Merge lp:~camptocamp/openobject-addons/7.0-fix_1196847 into lp:openobject-addons/7.0

I recommend keeping the call to uo.close() in order to have a clean termination of the HTTP session.

And I'd be glad to have a trace of the sent parameters and of the value of submit_result in the logs

Added url link object close

LGTM

Just added some login statement

I think disabling the cron altogether is a wrong move. The level of criticality of this alleged vulnerability is quite low, while the mechanism to send system messages to OpenERP administrators is important and should not need to be manually turned on. It was used in the past to notify all users (not just OE/OPW customers!) about a critical vulnerability in OpenERP 6.0 that needed to be patched urgently [1], and it was levels of magnitude more serious than the potential exploit of this notification mechanism.

It seems to me that replacing safe_eval() with ast.literal_eval() and forcing an HTTPS URL would reduce the possibilities of misuse to an acceptable level. The handling of the return values is the actual mechanism used to notify system administrators of important messages.

BTW if you think safe_eval is not safe you should post another bug report with the issues you've found with it, so that we can fix them - as this would have a much bigger impact!

Also, log messages are not be translated, and this particular extra logging seems a bit superfluous. The mechanism is meant to be fault-tolerant on purpose.

[1] bug 832601

IMO the concept of executing arbitrary distant code is defective by design and should be simply removed. There is other better patterns to notify users.

Try simply to do in a Python consol:

import ast
ast.literal_eval(82173821737213782173821739921**881230980921832173821732132323798321) # Via Alexandre Fayolle

If you are not in multi process your instance will froze as long the GIL is not released.

It never will be safe to directly execute code from external sources.

Even if we use SSL we have to ensure it is not only used for encryption but also for source authentication and reject any action if authentication fails. That's may probably means some infrastructure work for OpenERP SA (please confirm). I do not want so send user info to undue people. As long that I have not more guaranty that this stats will arrive to OpenERP SA, I do not think I want to activate the cron.

This kind of authentication/security should also be required by the internal "app store" of OpenERP.

Pushed correction log messages should not be translated

On 07/02/2013 01:48 PM, Nicolas Bessi - Camptocamp wrote:
> Even if we use SSL we have to ensure it is not only used for encryption but
> also for source authentication and reject any action if authentication
> fails.

Yes, server-side certificate chain validation is a key part of the TLS
protocol[1], and it is enabled by default on all HTTPS stacks.
It does not require any extra work on OpenERP Publisher Warranty servers
because they are already deployed with valid SSL certificates.

> This kind of authentication/security should also be required by the internal
> "app store" of OpenERP.

The OpenERP Apps integration in OpenERP 7.0 is done using HTTPS.

[1] https://tools.ietf.org/html/rfc5246#section-7.4.2

My point with SSL was more to know if OpenERP have self signed certificat, forme those services or use a registered ca