
*** zul has quit IRC14:42
*** vinaypotluri has joined #openstack-security14:47
*** hockeynut has joined #openstack-security15:03
*** rcernin has quit IRC15:04
*** sdake_ has joined #openstack-security15:11
*** sdake has quit IRC15:15
*** knangia has joined #openstack-security15:18
*** browne has joined #openstack-security15:20
*** aastha has joined #openstack-security15:26
*** ccneill has joined #openstack-security15:28
*** pcaruana has quit IRC15:33
*** tesseract- has quit IRC15:38
*** zul has joined #openstack-security15:42
openstackgerritAastha Dixit proposed openstack/syntribos: Buffer Overflow data file dependency is removed  https://review.openstack.org/36055815:52
*** zul has quit IRC15:56
*** mdong has joined #openstack-security16:08
*** edtubill has joined #openstack-security16:08
*** nkinder has quit IRC16:15
*** salv-orlando has joined #openstack-security16:18
*** diazjf has joined #openstack-security16:20
*** mdong_ has joined #openstack-security16:25
*** hockeynut has quit IRC16:28
*** mdong has quit IRC16:28
*** mdong_ is now known as mdong16:28
*** zul has joined #openstack-security16:30
*** tkelsey has quit IRC16:39
*** rcernin has joined #openstack-security16:44
*** nkinder has joined #openstack-security16:46
ccneillvinaypotluri / unrahul : can one of you review this and +2 if you're good with it?16:46
unrahulwhich one ccneill ?16:47
ccneillhttps://review.openstack.org/#/c/358870/16:47
vinaypotlurisure charles16:47
ccneillsorry, forgot to paste lol16:47
ccneillthanks!16:47
unrahul:D16:48
unrahuldone!16:48
unrahulccneill: can u pls check this https://review.openstack.org/#/c/360127/, sanitize logs cr and comment16:49
ccneillyep, taking a look now16:49
unrahulI was thinking of modifying it and making it mandatory that auth req creds are masked and giving option to the user to extend the functionality using a logging option to other stuff if req..16:50
*** mdong has quit IRC16:56
*** mdong_ has joined #openstack-security16:56
*** dikonoor has joined #openstack-security16:58
ccneilltrying to decide what terminology makes the most sense...17:00
openstackgerritMerged openstack/syntribos: Memoized extension functions  https://review.openstack.org/35887017:00
ccneillunrahul: maybe we make it a stropt with choices, like "all", "auth", and "none"17:03
ccneillall == we filter x-auth tokens and identity passwords17:04
ccneillmaybe "auth_password" == we only filter the password used to request the token17:04
*** nkinder has quit IRC17:04
ccneillnone == no filtering17:04
ccneillI guess we could make them individual logger options..17:05
ccneillmask_passwords, mask_tokens, mask_*17:05
unrahulhmm.. I think oslo utils only sanitize passwords, not tokens.. will have to overwrite the method.. dont think it would be a big deal though..17:06
unrahulso are we giving the option to mask/unmask auth req secrets??17:06
*** diazjf has quit IRC17:06
ccneillhmm I haven't really worked with oslo.util17:06
ccneilllet me look17:06
unrahulbecause.. I was thinking.. if we give an option to unmask auth req secrets.. and some leaves it open.. on a gate job.. everyone will get to know the login details to the cluster...  :/17:07
ccneillright.. I guess if they want to debug the password sent to identity they can look at it through a proxy17:08
ccneillI was thinking of leaving it configurable, but there's no reason to leave the option to shoot yourself in the foot if it's not really that useful in the first place17:08
unrahulyeah.. :D.. it would be epic..17:09
ccneilllooks like oslo.util doesn't do x-auth-token headers..17:10
unrahulso.. may be we can give options for rest of req.. but not for keystone auth.. and anyone want to build similar auth plugins/extenstions.. we could say in the doc to ensure that secrets are sanitized..17:10
ccneill+117:10
unrahulyeah .. I can checkout the code and think it would be a simple as adding one more option to the list.. (hopefully) and overide the method..17:11
ccneillhmm.. x-auth-tokens are gonna be tricky17:11
ccneillbecause we fuzz that header..17:11
unrahulor should we roll our own..?17:11
ccneillwe might want to roll our own17:11
unrahulwe fuzz passwords too ryt..?17:11
ccneillmmm yes we might, but not in the actual identity request17:11
unrahuloh.. yeah17:11
ccneill(get_token_v2/etc.)17:11
ccneillthat's the reason for the filter_secrets thing on RequestObject17:12
