Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log file upload events #1622

Closed
securitydave opened this issue May 7, 2023 · 3 comments
Closed

Log file upload events #1622

securitydave opened this issue May 7, 2023 · 3 comments
Assignees
@elarlang @securitydave
Labels
4) proposal for review Issue contains clear proposal for add/change something V7 Temporary label for grouping logging related issues _5.0 - prep This needs to be addressed to prepare 5.0

Comments

@securitydave
Copy link

We should have a requirement such as:

12.1.x (new) Verify that each file upload event, successful or rejected, is logged, including identification of the user.

(Related to #1444)
@elarlang elarlang added 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V7 Temporary label for grouping logging related issues labels May 7, 2023
@elarlang
Copy link
Collaborator

elarlang commented May 31, 2023
edited
Loading

I think we can make the requirement more precise with mentioning what kind of data should be logged for the event related to file upload (filesize, filename, checksum).

Additionally:

  • viruscheck result
  • for packed files, amount of files and packing ratio

@elarlang elarlang mentioned this issue May 31, 2023
Closed
@elarlang elarlang added the 4a) Waiting for another This issue is waiting for another issue to be resolved label Jun 2, 2023
@tghosth tghosth added 4b Major-rework These issues need to be part of a full chapter rework _5.0 - prep This needs to be addressed to prepare 5.0 and removed 4a) Waiting for another This issue is waiting for another issue to be resolved 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet labels Jul 10, 2023
@elarlang elarlang mentioned this issue Oct 25, 2023
Closed
@elarlang elarlang mentioned this issue Nov 26, 2023
Closed
@elarlang elarlang mentioned this issue Mar 17, 2024
Closed
@tghosth
Copy link
Collaborator

tghosth commented May 2, 2024

This is explicitly mentioned in the logging cheatsheet
OWASP/CheatSheetSeries#1394

As part of making requirements slightly more abstract, I don't think we would add this here as well..

@elarlang do you think we can close?

@tghosth tghosth added 4) proposal for review Issue contains clear proposal for add/change something and removed 4b Major-rework These issues need to be part of a full chapter rework labels May 2, 2024
@elarlang
Copy link
Collaborator

elarlang commented May 2, 2024

In general yes, I just have not removed them as the new solution is not in place yet. But it's a clear case here now, that we will not cover all logging events in detail and are going to provide abstract requirements instead.

@elarlang elarlang closed this as completed May 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elarlang elarlang

@securitydave securitydave

Labels
4) proposal for review Issue contains clear proposal for add/change something V7 Temporary label for grouping logging related issues _5.0 - prep This needs to be addressed to prepare 5.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tghosth @elarlang @securitydave