Don’t trust user input. That’s a core security tenet for building secure software. In our web applications we sanitize text input to protect against XSS, and verify uploaded files are free of malware. But what happens when you take user-submitted software and execute whatever it tells you to do? That’s essentially what Continuous Integration environments are made for. If the tests say to count to 10, the system counts to 10. If it says to download software and start mining for Bitcoin, that’s exactly what it’ll do.
Misbehaving or even malicious builds are a difficult threat for CI environments to protect against. Continuous Integration services are essentially asked, every day, by every customer, to run random pieces of software. If you run a CI system at your company, you’re doing the same. To help identify these potentially dangerous builds, we’ve been working on a project called Build Inspector.
Build Inspector is a forensic sandbox for Continuous Integration environments. It monitors network activity, file system changes, and running processes, making it easier to spot unintended and potentially dangerous activities. Using a sandboxed environment, build operations will happen in isolation without compromising the machine.
When you run Build Inspector, you’ll get reports on any potentially dangerous activities on the build server. If you find a suspicious build, we’d love to hear about it. Just log an issue of any suspicious builds you find.
Build Inspector is released under the Apache License. In hopes of securing build servers everywhere, we’d love to see PRs that improve security or ensure broader support for CI systems.