Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SRCH-2453 verify host when connecting to Twitter's streaming API #769

Merged
merged 3 commits into from
Aug 30, 2021
Merged

SRCH-2453 verify host when connecting to Twitter's streaming API #769

merged 3 commits into from
Aug 30, 2021

Conversation

MothOnMars
Copy link
Contributor

This PR ensures that we validate the host when connecting to Twitter's streaming API via the tweetstream gem. This resolves the "Improper Certificate Validation in TweetStream" vulnerability.

jmax-fearless
jmax-fearless approved these changes Aug 24, 2021
View reviewed changes
Copy link
Contributor

@jmax-fearless jmax-fearless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Gemfile
@@ -78,7 +81,7 @@ gem 'retry_block', '~> 1.2.0'
gem 'aws-sdk', '< 3.0'
gem 'colorize', '~> 0.8.1'
gem 'dogstatsd-ruby', '~> 3.2.0'
gem 'http', '~> 1.0'
gem 'http', '~> 4.0'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yay!

@MothOnMars
Copy link
Contributor Author

@jmax-fearless , re-review requested for config tweak:
cd8ebf9

jmax-fearless
jmax-fearless approved these changes Aug 25, 2021
View reviewed changes
Copy link
Contributor

@jmax-fearless jmax-fearless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@MothOnMars MothOnMars merged commit cd10ad2 into GSA:master Aug 30, 2021
@MothOnMars MothOnMars deleted the tweetstream_2453 branch August 30, 2021 15:12
@MyNameIsMissing MyNameIsMissing mentioned this pull request Sep 2, 2021
Merged
9 tasks
MyNameIsMissing added a commit that referenced this pull request Sep 2, 2021
@MyNameIsMissing
Release 8.2.0
552de77 
Functional
SRCH-2324 update newrelic_rpm (SRCH-2324 update newrelic_rpm #771) …
SRCH-2453 verify host when connecting to Twitter's streaming API (SRCH-2453 verify host when connecting to Twitter's streaming API #769) …
Testing or Process
SRCH-2457 add pull request template (SRCH-2457 add pull request template #774)
SRCH-2110 consolidate cucumber tests (SRCH-2110 consolidate cucumber tests #773)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmax-fearless jmax-fearless jmax-fearless approved these changes

Assignees

@jmax-fearless jmax-fearless

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@MothOnMars @jmax-fearless