[land-bot] Fix a bug where the unencrypted CONDUIT_TOKEN could be logged by subshells
ClosedPublic
Actions

Authored by jasonbcox on May 1 2020, 21:29.

Details

Reviewers

Group Reviewers

Restricted Project

Commits

rSTAGING6417e4a81988: [land-bot] Fix a bug where the unencrypted CONDUIT_TOKEN could be logged by…
rABC6417e4a81988: [land-bot] Fix a bug where the unencrypted CONDUIT_TOKEN could be logged by…

Summary

The caller provides their Conduit token so that land-bot can land the change as them.
Since this token is secret, we need to ensure it cannot be accidentally logged by subshells.

This also prevents malicious patches from stealing CONDUIT_TOKEN, though there's unlikely to
be a realizable attack vector here since the token is supplied by the caller in the first place.

Test Plan

First, see D5930 for reference.

CONDUIT_TOKEN=my-secret-token ./land-patch --dry-run -r D5930

Pre-patch, observe this output in the log:

+ echo my-secret-token

Post-patch, observe this output in the log:

CONDUIT_TOKEN: unbound variable

Diff Detail

Repository

rABC Bitcoin ABC

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jasonbcox created this revision.May 1 2020, 21:29

Herald added a reviewer: Restricted Project. · View Herald TranscriptMay 1 2020, 21:29

Build Bitcoin-ABC / Diffs / Diff Testing (build-diff) started.

jasonbcox edited the test plan for this revision. (Show Details)May 1 2020, 21:29

Build Bitcoin-ABC / Diffs / Diff Testing (build-diff) passed.

Harbormaster completed remote builds in B10547: Diff 19355.May 1 2020, 21:44

Fabien accepted this revision.May 2 2020, 13:55

This revision is now accepted and ready to land.May 2 2020, 13:55

Closed by commit rABC6417e4a81988: [land-bot] Fix a bug where the unencrypted CONDUIT_TOKEN could be logged by… (authored by jasonbcox). · Explain WhyMay 4 2020, 15:51

This revision was automatically updated to reflect the committed changes.

jasonbcox added a commit: rABC6417e4a81988: [land-bot] Fix a bug where the unencrypted CONDUIT_TOKEN could be logged by….

jasonbcox added a commit: rSTAGING6417e4a81988: [land-bot] Fix a bug where the unencrypted CONDUIT_TOKEN could be logged by….May 5 2020, 19:18

Revision Contents
Changeset List

Path

Size

contrib/

source-control-tools/

land-patch.sh

2 lines

Diff 19403

View Options

contrib/source-control-tools/land-patch.sh

[land-bot] Fix a bug where the unencrypted CONDUIT_TOKEN could be logged by subshellsClosedPublicActions