Tuesday, 16 October 2012

Change Website version using Git checkout (after a CSRF fix broke a GUI component)

We had an issue yesterday with TeamMentor.net where a version 3.2.1 was pushed into production with a CSRF fix (see TeamMentor Vulnerability Disclosures: CSRF , ClickJacking and Get Password Hash from Browser Memory) that broke some of the user functionality (see issue:  When ShowContentToAnonymousUsers is set to false, users are asked to re-login when opening articles)

I was able to create a fix and push it to TeamMentor/Master but the reality is that we shouldn't had moved the TeamMentor.net into 3.2.1 version (from 3.2) without a full QA round.

So the solution was to revert the live sites to the 3.2 version (from 3.2.1) and then move it to 3.2.2 after QA signs it off.

But how do we do that?

Well since TeamMentor is Git based, there is a very easy solution for it, just checkout the version we want :)

It is actually impressive how quick and effective it is:

Here is the what the 3.2.2 version of TM looks like (note the top-right 3.2.2 version):

Now lets look at what the commit list looks like from Git Bash using the $ git log --online -n 15 command:

The one we want is the 89dbd47 commit (7th down).

We can now change the local files from the current version (master), into the 89dbd47 version, by executing $ git checkout 89dbd47

After that, just refreshing the browser will show that we are now in the 3.2 version

What is really powerful here is that we had a different file structure changed in seconds

To see this in action, lets open a file that was changed in VisualStudio (note the TM.tmVersion value of TM 3.2 at the top left):

Next, we will revert back our file system to the 3.2.2 version (ie. the current master version) using $ git checkout master

VisualStudio will detect the file change:

And after reloading the file we will back to version 3.2.2

Finally, since TeamMentor has an Admin interface that allows the execution of Git commands, we can do these checkouts (i.e. 'version changes') directly from the web :)

Just go to the admin panel, click on the 'Advanced Admin Tools' and the 'GitHub Sync' links:

Enter the checkout -f 89dbd47 value in the TextBox and click on 'Execute Git Command'  (note: I used the -f option to force the checkout, because as you can see by the screenshot above the TeamMentor.CoreLib.dll had changed)

And we're back into the 3.2 version:

This post actually gave me an idea for a real cool feature to add in the future: Admin option: Gui to select which commit to use 

Security as TAX

Finally, remember that all of this happened because a security fix had a nasty side effect, which makes it a good example of the TAX we (developers) have to pay when adding security to our apps (remember that the CSRF fix added NO value to the app since it didn't improve its user-value, it just prevented an abuse case from happening)