38676
49%
master: 63%

Ran 19 Aug 2016 04:05PM UTC

Jobs 7

Files 2939

Run time 144min

Badge

Embed ▾

pending completion

Build # 38676

Build Type

push

travis-ci

Committed by root

Commit Message

Merge branch 'fix_expr_cve' into '5.6.z'

Filter input from custom searches

In custom built searches it's possible to submit unfiltered string values into fields that expect integers. These values make their way through `eval` allowing for arbitrary Ruby code execution.

Addresses CVE-2016-5383 and
https://bugzilla.redhat.com/show_bug.cgi?id=1353722

Discovered while investigating this BZ:
https://bugzilla.redhat.com/show_bug.cgi?id=1349429

Thanks to @twade (Tim Wade)

/cc @obarenbo @jfrey

See merge request !1024

Run Details

87232 of 243852 relevant lines covered (35.77%)

154.23 hits per line

Jobs

ID	Job ID	Ran	Coverage
1	38676.1 (2.2.5, TEST_SUITE=vmdb)	19 Aug 2016 04:49PM UTC	57.33	Travis Job 38676.1
2	38676.2 (2.2.5, TEST_SUITE=automation)	19 Aug 2016 04:11PM UTC	8.31	Travis Job 38676.2
3	38676.3 (2.2.5, TEST_SUITE=migrations)	19 Aug 2016 04:09PM UTC	2.09	Travis Job 38676.3
5	38676.5 (2.2.5, TEST_SUITE=replication)	19 Aug 2016 04:06PM UTC	3.49	Travis Job 38676.5
6	38676.6 (2.2.5, GEM=pending)	19 Aug 2016 04:07PM UTC	59.33	Travis Job 38676.6
8	38676.8 (2.2.5, GEM=manageiq_foreman)	19 Aug 2016 04:05PM UTC	92.8	Travis Job 38676.8
9	38676.9 (2.2.5, TEST_SUITE=manageiq-providers-amazon)	19 Aug 2016 04:06PM UTC	7.23	Travis Job 38676.9

Source Files on build 38676

Detailed source file information is not available for this build.

ManageIQ / manageiq / 38676
49%
master: 63%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 38676

ManageIQ / manageiq / 38676 49% master: 63%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 38676

ManageIQ / manageiq / 38676
49%
master: 63%

README BADGES
x