[JIRA] [github-plugin] (JENKINS-33974) Add option to verify "secret" token

5 views
Skip to first unread message

leandro.lucarella@sociomantic.com (JIRA)

unread,
Apr 1, 2016, 5:57:01 AM4/1/16
to jenkinsc...@googlegroups.com
Leandro Lucarella created an issue
 
Jenkins / Improvement JENKINS-33974
Add option to verify "secret" token
Issue Type: Improvement Improvement
Assignee: Kirill Merkushev
Components: github-plugin
Created: 2016/Apr/01 9:56 AM
Labels: security
Priority: Major Major
Reporter: Leandro Lucarella

For security reasons, it's quite important for this plugin to support an option to verify a "secret" token. This option was added some time ago, you basically configure a "secret" in the GitHub webhook end, so you know the requests you are receiving is really from GitHub. The GitHub Pull Request Builder plugin (ghprb) already supports it. It would be great if this plugin add support too.
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265)
Atlassian logo

emanuelez@java.net (JIRA)

unread,
Sep 26, 2016, 8:44:01 AM9/26/16
to jenkinsc...@googlegroups.com
emanuelez commented on Improvement JENKINS-33974
 
Re: Add option to verify "secret" token

It looks like this is the root cause of JENKINS-36121 so I think it's pretty urgent. It makes the Github Organization Folder plugin spam the Github API easily reaching the 5000 calls per hour limit.
This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)
Atlassian logo

gentoo.integer@gmail.com (JIRA)

unread,
Dec 11, 2016, 7:54:01 PM12/11/16
to jenkinsc...@googlegroups.com

CloudBees plugin uses separate connector, so there is no relation. Please report branchsource/orgfolder issues to CloudBees.

For secret verification some repository should created trigger and then send ping event. When global configuration configured there is no any repositories that could be used for testing. You can call re-register all hooks and then check mange jenkins page that will have report in case of failed hooks creation. But maybe it doesn't check with ping event that hook succesfully configured...

jglick@cloudbees.com (JIRA)

unread,
Apr 29, 2020, 11:37:05 AM4/29/20
to jenkinsc...@googlegroups.com
Jesse Glick resolved as Fixed
 
Change By: Jesse Glick
Status: Open Resolved
Resolution: Fixed
Released As: https://github.com/jenkinsci/github-plugin/releases/tag/v1.21.0
This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages