Closed Bug 679480 Opened 14 years ago Closed 14 years ago

Security review for gofaster dashboard

Categories

(mozilla.org :: Security Assurance: Applications, task, P3)

Product:
mozilla.org
Component:
Security Assurance: Applications
Platform:
x86_64
Linux
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: wlach, Assigned: rforbes)

Details

(Whiteboard: [completed secreview])

1. A quick intro to what this app does. Provides a web-based dashboard of test and build execution times of mozilla-central 2. Where is the source code located? Currently https://github.com/wlach/gofaster_dashboard 3. Is there a stage server running that we can also test against? If so, please indicate what machine the web server is running on. It is currently running on http://brasstacks.mozilla.com/gofaster/ (note that this site went up before the new security policy was put into place) 4. Where would you like the bugs filed in bugzilla? Please specify the product, component and if anyone specific should be copied on the bugs. Testing:Infrastructure. You may copy me (wlachance@mozilla.com) on any bugs, as I'm the inheritor of this particular block of code (although I didn't write the original version). :) 5. Please describe if this app will be connecting to any internal or external services or if it is able to interact with the OS. Aside from a few things going on client-side, the app itself should only be connecting to a single server for the purpose of getting a CSV data feed (once daily, via a cron job): http://build.mozilla.org Please see: https://github.com/wlach/gofaster_dashboard/blob/master/server/scripts/fetch-and-process-csv.sh 6. Does this app support logins or multiple roles? If so, we'll need test accounts created for each available role. No. 7. What is the worst case scenario that could happen with this system, data or connected systems? (This is used to help understand the criticality of this server.) The biggest risk would be that it would be able to access other services/software/data deployed on the brasstacks. 8. Does this website contain an administration page? If so, have the admin page blockers (listed here) all been addressed? No administration page (and none are planned) 9. This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review? My feeling is that this has low urgency. It's a pretty simple piece of software, relatively unconnected to the rest of mozilla.
Assignee: infrasec → rforbes
Ping. Any update on this?
We're scheduling out reviews for this quarter. This will have a scheduled review date and will be addressed.
Priority: -- → P3
ok, this looks good. you are good to go.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Whiteboard: [pending secreview] → [completed secreview]
You need to log in before you can comment on or make changes to this bug.