You are viewing a plain text version of this content. The canonical link for it is here.

Posted to infrastructure-issues@apache.org by "Jonathan Ellis (JIRA)" <ji...@apache.org> on 2010/04/16 17:28:25 UTC

[jira] Created: (INFRA-2623) SOAP access to jira is broken post-hack

SOAP access to jira is broken post-hack
---------------------------------------

                 Key: INFRA-2623
                 URL: https://issues.apache.org/jira/browse/INFRA-2623
             Project: Infrastructure
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: JIRA
            Reporter: Jonathan Ellis


We use SOAP to automate patch upload/download, e.g. http://github.com/eevans/git-jira-attacher

Since the hack we're getting

SOAPpy.Errors.HTTPError: <HTTPError 302 Found>

What is bizarre is that it seems to be 302-ing to the same location that was originally requested.


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Commented: (INFRA-2623) SOAP access to jira is broken post-hack

Posted by "David Reiss (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/INFRA-2623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12861069#action_12861069 ] 

David Reiss commented on INFRA-2623:
------------------------------------

Jonathan, are you sure HTTPS was being used for the actual soap calls?  I think I am running into the same issue as Erik.  When I ran my version of the script, I saw the wsdl being downloaded over https (from <https://issues.apache.org/jira/rpc/soap/jirasoapservice-v2?wsdl>), but the urls embedded in that document are all http, and the soap calls are made to those urls.  Then the redirect is to https.  Is there any chance of changing the wsdl to point to the https urls?  Otherwise, some hackery might be required to get SOAPpy to always use https.

> SOAP access to jira is broken post-hack
> ---------------------------------------
>
>                 Key: INFRA-2623
>                 URL: https://issues.apache.org/jira/browse/INFRA-2623
>             Project: Infrastructure
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: JIRA
>            Reporter: Jonathan Ellis
>
> We use SOAP to automate patch upload/download, e.g. http://github.com/eevans/git-jira-attacher
> Since the hack we're getting
> SOAPpy.Errors.HTTPError: <HTTPError 302 Found>
> What is bizarre is that it seems to be 302-ing to the same location that was originally requested.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (INFRA-2623) SOAP access to jira is broken post-hack

Posted by "Jonathan Ellis (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/INFRA-2623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12861074#action_12861074 ] 

Jonathan Ellis commented on INFRA-2623:
---------------------------------------

Ah, that sounds reasonable.  I probably mis-diagnosed what was happening on my end.

> SOAP access to jira is broken post-hack
> ---------------------------------------
>
>                 Key: INFRA-2623
>                 URL: https://issues.apache.org/jira/browse/INFRA-2623
>             Project: Infrastructure
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: JIRA
>            Reporter: Jonathan Ellis
>
> We use SOAP to automate patch upload/download, e.g. http://github.com/eevans/git-jira-attacher
> Since the hack we're getting
> SOAPpy.Errors.HTTPError: <HTTPError 302 Found>
> What is bizarre is that it seems to be 302-ing to the same location that was originally requested.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (INFRA-2623) SOAP access to jira is broken post-hack

Posted by "#asfinfra IRC Bot (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/INFRA-2623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12861190#action_12861190 ] 

#asfinfra IRC Bot commented on INFRA-2623:
------------------------------------------

<joes4> this might be relevant: http://jira.atlassian.com/browse/JRA-10849


> SOAP access to jira is broken post-hack
> ---------------------------------------
>
>                 Key: INFRA-2623
>                 URL: https://issues.apache.org/jira/browse/INFRA-2623
>             Project: Infrastructure
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: JIRA
>            Reporter: Jonathan Ellis
>
> We use SOAP to automate patch upload/download, e.g. http://github.com/eevans/git-jira-attacher
> Since the hack we're getting
> SOAPpy.Errors.HTTPError: <HTTPError 302 Found>
> What is bizarre is that it seems to be 302-ing to the same location that was originally requested.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (INFRA-2623) SOAP access to jira is broken post-hack

Posted by "#asfinfra IRC Bot (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/INFRA-2623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12860107#action_12860107 ] 

#asfinfra IRC Bot commented on INFRA-2623:
------------------------------------------

<joes4> this comment was made with the soap api. sorry i can't reproduce your bug.


> SOAP access to jira is broken post-hack
> ---------------------------------------
>
>                 Key: INFRA-2623
>                 URL: https://issues.apache.org/jira/browse/INFRA-2623
>             Project: Infrastructure
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: JIRA
>            Reporter: Jonathan Ellis
>
> We use SOAP to automate patch upload/download, e.g. http://github.com/eevans/git-jira-attacher
> Since the hack we're getting
> SOAPpy.Errors.HTTPError: <HTTPError 302 Found>
> What is bizarre is that it seems to be 302-ing to the same location that was originally requested.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (INFRA-2623) SOAP access to jira is broken post-hack

Posted by "Gavin (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/INFRA-2623?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Gavin closed INFRA-2623.
------------------------

    Resolution: Invalid

nothing to fix

> SOAP access to jira is broken post-hack
> ---------------------------------------
>
>                 Key: INFRA-2623
>                 URL: https://issues.apache.org/jira/browse/INFRA-2623
>             Project: Infrastructure
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: JIRA
>            Reporter: Jonathan Ellis
>
> We use SOAP to automate patch upload/download, e.g. http://github.com/eevans/git-jira-attacher
> Since the hack we're getting
> SOAPpy.Errors.HTTPError: <HTTPError 302 Found>
> What is bizarre is that it seems to be 302-ing to the same location that was originally requested.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (INFRA-2623) SOAP access to jira is broken post-hack

Posted by "Erik Hatcher (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/INFRA-2623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12857890#action_12857890 ] 

Erik Hatcher commented on INFRA-2623:
-------------------------------------

is this an issue with the wsdl pointing to http?   i've just successfully made SOAP calls after encountering the same 302 and then changing the end-point URL to https instead.

