Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings
This repository was archived by the owner on Jul 19, 2025. It is now read-only.

Qua 543: hide sensitive information and bump cc-parser version#372

Merged
camillof merged 4 commits intomasterfromQUA-543/hide-sensitive-information
May 5, 2022

Conversation

camillof
Copy link
Contributor

Purpose

NCC Group audit on our system discovered multiple places where we are revealing sensitive information, like messages containing software versions, which an attacker may use this information to aid further attacks, or as a part of a social engineering attack.

In other words: to increase security.

In this case, Ruby deprecation warnings were revealing some versions used:

codeclimate/codeclimate-duplication13Parser process id: 13codeclimate-parser socket not presentwaiting 1s...D, [2022-05-04T13:59:23.882746 #1] DEBUG -- : Processing 0 csharp files concurrency=2/home/app/.rubies/ruby-2.5.1/lib/ruby/gems/2.5.0/gems/concurrent-ruby-1.0.0/lib/concurrent/atomic/mutex_atomic_fixnum.rb:80: warning: constant ::Fixnum is deprecated...

Also, we were printing exceptions backtrace, which also reveals versions:

I, [2022-05-04T18:50:24.607503 #1]  INFO -- : Skipping file ./reports/account_usage_calculator.rb due to exception (RubyParser::SyntaxError): Odd number (2) list for Hash. s(:array, s(:call, nil, :repo_id))/home/app/.rubies/ruby-2.5.1/lib/ruby/gems/2.5.0/gems/ruby_parser-3.11.0/lib/ruby_parser_extras.rb:51:in `syntax_error'/home/app/.rubies/ruby-2.5.1/lib/ruby/gems/2.5.0/gems/ruby_parser-3.11.0/lib/ruby18_parser.rb:5708:in `_reduce_493'/home/app/.rubies/ruby-2.5.1/lib/ruby/2.5.0/racc/parser.rb:259:in `_racc_do_parse_c'/home/app/.rubies/ruby-2.5.1/lib/ruby/2.5.0/racc/parser.rb:259:in `do_parse'/home/app/.rubies/ruby-2.5.1/lib/ruby/gems/2.5.0/gems/ruby_parser-3.11.0/lib/ruby_parser_extras.rb:1082:in `block in process'/home/app/.rubies/ruby-2.5.1/lib/ruby/2.5.0/timeout.rb:93:in `block in timeout'/home/app/.rubies/ruby-2.5.1/lib/ruby/2.5.0/timeout.rb:33:in `block in catch'/home/app/.rubies/ruby-2.5.1/lib/ruby/2.5.0/timeout.rb:33:in `catch'/home/app/.rubies/ruby-2.5.1/lib/ruby/2.5.0/timeout.rb:33:in `catch'/home/app/.rubies/ruby-2.5.1/lib/ruby/2.5.0/timeout.rb:108:in `timeout'/home/app/.rubies/ruby-2.5.1/lib/ruby/gems/2.5.0/gems/ruby_parser-3.11.0/lib/ruby_parser_extras.rb:1070:in `process'/home/app/.rubies/ruby-2.5.1/lib/ruby/gems/2.5.0/gems/ruby_parser-3.11.0/lib/ruby_parser.rb:31:in `block in process'

Description

  • Adding the -W0 flag before the ruby server starts silences the warnings (deprecation warnings) ->Some useful info here
  • Updated bundler version, the older one would raise an error when installing gems while building the docker image.
  • Removed the exception backtrace printing as it discloses too much information.
  • Updated cc-parser base image to version b879

Copy link
Contributor

@f-moyaf-moya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Awesome ✨

Sign up for freeto subscribe to this conversation on GitHub. Already have an account?Sign in.
Reviewers

@f-moyaf-moyaf-moya approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

3 participants
@camillof@f-moya@filipesperandio
[8]ページ先頭
©2009-2025 Movatter.jp