User Details
- User Since
- May 19 2015, 9:05 PM (502 w, 4 d)
- Roles
- Disabled
- IRC Nick
- dapatrick
- LDAP User
- Unknown
- MediaWiki User
- DPatrick (WMF) [ Global Accounts ]
Jan 7 2019
Dec 14 2017
Dec 13 2017
Dec 6 2017
Nov 28 2017
Nov 22 2017
I like this idea, as Moritz laid it out above. I think this would make sense moving forward, and fits well with the release improvment project, as releases could be signed by the Jenkins instance.
Approved!
Many apologies for the delay here. I reviewed this back in June, failed to add my notes, then re-reviewed last week due to code changes since the last time I looked at it. I found no issues while reviewing this library. I checked for the following:
- XSS via unescaped input or failure to maintain escaping (via mustache interpolation, v-model, static data, etc.)
- Resource consumption/DoS
- Template expression injection at runtime from user-controlled data
Nov 21 2017
Just following up on some lingering security reviews. I know that this service has been deployed. Do we have appropriate firejail and iptables rules in place now to restrict egress?
Nov 14 2017
Nov 8 2017
Nov 1 2017
Oct 31 2017
This review is complete. Basic concerns such as system i/o (very limited) and shell execution (none) were found to be safe. Encryption implementation was not reviewed since we won't be using that portion of the code. My main concerns would lie with code execution or denial of service (a la https://github.com/pmaupin/pdfrw/issues/92) via malicious PDF input, however, the fact that this will run in a closed ecosystem (in which input originates only from a system we control) mitigates those concerns.
I checked out the WIP ppg code in the description of T171960 and I'm wondering whether that will be invoked by the Node service (T177765), returning a ready-to-read PDF which has ToC, page numbers, etc., or will the Node service just render an article which will then be post-processed (adding ToC, page numbers, etc.) separately? I'm asking to ascertain whether the script which will use pdfrw will be firejailed. This question is not a blocker. I'm just curious.
Oct 25 2017
Oct 18 2017
Oct 12 2017
@phuedx, do you mind updating the description to note why Electron needs to be replaced and what problems have been observed? Thanks!
Displaying stacktraces/detailed error messages is generally considered an insecure deployment pattern in web application security. I think I understand the logic for wanting to do so, however I don't support it, despite our redaction of arguments. My concern is that that redaction may somehow fail in a critical way, resulting in unintentional exposure of data beyond that which can be gathered by nature of the openness of our project.
Oct 4 2017
Discussed on 2017-10-04 and approved.
Discussed on 2017-10-04 and approved.
Sep 29 2017
Sep 28 2017
Sep 20 2017
Sep 6 2017
Aug 31 2017
Aug 30 2017
Approved.
@K4-713, you will need to have two factor enabled for Phabricator. Can you verify that it is enabled?
Aug 25 2017
Aug 17 2017
FWIW, I support stating clearly at sign-up time that origin IP addresses are not private when using labs/toolforge. I don't believe we have the resources to fully lockdown all mechanisms of accessing this information, as @bd808 mentions above.
@DStrine, can mitigation work for this issue be added to the workboard for @AndyRussG and @awight?
Sorry for the delay @Jalexander. The team discussed and approved this weeks ago, but I forgot say son on the ticket. Approved!
Jul 26 2017
Hi all. @Jalexander, @Kbrown can you confirm than Karen has completed either an employee or volunteer NDA?