Page MenuHomePhabricator
Create Task
Maniphest T212794

jenkins vulnerability checker is hitting ratelimits
Closed, DuplicatePublic
Actions

Description

For example: https://integration.wikimedia.org/ci/blue/organizations/jenkins/php-composer-security-docker/detail/php-composer-security-docker/1171/pipeline

Its resulting in a lot of spam to security-team mailing list.

Related Objects

Event Timeline

Bawolff created this task.Jan 2 2019, 5:18 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 2 2019, 5:18 PM
hashar subscribed.Jan 2 2019, 5:39 PM

which rate limit?

Legoktm added a comment.Jan 3 2019, 1:09 AM

Sorry, I was going to re-implement this as part of T206442: security.sensiolabs.org is shutting down at the end of October 2018 but ran out of time. Will work on it this week.

hashar added a comment.Jan 3 2019, 8:50 AM

Ah eventually:

+ curl -i -H 'Accept: text/plain' https://security.sensiolabs.org/check_lock -F lock=@composer.lock
HTTP/2 429 
ratelimit-limit: 1800
ratelimit-remaining: 0
Rate limit exceeded

Which was not obvious from the console log... Marking as a dupe of T206442.

hashar closed this task as a duplicate of T206442: security.sensiolabs.org is shutting down at the end of October 2018.Jan 3 2019, 8:50 AM
sbassett moved this task from Incoming to Our Part Is Done on the Security-Team board.Jun 11 2019, 6:19 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL