Bug 621107: [SECURITY] Sanity checking lacks CSRF protection

r=dkl a=LpSolit

Bug 621107: [SECURITY] Sanity checking lacks CSRF protection
f6c4abda · Frédéric Buclin · 4ab5bc9f · f6c4abda · f6c4abda · f6c4abda
Commit f6c4abda authored Jan 24, 2011 by Frédéric Buclin
4 changed files
--- a/extensions/Example/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl
+++ b/extensions/Example/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl
@@ -27,7 +27,8 @@
    <a href="editusers.cgi?id=[% userid FILTER none %]">Edit this user</a>.
  [% END %]
 [% ELSIF san_tag == "example_check_au_user_prompt" %]
-  <a href="sanitycheck.cgi?example_repair_au_user=1">Fix these users</a>.
+  <a href="sanitycheck.cgi?example_repair_au_user=1&amp;token=
+     [%- issue_hash_token(['sanitycheck']) FILTER uri %]">Fix these users</a>.
 [% ELSIF san_tag == "example_repair_au_user_start" %]
  <em>EXAMPLE PLUGIN</em> - OK, would now make users Australian.
 [% ELSIF san_tag == "example_repair_au_user_end" %]

--- a/extensions/Voting/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl
+++ b/extensions/Voting/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl
@@ -19,7 +19,8 @@
  #%]

 [% IF san_tag == "voting_cache_rebuild_fix" %]
-    <a href="sanitycheck.cgi?rebuild_vote_cache=1">Click here to
+    <a href="sanitycheck.cgi?rebuild_vote_cache=1&amp;token=
+       [%- issue_hash_token(['sanitycheck']) FILTER uri %]">Click here to
    rebuild the vote cache</a>

 [% ELSIF san_tag == "voting_cache_alert" %]

--- a/sanitycheck.cgi
+++ b/sanitycheck.cgi
@@ -35,6 +35,7 @@ use Bugzilla::Error;
 use Bugzilla::Hook;
 use Bugzilla::Util;
 use Bugzilla::Status;
+use Bugzilla::Token;

 ###########################################################################
 # General subs
@@ -79,6 +80,15 @@ if (Bugzilla->usage_mode == USAGE_MODE_CMDLINE) {
 }
 else {
    $template = Bugzilla->template;
+
+    # Only check the token if we are running this script from the
+    # web browser and a parameter is passed to the script.
+    # XXX - Maybe these two parameters should be deleted once logged in?
+    $cgi->delete('GoAheadAndLogIn', 'Bugzilla_restrictlogin');
+    if (scalar($cgi->param())) {
+        my $token = $cgi->param('token');
+        check_hash_token($token, ['sanitycheck']);
+    }
 }
 my $vars = {};


--- a/template/en/default/admin/sanitycheck/messages.html.tmpl
+++ b/template/en/default/admin/sanitycheck/messages.html.tmpl
@@ -34,7 +34,8 @@
    [% errortext FILTER html %]: [% INCLUDE bug_list badbugs = badbugs %]

  [% ELSIF san_tag == "bug_check_repair" %]
-    <a href="sanitycheck.cgi?[% param FILTER uri %]=1">[% text FILTER html %]</a>.
+    <a href="sanitycheck.cgi?[% param FILTER uri %]=1&amp;token=
+       [%- issue_hash_token(['sanitycheck']) FILTER uri %]">[% text FILTER html %]</a>.

  [% ELSIF san_tag == "bug_check_creation_date" %]
    Checking for [% terms.bugs %] with no creation date (which makes them invisible).
@@ -136,11 +137,13 @@
    [% END %]

  [% ELSIF san_tag == "cross_check_attachment_has_references" %]
-    <a href="sanitycheck.cgi?remove_invalid_attach_references=1">Remove
+    <a href="sanitycheck.cgi?remove_invalid_attach_references=1&amp;token=
+       [%- issue_hash_token(['sanitycheck']) FILTER uri %]">Remove
    invalid references to non existent attachments.</a>

  [% ELSIF san_tag == "cross_check_bug_has_references" %]
-    <a href="sanitycheck.cgi?remove_invalid_bug_references=1">Remove
+    <a href="sanitycheck.cgi?remove_invalid_bug_references=1&amp;token=
+       [%- issue_hash_token(['sanitycheck']) FILTER uri %]">Remove
    invalid references to non existent [% terms.bugs %].</a>

  [% ELSIF san_tag == "double_cross_check_to" %]
@@ -186,7 +189,8 @@
    [%+ PROCESS bug_link bug_id = bug_id %].

  [% ELSIF san_tag == "flag_fix" %]
-    <a href="sanitycheck.cgi?remove_invalid_flags=1">Click
+    <a href="sanitycheck.cgi?remove_invalid_flags=1&amp;token=
+       [%- issue_hash_token(['sanitycheck']) FILTER uri %]">Click
    here to delete invalid flags</a>

  [% ELSIF san_tag == "group_control_map_entries_creation" %]
@@ -250,7 +254,8 @@
    half an hour: [% INCLUDE bug_list badbugs = badbugs %]

  [% ELSIF san_tag == "unsent_bugmail_fix" %]
-    <a href="sanitycheck.cgi?rescanallBugMail=1">Send these mails</a>.
+    <a href="sanitycheck.cgi?rescanallBugMail=1&amp;token=
+       [%- issue_hash_token(['sanitycheck']) FILTER uri %]">Send these mails</a>.

  [% ELSIF san_tag == "whines_obsolete_target_deletion_start" %]
    OK, now removing non-existent users/groups from whines.
@@ -268,7 +273,8 @@
    [% END %]

  [% ELSIF san_tag == "whines_obsolete_target_fix" %]
-    <a href="sanitycheck.cgi?remove_old_whine_targets=1">Click here to
+    <a href="sanitycheck.cgi?remove_old_whine_targets=1&amp;token=
+       [%- issue_hash_token(['sanitycheck']) FILTER uri %]">Click here to
    remove old users/groups</a>

  [% ELSE %]