> SOAP access to jira is broken post-hack
> ---------------------------------------
>
>                 Key: INFRA-2623
>                 URL: https://issues.apache.org/jira/browse/INFRA-2623
>             Project: Infrastructure
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: JIRA
>            Reporter: Jonathan Ellis
>
> We use SOAP to automate patch upload/download, e.g. http://github.com/eevans/git-jira-attacher
> Since the hack we're getting
> SOAPpy.Errors.HTTPError: <HTTPError 302 Found>
> What is bizarre is that it seems to be 302-ing to the same location that was originally requested.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Commented: (INFRA-2623) SOAP access to jira is broken post-hack

Posted by "Jonathan Ellis (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/INFRA-2623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12857873#action_12857873 ] 

Jonathan Ellis commented on INFRA-2623:
---------------------------------------

https

> SOAP access to jira is broken post-hack
> ---------------------------------------
>
>                 Key: INFRA-2623
>                 URL: https://issues.apache.org/jira/browse/INFRA-2623
>             Project: Infrastructure
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: JIRA
>            Reporter: Jonathan Ellis
>
> We use SOAP to automate patch upload/download, e.g. http://github.com/eevans/git-jira-attacher
> Since the hack we're getting
> SOAPpy.Errors.HTTPError: <HTTPError 302 Found>
> What is bizarre is that it seems to be 302-ing to the same location that was originally requested.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Commented: (INFRA-2623) SOAP access to jira is broken post-hack

Posted by "Jonathan Ellis (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/INFRA-2623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12857846#action_12857846 ] 

Jonathan Ellis commented on INFRA-2623:
---------------------------------------

(That is, since JIRA was hacked.)

> SOAP access to jira is broken post-hack
> ---------------------------------------
>
>                 Key: INFRA-2623
>                 URL: https://issues.apache.org/jira/browse/INFRA-2623
>             Project: Infrastructure
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: JIRA
>            Reporter: Jonathan Ellis
>
> We use SOAP to automate patch upload/download, e.g. http://github.com/eevans/git-jira-attacher
> Since the hack we're getting
> SOAPpy.Errors.HTTPError: <HTTPError 302 Found>
> What is bizarre is that it seems to be 302-ing to the same location that was originally requested.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Commented: (INFRA-2623) SOAP access to jira is broken post-hack

Posted by "Joe Schaefer (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/INFRA-2623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12896133#action_12896133 ] 

Joe Schaefer commented on INFRA-2623:
-------------------------------------

Should be working now with a bit of 
mod_substitute magic.

> SOAP access to jira is broken post-hack
> ---------------------------------------
>
>                 Key: INFRA-2623
>                 URL: https://issues.apache.org/jira/browse/INFRA-2623
>             Project: Infrastructure
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: JIRA
>            Reporter: Jonathan Ellis
>
> We use SOAP to automate patch upload/download, e.g. http://github.com/eevans/git-jira-attacher
> Since the hack we're getting
> SOAPpy.Errors.HTTPError: <HTTPError 302 Found>
> What is bizarre is that it seems to be 302-ing to the same location that was originally requested.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (INFRA-2623) SOAP access to jira is broken post-hack

Posted by "#asfinfra IRC Bot (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/INFRA-2623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12857849#action_12857849 ] 

#asfinfra IRC Bot commented on INFRA-2623:
------------------------------------------

<joes4> are you using https or http?


> SOAP access to jira is broken post-hack
> ---------------------------------------
>
>                 Key: INFRA-2623
>                 URL: https://issues.apache.org/jira/browse/INFRA-2623
>             Project: Infrastructure
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: JIRA
>            Reporter: Jonathan Ellis
>
> We use SOAP to automate patch upload/download, e.g. http://github.com/eevans/git-jira-attacher
> Since the hack we're getting
> SOAPpy.Errors.HTTPError: <HTTPError 302 Found>
> What is bizarre is that it seems to be 302-ing to the same location that was originally requested.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Commented: (INFRA-2623) SOAP access to jira is broken post-hack

Posted by "#asfinfra IRC Bot (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/INFRA-2623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12861124#action_12861124 ] 

#asfinfra IRC Bot commented on INFRA-2623:
------------------------------------------

<joes4> you mean to tell me jira emits http links in the wsdl even tho it is configured to use https as it's base url?  amazing.  if you want to use a same piece of software there's always bugzilla.


> SOAP access to jira is broken post-hack
> ---------------------------------------
>
>                 Key: INFRA-2623
>                 URL: https://issues.apache.org/jira/browse/INFRA-2623
>             Project: Infrastructure
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: JIRA
>            Reporter: Jonathan Ellis
>
> We use SOAP to automate patch upload/download, e.g. http://github.com/eevans/git-jira-attacher
> Since the hack we're getting
> SOAPpy.Errors.HTTPError: <HTTPError 302 Found>
> What is bizarre is that it seems to be 302-ing to the same location that was originally requested.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.