search

progval / Supybot-plugins

Collection of plugins for Supybot/Limnoria I wrote or forked.
https://github.com/ProgVal/Limnoria/
107 stars 63 forks source link

[GitHub] IP mangling if only bindhost is v6 #272

Closed teward closed 9 years ago

teward commented 9 years ago

This sounds like https://github.com/ProgVal/Supybot-plugins/issues/264 again, but it's probably a different bug now. What's odd is that the server is in the ranges defined in the code, but apparently not being recognized.

REQUEST

Headers:

Request URL: http://darkness.dark-net.net:58888/github
Request method: POST
content-type: application/x-www-form-urlencoded
Expect: 
User-Agent: GitHub-Hookshot/e6889cd
X-GitHub-Delivery: 313e0580-db12-11e4-927f-e4f52f0d4748
X-GitHub-Event: push

Payload:

{
  "ref": "refs/heads/master",
  "before": "3be0da044bebcc501dae351b843d1ffcf807e51e",
  "after": "0ec2da76454a5d1374b934672fb3593b2932a6b9",
  "created": false,
  "deleted": false,
  "forced": false,
  "base_ref": null,
  "compare": "https://github.com/teward/testing/compare/3be0da044beb...0ec2da76454a",
  "commits": [
    {
      "id": "0ec2da76454a5d1374b934672fb3593b2932a6b9",
      "distinct": true,
      "message": "Testcommit",
      "timestamp": "2015-04-04T17:33:07-04:00",
      "url": "https://github.com/teward/testing/commit/0ec2da76454a5d1374b934672fb3593b2932a6b9",
      "author": {
        "name": "Thomas Ward",
        "email": "teward@ubuntu.com",
        "username": "teward"
      },
      "committer": {
        "name": "Thomas Ward",
        "email": "teward@ubuntu.com",
        "username": "teward"
      },
      "added": [

      ],
      "removed": [

      ],
      "modified": [
        "README.md"
      ]
    }
  ],
  "head_commit": {
    "id": "0ec2da76454a5d1374b934672fb3593b2932a6b9",
    "distinct": true,
    "message": "Testcommit",
    "timestamp": "2015-04-04T17:33:07-04:00",
    "url": "https://github.com/teward/testing/commit/0ec2da76454a5d1374b934672fb3593b2932a6b9",
    "author": {
      "name": "Thomas Ward",
      "email": "teward@ubuntu.com",
      "username": "teward"
    },
    "committer": {
      "name": "Thomas Ward",
      "email": "teward@ubuntu.com",
      "username": "teward"
    },
    "added": [