ccneillbut we can't do that for fuzzing x-auth-token unless we build some logic into the fuzzer to specifically add it whenever the variable being fuzzed is NOT x-auth-token17:12
unrahulI think we can request a token for a  few mintues.. or something17:13
unrahuland do our stuff..17:13
unrahul?17:13
ccneillhmmm.. I don't think we want to tie it to that, then we have a race condition whenever a syntribos job runs17:14
ccneilland we have to predict how long a run will last17:14
ccneill><17:14
unrahulI shall mod the patch I guess.. somehow :o..  .. I was working on rolling our own and browne  told me about this awesome package (oslo.utils) .. so I was like, cool will use that instead17:14
unrahulso what are our assumptions.. and logging options u think is req.. ?17:14
ccneillI'll comment on the CR in a sec17:15
unrahul+117:15
*** diazjf has joined #openstack-security17:16
*** rcernin has quit IRC17:22
*** blackdiaamond has quit IRC17:49
*** sdake_ has quit IRC18:02
*** diazjf has quit IRC18:03
mdong_ccneill: I know this is all super nitpicky stuff18:04
mdong_but if I change payload_dir and exclude_results to payload-dir and exclude-results18:05
mdong_then those options in the config options will be inconsistent with the rest of the config file18:05
mdong_so under [syntribos] we’ll have payload-dir, but under [logger], we’ll have log_dir18:06
mdong_so basically it’s a straight choice between being inconsistent with the rest of the config file and being inconsistent with the rest of our CLI options18:06
*** mdong_ is now known as mdong18:07
*** tkelsey has joined #openstack-security18:36
*** aastha has quit IRC18:37
*** tkelsey has quit IRC18:41
*** knangia has quit IRC18:51
*** zul has quit IRC18:51
*** dikonoor has quit IRC18:56
*** markvoelker has quit IRC18:57
ccneillmdong: >< yeah, I realized that.. I just think it will be annoying to remember which ones are which18:58
ccneillbut it's not a big deal - we can leave it alone for now18:59
ccneillto avoid the trouble of having to re-do the docs/configs/etc.18:59
*** markvoelker has joined #openstack-security19:00
*** browne has quit IRC19:09
*** salv-orlando has quit IRC19:10
*** knangia has joined #openstack-security19:10
mdongcool, so I’ve also been thinking about the other comment you had about counting excluded tests19:19
mdongso basically counting the number of issues that were skipped is pretty trivial, but there can of course be many duplicate issues19:19
mdonghence why the formatter creates an entirely new data structure just to count the issues, to remove duplicates19:20
mdongso we could have another separate data structure to remove duplicates from the count of excluded issues as well19:22
mdongwhich is fine, but that’s just wasted work for data that’s basically just thrown away19:22
ccneillagreed..19:22
ccneill:/19:22
mdongso I was thinking, we could just not test for the issues we exclude19:23
ccneillmmm that could get tricky19:23
ccneillunfortunately we have to start testing on Monday and I don't think we'll have much time for big changes like this for a little while at least19:23
mdongif we don’t care about reporting them, why do we care about running them? of course this is a more involved change19:23
mdongyeah19:23
ccneillright, I agree19:24
ccneillI think we have some work to do around convenience methods for running checks19:24
ccneillwe were also planning on removing "500_errors" as a distinct type of issue19:24
ccneillor at least were discussing that possibility19:24
ccneillsince we want to push the checks to the tests themselves instead of having a "check_default_issues" method in base_fuzz19:25
mdongso for this change at least, what did you wanna do? We could just leaving the counting as is and then come back later to skip checks from being run19:25
ccneillyep ^19:26
ccneillI think we'll revisit in the future19:26
mdongsounds good19:26
ccneillwe'll see what we get from our testing starting on Monday19:26
ccneilland if it turns out that we reeeeeeeally need this, we'll try to make time for it19:26
mdongI don’t think I need to have another patch up for that CR then19:26
ccneillnope, I'll +119:26
mdongsounds good, I’ll put that as a backlog card19:29
*** browne has joined #openstack-security19:31
openstackgerritAastha Dixit proposed openstack/syntribos: Buffer Overflow data file dependency is removed  https://review.openstack.org/36055819:31
