MozillaWiki

Security/Reviews/BZ Elastic Search

< Security‎ | Reviews
Revision as of 19:44, 20 November 2013 by Curtisk (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Please use "Edit with form" above to edit this page.

Item Reviewed

Store Bugzilla data in public ElasticSearch
Target

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);

https://wiki.mozilla.org/Auto-tools/Projects/PublicES#SecReview_.2820_November_2013.2C_incomplete.29 Achitecture.png Python code has been written that is responsible for

  • Extracting data directly from Bugzilla's database,
  • Transforming it to time-series data cube, and
  • Loading into publicly accessible ElasticSearch

The known complications are:

  • Private bugs must not be included, and the history on those bugs must be removed from the historical record in ElasticSearch.
  • Private comments and private attachments must similarly be removed from the historical record.

Additional Information: About: https://wiki.mozilla.org/Auto-tools/Projects/PublicES

Code: https://github.com/klahnakoski/Bugzilla-ETL

{{#set:SecReview name=Store Bugzilla data in public ElasticSearch

|SecReview target=

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);

https://wiki.mozilla.org/Auto-tools/Projects/PublicES#SecReview_.2820_November_2013.2C_incomplete.29 Achitecture.png Python code has been written that is responsible for

  • Extracting data directly from Bugzilla's database,
  • Transforming it to time-series data cube, and
  • Loading into publicly accessible ElasticSearch

The known complications are:

  • Private bugs must not be included, and the history on those bugs must be removed from the historical record in ElasticSearch.
  • Private comments and private attachments must similarly be removed from the historical record.

Additional Information: About: https://wiki.mozilla.org/Auto-tools/Projects/PublicES Code: https://github.com/klahnakoski/Bugzilla-ETL }}

Introduce the Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

What solutions/approaches were considered other than the proposed solution?

  • Tried to publicize the existing ES cluster information (private bugs with no comments or summary), but there was concern the CC list may reveal the bug's security category (https://bugzilla.mozilla.org/show_bug.cgi?id=823303)
  • Using the BZ-API directly requires sophisticated caching, which appears to stall attempts at making snappy dashboards.

Why was this solution chosen?

Any security threats already considered in the design and why?

Threat Brainstorming

  • Elastic Search index tampering (delete, rename, etc)
  • ES Script injection (MVEL)
  • DOS
  • Bugs that are changed from public to private (aka, how often is data refreshed?)
  • Data exfiltration via bug posting

{{#set: SecReview feature goal=*dashboards

|SecReview alt solutions=* Tried to publicize the existing ES cluster information (private bugs with no comments or summary), but there was concern the CC list may reveal the bug's security category (https://bugzilla.mozilla.org/show_bug.cgi?id=823303)

  • Using the BZ-API directly requires sophisticated caching, which appears to stall attempts at making snappy dashboards.

|SecReview solution chosen=* ElasticSearch is very fast

|SecReview threats considered=* Private bug data leaking into public cluster

|SecReview threat brainstorming=* Elastic Search index tampering (delete, rename, etc)

  • ES Script injection (MVEL)
  • DOS
  • Bugs that are changed from public to private (aka, how often is data refreshed?)
  • Data exfiltration via bug posting

}}

Action Items

Action Item Status None
Release Target `
Action Items
'

{{#set:|SecReview action item status=None

|Feature version=` |SecReview action items=` }}

Retrieved from "https://wiki.allizom.org/index.php?title=Security/Reviews/BZ_Elastic_Search&oldid=767151"