Project

General

Profile

Actions

action #119356

open

openqa.opensuse.org login was again redirecting to wrong page due to our javascript code conducting DoS attacks

Added by okurz about 2 years ago. Updated almost 2 years ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
Regressions/Crashes
Target version:
Start date:
2022-10-25
Due date:
% Done:

0%

Estimated time:
Tags:

Description

Motivation

In https://suse.slack.com/archives/C028VS8TM2B/p1666683731354889 fvogt said "Looks like the login on openqa.opensuse.org is broken again, the usual issue that it tries to log into mirrorcache(-br) instead". andriinikitin fixed this but suggested that related to https://github.com/os-autoinst/openQA/pull/4639 we should try to find out why javascript starts DoS at all and "Did you consider that /minion/history may need the same treatment because it is referenced from JS as well https://github.com/mojolicious/minion/blob/main/lib/Mojolicious/Plugin/Minion/resources/templates/minion/dashboard.html.ep#L35"

Acceptance criteria

  • AC1: The code in /minion/history is ensured to not cause DoS attacks

Suggestions

Actions #1

Updated by andriinikitin about 2 years ago

My understanding is that nothing more can be done in openQA to prevent this.
It should be fixed in ipsilon (and maybe in Mojolicious/minion, but I couldn't figure out what can be wrong there).
The issue today happened when I restarted MirrorCache WebUI service while having /minion tab open in browser.
But typically other application can add the same workaround as openQA has, e.g. MirrorCache should have deployed the workaround later today in https://github.com/openSUSE/MirrorCache/commit/9e614f3f90035b0234a554eabb5a4744c395fd37

Actions #2

Updated by okurz almost 2 years ago

  • Tags set to infra
Actions

Also available in: Atom PDF