Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insufficient input validation on set_whitelist_blacklist, add_greylist_accounts, remove_greylist_accounts #86

Closed
matthewdarwin opened this issue Sep 1, 2022 · 2 comments · Fixed by #113 or #114
Closed

Insufficient input validation on set_whitelist_blacklist, add_greylist_accounts, remove_greylist_accounts #86

matthewdarwin opened this issue Sep 1, 2022 · 2 comments · Fixed by #113 or #114
Assignees
@linh2931
Labels
bug Something isn't working
Milestone
Leap 3.1.1

Comments

@matthewdarwin
Copy link

There is nothing "ok" about this request:

curl -d '{"foo":["bar"]}' http://127.0.0.1:8888/v1/producer/set_whitelist_blacklist
{"result":"ok"}

Input validation is required to ensure what is being submitted actually changes configuration.
@matthewdarwin matthewdarwin changed the title insufficient input validation on set_whitelist_blacklist, add_greylist_accounts, remove_greylist_accounts Insufficient input validation on set_whitelist_blacklist, add_greylist_accounts, remove_greylist_accounts Sep 1, 2022
@stephenpdeos stephenpdeos moved this to Todo in Team Backlog Sep 1, 2022
@stephenpdeos
Copy link
Member

Short-term solution to address this issue requires that at least one of the optionals must be provided.

@linh2931 linh2931 self-assigned this Sep 6, 2022
@matthewdarwin
Copy link
Author

Short-term solution to address this issue requires that at least one of the optionals must be provided.

That would definitely have saved some time.

@linh2931 linh2931 moved this from Todo to In Progress in Team Backlog Sep 6, 2022
This was referenced Sep 7, 2022
Merged
Merged
Repository owner moved this from In Progress to Done in Team Backlog Sep 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@linh2931 linh2931

Labels
bug Something isn't working
Projects
Team Backlog
Archived in project
Milestone
Leap 3.1.1
3 participants
@matthewdarwin @stephenpdeos @linh2931