*** aastha has joined #openstack-security19:33
ccneillmdong: good call19:36
*** ISBEL has joined #openstack-security19:54
*** jraim has quit IRC20:02
*** singlethink has quit IRC20:02
*** aimeeu has quit IRC20:04
*** serverascode has quit IRC20:04
*** singlethink has joined #openstack-security20:05
ISBELhola dime tu nombre real20:26
*** jraim has joined #openstack-security20:35
*** ISBEL has quit IRC20:36
*** serverascode has joined #openstack-security20:42
*** gmurphy has quit IRC20:43
*** edtubill has quit IRC20:50
*** sdake has joined #openstack-security21:02
*** salv-orlando has joined #openstack-security21:03
*** cleong has quit IRC21:07
*** aimeeu has joined #openstack-security21:09
*** salv-orl_ has joined #openstack-security21:18
*** salv-orlando has quit IRC21:20
*** gmurphy has joined #openstack-security21:25
*** gmurphy has quit IRC21:32
*** gmurphy has joined #openstack-security21:33
*** mvaldes has quit IRC21:56
*** sdake_ has joined #openstack-security22:01
*** sdake has quit IRC22:03
*** mdong has quit IRC22:05
*** mdong_ has joined #openstack-security22:05
openstackgerritRahul U Nair proposed openstack/syntribos: patch to sanitize debug log  https://review.openstack.org/36012722:24
*** austin987 has joined #openstack-security22:26
openstackgerritRahul U Nair proposed openstack/syntribos: patch to sanitize debug log  https://review.openstack.org/36012722:28
openstackgerritMichael Dong proposed openstack/syntribos: Revamped results schema  https://review.openstack.org/36150722:30
*** austin987 has quit IRC22:32
unrahulccneill: u there?22:33
*** austin987 has joined #openstack-security22:36
ccneillyep, sup22:43
unrahuli  have uploaded the patch22:44
*** edmondsw has quit IRC22:44
unrahulbut still we are not sure on what do for tokens22:44
unrahulryt22:44
*** elmiko is now known as _elmiko22:44
unrahulshould we sanitize the token.. or..not.?22:44
unrahulas we would be fuzzing the token as well..22:44
ccneillright22:45
ccneilllet's not worry about it right now22:45
ccneillwe want to be ready for Monday, and I think we want to at least be filtering out Keystone passwords by then22:45
ccneillbut we'll figure out x-auth-tokens when we have time22:45
openstackgerritMichael Dong proposed openstack/syntribos: Revamped results schema  https://review.openstack.org/36150722:46
ccneilllooks like Jenkins -1'd for a pep8 thing in a docstring http://logs.openstack.org/27/360127/7/check/gate-syntribos-pep8-ubuntu-xenial/ab5e1db/console.html#_2016-08-26_22_32_23_77692222:46
*** singlethink has quit IRC22:46
unrahulah crap. let me check22:47
*** austin987 has quit IRC22:50
openstackgerritRahul U Nair proposed openstack/syntribos: patch to sanitize debug log  https://review.openstack.org/36012722:51
openstackgerritAastha Dixit proposed openstack/syntribos: Buffer Overflow data file dependency is removed  https://review.openstack.org/36055822:56
openstackgerritRahul U Nair proposed openstack/syntribos: patch to sanitize debug log  https://review.openstack.org/36012722:57
*** salv-orl_ has quit IRC23:00
openstackgerritMichael Dong proposed openstack/syntribos: Revamped results schema  https://review.openstack.org/36150723:00
openstackgerritMichael Dong proposed openstack/syntribos: Added config file improvements  https://review.openstack.org/35885623:00
*** serverascode has quit IRC23:01
*** aimeeu has quit IRC23:01
*** jraim has quit IRC23:09
*** serverascode has joined #openstack-security23:20
unrahulhey ccneill  jenkins gave a +1 phew ..23:22
ccneillnice23:23
ccneilllooking it over now23:24
ccneillabout to pack up for the weekend23:24
unrahulyeah.. tired.. need to hit some place.. have some food..haa Friday..23:26
ccneillyep yep23:27
*** aimeeu has joined #openstack-security23:32
ccneillmade some comments.. don't worry about them right now if you're about to head out - we'll revisit on Monday23:32
unrahulyup.. just saw those ccneill , i shall upload a patch later.. then.. see u guys on monday..23:33
ccneillo/ have a good weekend!23:34
unrahulyup u too!23:35
*** amit213 has quit IRC23:37
openstackgerritMichael Dong proposed openstack/syntribos: Revamped results schema  https://review.openstack.org/36150723:38
*** amit213 has joined #openstack-security23:40
*** mdong_ has quit IRC23:43
*** aimeeu has quit IRC23:46
*** serverascode has quit IRC23:46
« Thursday, 2016-08-25 Index Saturday, 2016-08-27 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!