Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(admin-ui): Implement security measures for webhook #1704

Closed
syntrydy opened this issue May 14, 2024 · 0 comments · Fixed by #1705
Closed

feat(admin-ui): Implement security measures for webhook #1704

syntrydy opened this issue May 14, 2024 · 0 comments · Fixed by #1705
Assignees
@syntrydy
Labels
comp-admin-ui Component affected by issue or PR comp-docker-admin-ui Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality kind-feature Issue or PR is a new feature request

Comments

@syntrydy
Copy link
Contributor

syntrydy commented May 14, 2024
edited
Loading

Description

Currently the webhook feature doesn't have any security measures implemented.
The following should be done:

  • Perform URL validation.
  • Ensure URL starts with "https://", disallow "file://" and other non-HTTPS schemes.
  • Block typical local IPs: 127.0.x, 192.168.x, 172.x.
  • Prohibit "localhost" and "http://"
  • Require a specific response header for POST requests, unique to the customer.

image
@syntrydy syntrydy added comp-admin-ui Component affected by issue or PR comp-docker-admin-ui Component affected by issue or PR labels May 14, 2024
@syntrydy syntrydy self-assigned this May 14, 2024
@syntrydy syntrydy changed the title fix(admin-ui): Implement security measures for webhook feat(admin-ui): Implement security measures for webhook May 14, 2024
@mo-auto mo-auto added kind-bug Issue or PR is a bug in existing functionality kind-feature Issue or PR is a new feature request labels May 14, 2024
syntrydy added a commit that referenced this issue May 15, 2024
@syntrydy
feat(admin-ui): Implement security measures for webhook #1704
4f0ac8d
@syntrydy syntrydy mentioned this issue May 15, 2024
Merged
syntrydy added a commit that referenced this issue May 16, 2024
@syntrydy
feat(admin-ui): add webhook url regex validation #1704
0b8221e
syntrydy added a commit that referenced this issue May 16, 2024
@syntrydy
feat(admin-ui): add webhook url regex validation #1704
c453e5e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@syntrydy syntrydy

Labels
comp-admin-ui Component affected by issue or PR comp-docker-admin-ui Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(admin-ui): Implement security measures for webhook GluuFederation/flex
2 participants
@syntrydy @mo-auto