Launchpad itself

page source shows all feature scopes examined [disclosure leak]

Bug #666765 reported by Robert Collins
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
High
Martin Pool

Bug Description

page footers show all scopes:
' in scopes {'pageid:ProjectGroup:+milestones': False}
 '

however scopes may refer to confidential teams.

Related branches

lp:~mbp/launchpad/666765-features-no-reasons
j.c.sackett (community): Approve
Diff: 193 lines (+86/-6)
6 files modified
lib/canonical/launchpad/webapp/errorlog.py (+36/-3)
lib/lp/app/browser/tests/base-layout.txt (+0/-1)
lib/lp/app/templates/base-layout.pt (+0/-1)
lib/lp/services/features/flags.py (+15/-0)
lib/lp/services/features/tests/test_webapp.py (+29/-1)
utilities/bsondump (+6/-0)
Gary Poster (gary)
Changed in launchpad-foundations:
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
Martin Pool (mbp) wrote :

@lifeless iirc it only lists the scopes that were relevant to determining the active rules for this request. Therefore, once we add a team-based scope (bug 666538), you'll only see it mentioned if you are actually in the relevant team. Since you know about the teams you're in this doesn't seem like a problem.

The risks seem to be:

 * if you paste the page contents to somebody else - but then there are bigger risks
 * if we add a scope that says "not_in_team:super_sekret" then that may be shown to many people

Absent a specific problem I think having it always present is good for debuggability. We could limit it to ~launchpad or similar, but then it may be hard to debug user-specific problems.

tags: added: feature-flags privacy
Revision history for this message
Robert Collins (lifeless) wrote : Re: [Bug 666765] Re: scopes leak in pages

On Wed, Oct 27, 2010 at 3:48 AM, Martin Pool <email address hidden> wrote:
> @lifeless iirc it only lists the scopes that were relevant to
> determining the active rules for this request.  Therefore, once we add a
> team-based scope (bug 666538), you'll only see it mentioned if you are
> actually in the relevant team.  Since you know about the teams you're in
> this doesn't seem like a problem.

It lists too many - the example I gave was from /.

> The risks seem to be:
>
>  * if you paste the page contents to somebody else - but then there are bigger risks
>  * if we add a scope that says "not_in_team:super_sekret" then that may be shown to many people

The second one concerns me greatly.

> Absent a specific problem I think having it always present is good for
> debuggability.  We could limit it to ~launchpad or similar, but then it
> may be hard to debug user-specific problems.

Still, there are tradeoffs to make :)

_Rob

Robert Collins (lifeless)
summary: - scopes leak in pages
+ page source shows all feature scopes examined [disclosure leak]
Changed in launchpad:
importance: Medium → High
Revision history for this message
Martin Pool (mbp) wrote :

What's the constraint here? That we only report scopes that are both relevant and actually active?

If so that should be just a matter of adding an 'if'.

Revision history for this message
Robert Collins (lifeless) wrote : Re: [Bug 666765] Re: page source shows all feature scopes examined [disclosure leak]

Showing only the scopes that matched would be a good step. I'm not
sure if its sufficient, but its clearly better than showing every
consulted scope.

Revision history for this message
Martin Pool (mbp) wrote :

I'll just hide them from the comment altogether; if people need to debug it we can add logging or to the timeline or add it back in conditionally.

Changed in launchpad:
assignee: nobody → Martin Pool (mbp)
status: Triaged → In Progress
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r14512 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/14512>.

tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
Curtis Hovey (sinzui)
tags: added: qa-ok
removed: qa-needstesting
William Grant (wgrant)
Changed in launchpad:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.