Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Study a solution to sanitize URL parameters in API #219

Open
tloubrieu-jpl opened this issue Dec 22, 2022 · 4 comments
Open

Study a solution to sanitize URL parameters in API #219

tloubrieu-jpl opened this issue Dec 22, 2022 · 4 comments
Assignees
@alexdunnjpl
Labels
i&t.skip icebox security task

Comments

@tloubrieu-jpl
Copy link
Member

💡 Description

There might be a library or methodology to reject any suspicious parameters from the API. That might be part of spring boot (we can dream).
This was referenced Dec 22, 2022
Closed
Closed
@al-niessner
Copy link
Contributor

@jordanpadams @tloubrieu-jpl

Does spring-* process the URL prior to swaggerhub code getting a hold of it? If we can say spring-* passes all URLs through and that swaggerhub handles errors then what sanitation needs to take place?

@jordanpadams
Copy link
Member

@al-niessner I think this is related to some of the vulnerabilities identified here: #121

@jordanpadams
Copy link
Member

if any of those require us to sanitize URLs to ensure they do not allow anything vulnerabilities in the service

@jordanpadams
Copy link
Member

Moving to icebox for now. Not vulnerabilities identified at this time and current API only allows read access directly to/from OpenSearch

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexdunnjpl alexdunnjpl

Labels
i&t.skip icebox security task
Projects
EN Portfolio Backlog
Status: ToDo
Milestone
No milestone
Development

No branches or pull requests
4 participants
@al-niessner @jordanpadams @tloubrieu-jpl @alexdunnjpl