-
Notifications
You must be signed in to change notification settings - Fork 994
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BT1-T142 : Check interaction between XSS and encryption #2149
Conversation
Dev: allow attribute filtering when encryotSave (see save function) Dev: 1st part, test waiting
Dev: Token need update only on participant_id
Dev: since there are no rules, no way to return false. Dev: then doing it for future
Dev: EM array_keys for attributes
OK, right : removed unused params from child function … |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Structure of code seems ok
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe there is a problem in the frontend helper.
Initially, it decrypts all attributes.
Then encrypt, but only some.
Then the others are decrypted.
It does not break, because it is not saved.
But then it tries to decrypt everything back, and since they are already decrypted, an error occurs.
Will keep on reviewing later
related here : https://github.com/LimeSurvey/LimeSurvey/pull/2149/files#diff-4b5f6522204521a4e24e45dd60c31295cdc7298b0174dd96cf6c1e7d0334f4ffR420 ? See 3.X :
In 3.X : we use updateByPk but here we need encrypt and save only needed values
It's needed : we need to save only this values, encryot must happen only when save in my opinion :). It's not an urgent fix here ;) January seems OK. |
Strange : i think i do a test with token … I can get a look in January : but i really think we must not encrypt what we don't save … Here :
But you're right :
Different way to fix :
I don't like 1 because if we don't need something we don't need to do it. I think 2 can broke at some other place For 3 : code need to track itself each attributes : seems not the best solution . 4 seems the best (in my opinion) ? |
PS :
Me too: don't like it :).
But you need to have it decrypted to use it, non ? Have 2 object : one for crypted and one decrypted ? |
Not actually. The attribute is always held encrypted on the model. A getter for attribute would check if it needs decryption. If so, does it, but don't store it, just return it for the script to use it as needed. As it the data is always encrypted in the model and there is no diff in how the data is picked up or saved to the DB. |
But this need to review all usage of token value and response value ? |
As with every other approach I guess. |
This make a lot more work … |
Must check the need … i can easily fix double decrypt, but rewriting all done is out of project i think. |
@gabrieljenik i fix the issue. Currently : when try to save a single attribute : encryot all attributes (like before). Here : we can update Else : i give my opinion previously. In my opinion : all model->attribute must be decrypted transparently (and save as crypted transparently too). |
Yes, that was plan A.
Why there? What if someone tries to pick a specific encrypted attribute driectly. Like
Agree. And load should unencrypt.
Agree. Question is what is the best way to accomplish that. |
I don't see any reason here ? But you're right … The question now is 1. Make decision about all of this crypt system , 2. time of dev for project. Both are done encryptSave validate by default + allow attribute filtering when encryptSave (see save function) |
Yes, this is more decision for @olleharstedt |
OK, I might have to spend some time reading this. ^^ |
I think this is a good effort. @ptelu should take a look at this next sprint so this can be finished. |
@Shnoulle Can you fix the conflicts and then I will make sure it is reviewed? |
No conflicts on local merge … |
|
@olleharstedt Need to fix conflict or work for nothing ? |
Idk man. We have a problem of ownership internally, when it comes to pull requests... :/ |
See that … |
Problem is that Ahmed is still not replaced. We have a meeting about it later today. Hopefully we can get something moving. |
@olleharstedt after more than one year … maybe we can close this PR ? |
But there are still security issues solved by this PR or? Also only one conflict so far. |
I don't know … you don't explain the final reason. You ask me to encryptSave validate by default. I think there are potential issue when adding feature or create plugin or currently exist but hidden
Yes, but if I fix conflict toay , i don't want to fix it again in 4 month … I already have the impression to have developed for nothing on this pull request ... |
Yes, don't do anything now. |
Follow up on #3596 |
Dev: encryptSave validate by default
Dev: allow attribute filtering when encryotSave (see save function)
To be checked