Skip to content

feat(security): add ability to by pass security #53

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sidux merged 1 commit into from
Nov 21, 2024
Merged

feat(security): add ability to by pass security #53

sidux merged 1 commit into from
Nov 21, 2024

Conversation

@sidux
Copy link
Contributor

@sidux sidux commented Nov 20, 2024
edited
Loading

useful when debugging (will be activated using an env var)

@sidux sidux force-pushed the add-ability-to-by-pass-security branch from fff4231 to 1858e2f Compare November 20, 2024 12:30
@sidux sidux requested a review from kletord November 20, 2024 12:30
@sidux sidux force-pushed the add-ability-to-by-pass-security branch 3 times, most recently from 8e7d774 to 9b71699 Compare November 20, 2024 12:37
@github-actions
Copy link

github-actions bot commented Nov 20, 2024

Issued by Coverage Checker:

@sidux sidux force-pushed the add-ability-to-by-pass-security branch from 9b71699 to 66df5e7 Compare November 20, 2024 12:50
@sidux sidux force-pushed the add-ability-to-by-pass-security branch from 66df5e7 to e15ce39 Compare November 20, 2024 13:30
NicolasMugnier
NicolasMugnier reviewed Nov 20, 2024
View reviewed changes
src/Interceptor/Impl/SecurityInterceptor.php
Comment on lines +43 to +45
if ($this->config?->bypassSecurity) {
return new Response();
}
Copy link
Contributor

@NicolasMugnier NicolasMugnier Nov 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we sure we're not creating a backdoor usable larger than we expect ?

Copy link
Contributor Author

@sidux sidux Nov 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there two things to secure against this in the other PR :

app.php which is used in prod, always forces bypass env var to 0
only service proxy
config is only loaded in dev/openclassrooms_service_proxy.yml which is loaded only in dev

@sidux sidux merged commit dbf6035 into master Nov 21, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NicolasMugnier NicolasMugnier NicolasMugnier left review comments

@Wilkins Wilkins Wilkins approved these changes

@kletord kletord Awaiting requested review from kletord

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sidux @Wilkins @NicolasMugnier