    ],
    "removed": [

    ],
    "modified": [
      "README.md"
    ]
  },
  "repository": {
    "id": 33420876,
    "name": "testing",
    "full_name": "teward/testing",
    "owner": {
      "name": "teward",
      "email": "teward@ubuntu.com"
    },
    "private": false,
    "html_url": "https://github.com/teward/testing",
    "description": "testing repo",
    "fork": false,
    "url": "https://github.com/teward/testing",
    "forks_url": "https://api.github.com/repos/teward/testing/forks",
    "keys_url": "https://api.github.com/repos/teward/testing/keys{/key_id}",
    "collaborators_url": "https://api.github.com/repos/teward/testing/collaborators{/collaborator}",
    "teams_url": "https://api.github.com/repos/teward/testing/teams",
    "hooks_url": "https://api.github.com/repos/teward/testing/hooks",
    "issue_events_url": "https://api.github.com/repos/teward/testing/issues/events{/number}",
    "events_url": "https://api.github.com/repos/teward/testing/events",
    "assignees_url": "https://api.github.com/repos/teward/testing/assignees{/user}",
    "branches_url": "https://api.github.com/repos/teward/testing/branches{/branch}",
    "tags_url": "https://api.github.com/repos/teward/testing/tags",
    "blobs_url": "https://api.github.com/repos/teward/testing/git/blobs{/sha}",
    "git_tags_url": "https://api.github.com/repos/teward/testing/git/tags{/sha}",
    "git_refs_url": "https://api.github.com/repos/teward/testing/git/refs{/sha}",
    "trees_url": "https://api.github.com/repos/teward/testing/git/trees{/sha}",
    "statuses_url": "https://api.github.com/repos/teward/testing/statuses/{sha}",
    "languages_url": "https://api.github.com/repos/teward/testing/languages",
    "stargazers_url": "https://api.github.com/repos/teward/testing/stargazers",
    "contributors_url": "https://api.github.com/repos/teward/testing/contributors",
    "subscribers_url": "https://api.github.com/repos/teward/testing/subscribers",
    "subscription_url": "https://api.github.com/repos/teward/testing/subscription",
    "commits_url": "https://api.github.com/repos/teward/testing/commits{/sha}",
    "git_commits_url": "https://api.github.com/repos/teward/testing/git/commits{/sha}",
    "comments_url": "https://api.github.com/repos/teward/testing/comments{/number}",
    "issue_comment_url": "https://api.github.com/repos/teward/testing/issues/comments{/number}",
    "contents_url": "https://api.github.com/repos/teward/testing/contents/{+path}",
    "compare_url": "https://api.github.com/repos/teward/testing/compare/{base}...{head}",
    "merges_url": "https://api.github.com/repos/teward/testing/merges",
    "archive_url": "https://api.github.com/repos/teward/testing/{archive_format}{/ref}",
    "downloads_url": "https://api.github.com/repos/teward/testing/downloads",
    "issues_url": "https://api.github.com/repos/teward/testing/issues{/number}",
    "pulls_url": "https://api.github.com/repos/teward/testing/pulls{/number}",
    "milestones_url": "https://api.github.com/repos/teward/testing/milestones{/number}",
    "notifications_url": "https://api.github.com/repos/teward/testing/notifications{?since,all,participating}",
    "labels_url": "https://api.github.com/repos/teward/testing/labels{/name}",
    "releases_url": "https://api.github.com/repos/teward/testing/releases{/id}",
    "created_at": 1428182629,
    "updated_at": "2015-04-04T21:23:49Z",
    "pushed_at": 1428183191,
    "git_url": "git://github.com/teward/testing.git",
    "ssh_url": "git@github.com:teward/testing.git",
    "clone_url": "https://github.com/teward/testing.git",
    "svn_url": "https://github.com/teward/testing",
    "homepage": null,
    "size": 0,
    "stargazers_count": 0,
    "watchers_count": 0,
    "language": null,
    "has_issues": true,
    "has_downloads": true,
    "has_wiki": true,
    "has_pages": false,
    "forks_count": 0,
    "mirror_url": null,
    "open_issues_count": 0,
    "forks": 0,
    "open_issues": 0,
    "watchers": 0,
    "default_branch": "master",
    "stargazers": 0,
    "master_branch": "master"
  },
  "pusher": {
    "name": "teward",
    "email": "teward@ubuntu.com"
  },
  "sender": {
    "login": "teward",
    "id": 327952,
    "avatar_url": "https://avatars.githubusercontent.com/u/327952?v=3",
    "gravatar_id": "",
    "url": "https://api.github.com/users/teward",
    "html_url": "https://github.com/teward",
    "followers_url": "https://api.github.com/users/teward/followers",
    "following_url": "https://api.github.com/users/teward/following{/other_user}",
    "gists_url": "https://api.github.com/users/teward/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/teward/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/teward/subscriptions",
    "organizations_url": "https://api.github.com/users/teward/orgs",
    "repos_url": "https://api.github.com/users/teward/repos",
    "events_url": "https://api.github.com/users/teward/events{/privacy}",
    "received_events_url": "https://api.github.com/users/teward/received_events",
    "type": "User",
    "site_admin": false
  }
}

RESPONSE Headers

Content-type: text/plain
Date: Sat, 04 Apr 2015 21:38:18 GMT
Server: BaseHTTP/0.3 Python/2.7.6

Body

Error: you are not a GitHub server.

Firewall Log Entry: (Confirms the request came in and was routed to where it needs to be)

Action: pass; DateTime: Apr 4 17:36:14; Interface: WAN; Src: 192.30.252.34:37865; Dst: 10.255.50.10:8888; Prot: TCP:Syn

teward commented 9 years ago

Update: It looks like this is a case of mangling of IPs. The problem with v6 is that it's evil. And the problem with v6-formatted v4 is, it doesn't like working as it should. This might need adaptive changes.

Here's the log data from stdout that shows this:

WARNING 2015-04-04T18:41:52 '::ffff:192.30.252.41' tried to act as a web hook for Github, but is not GitHub.
INFO 2015-04-04T18:41:52 HTTP request: ::ffff:192.30.252.41 - "POST /github HTTP/1.1" 403 -

So this is actually a case again of bad IP matching.

teward commented 9 years ago

Okay, so I'm partly wrong.

There are two problems. Firstly, this is the default startup with supybot-wizard now for http server hosts:

###
# Space-separated list of IPv4 hosts the HTTP server will bind.
#  
# Default value:
###
supybot.servers.http.hosts4: 
###
# Space-separated list of IPv6 hosts the HTTP server will bind.
# 
# Default value: ::0   
###
supybot.servers.http.hosts6: ::0

This causes a problem if v4 is not on - it will incorrectly do the v6 form of the v4 address, as seen in my last comment.

When you bind right to v4, it has no issue. There needs to be additional handling for this v6 problem.

Mikaela commented 9 years ago

Duplicate of https://github.com/ProgVal/Supybot-plugins/issues/270

Potential solution fixing also multiple other GitHub issues https://github.com/ProgVal/Supybot-plugins/issues/230

Only solution that I see to web server being stupid without having any coding skills https://github.com/ProgVal/Limnoria/pull/1074

ghost commented 9 years ago

@ProgVal You might want to close this, it's a duplicate.