Phone Home Statements found in Installed Version
Created by: captbunzo
Hi,
While working on a few things with a recently installed version of gitlab, I was very disturbed to find a number of phone home type statements. At present, these all seem to be in external gems that got installed while setting up gitlab. However, their presence at all is very disturbing.
An example can be found here: http://i.imgur.com/53aVF.png
This is in the files:
./gitlab/vendor/bundle/ruby/1.9.1/gems/haml-3.1.4/Rakefile ./gitlab/vendor/bundle/ruby/1.9.1/gems/haml-3.1.4/vendor/sass/Rakefile ./gitlab/vendor/bundle/ruby/1.9.1/gems/sass-3.1.15/Rakefile
I understand that these are gems being used by gitlab. However, this security hole nearly led to us canning the use of gitlab completely, which would be a shame as I really like it and think it is very useful.
Can we maybe track down:
- Where this is getting into installed code
- Where the projects are hosted that are doing this so that I can report bugs as such
Many thanks for any help you can provide
Cheers, Paul Thompson