Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve input validation #587

Open
evegufy opened this issue Mar 27, 2024 · 2 comments
Open

Improve input validation #587

evegufy opened this issue Mar 27, 2024 · 2 comments
Assignees
@AnuragNagpure
Milestone
Release 25.03

Comments

@evegufy
Copy link
Contributor

evegufy commented Mar 27, 2024
edited
Loading

Description

Validate the input (especially urls) being passed and omit those that use a different protocol than https, contain query or fragment or navigational elements (like '../..') in the path

Also make sure that the application does convert "dangerous" characters into safe equivalents (HTML entities or Unicode characters)

Examples of dangerous characters:
< >
Introduction of HTML or JavaScript code tags
' " &
Manipulating the content of SQL queries
{ } $ %
Embedding executable code in HTML server templates

Additionally, look into restricting the number of files that can be uploaded by the user.

Important: needs to be approached jointly with eclipse-tractusx/portal-frontend#672
@evegufy evegufy added this to Portal Mar 27, 2024
@github-project-automation github-project-automation bot moved this to NEW USER REQUEST in Portal Mar 27, 2024
@evegufy evegufy moved this from NEW USER REQUEST to USER READY in Portal Mar 27, 2024
@evegufy evegufy moved this from USER READY to BACKLOG in Portal Mar 27, 2024
@jjeroch jjeroch mentioned this issue Apr 2, 2024
Closed
@jjeroch
Copy link
Contributor

jjeroch commented Apr 2, 2024

Important: this should only happen jointly with the FE team - the backend team was already tasked to update the pattern in the last sprint review and to make sure that it fits with FE validations.
To ensure a synchronized implementation it is important to implement this task with a frontend developer jointly and to touch all the respective sections/endpoints where urls are entered
FE Task: eclipse-tractusx/portal-frontend#672

@jjeroch jjeroch modified the milestones: Release 24.05, Release 24.08 May 15, 2024
@VPrasannaK94 VPrasannaK94 moved this from BACKLOG to IN PROGRESS in Portal May 16, 2024
@MaximilianHauer
Copy link

based on discussion wiht @oyo and @Phil91 we dont need this as html/sql syntax will not be executed due to frontend configuration

@MaximilianHauer MaximilianHauer closed this as not planned Won't fix, can't repro, duplicate, stale Aug 19, 2024
@github-project-automation github-project-automation bot moved this from BACKLOG to USER READY in Portal Aug 19, 2024
@MaximilianHauer MaximilianHauer moved this from WONT DO to BACKLOG in Portal Oct 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AnuragNagpure AnuragNagpure

Labels
None yet
Projects
Portal
Status: BACKLOG
Milestone
Release 25.03
Development

No branches or pull requests
5 participants
@evegufy @jjeroch @VPrasannaK94 @AnuragNagpure @MaximilianHauer