Github - Require webhook_token It's quite unsafe to run without webhook_token, and quite easy for us to run our tests with a terribly predictable one. This will ensure that nobody accidentally runs a Zuul vulnerable to MITM proxy attacks. Per the link right under the doc we just changed, we also use hmac.compare_digest to prevent timing analysis by malicious attackers which would help them discover the secret. Change-Id: Ie8aa83b81b8e4ef1bb755a664bf416a8663930fa

commit: cf1b74275daa81f2b25020d91d81ee535d633d09 [log] [tgz]
author: Clint Byrum <clint@fewbar.com> Thu Jul 27 17:12:00 2017 -0700
committer: Clint Byrum <clint@fewbar.com> Thu Jul 27 17:26:52 2017 -0700
tree: 733d581549e4b1b71300fe410376d9c0a4d9b4ab
parent: ad2f6773a68e625ab9d389ef4edc632741c7a904 [diff] [blame]
diff --git a/tests/fixtures/zuul-connections-gerrit-and-github.conf b/tests/fixtures/zuul-connections-gerrit-and-github.conf
index 64757d8..04f2cc2 100644
--- a/tests/fixtures/zuul-connections-gerrit-and-github.conf
+++ b/tests/fixtures/zuul-connections-gerrit-and-github.conf

@@ -21,6 +21,7 @@
 
 [connection github]
 driver=github
+webhook_token=00000000000000000000000000000000000000000
 
 [connection outgoing_smtp]
 driver=smtp
commit	cf1b74275daa81f2b25020d91d81ee535d633d09	[log] [tgz]
author	Clint Byrum <clint@fewbar.com>	Thu Jul 27 17:12:00 2017 -0700
committer	Clint Byrum <clint@fewbar.com>	Thu Jul 27 17:26:52 2017 -0700
tree	733d581549e4b1b71300fe410376d9c0a4d9b4ab
parent	ad2f6773a68e625ab9d389ef4edc632741c7a904 [diff] [blame]