Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: Reject multiple successive slashes in path #3880

Merged
merged 4 commits into from
May 27, 2023
Merged

security: Reject multiple successive slashes in path #3880

merged 4 commits into from
May 27, 2023

Conversation

chriswk
Copy link
Contributor

@chriswk chriswk commented May 27, 2023

No description provided.

@chriswk chriswk requested review from ivarconr and kwasniew May 27, 2023 11:41
@vercel
Copy link

vercel bot commented May 27, 2023
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

2 Ignored Deployments
Name Status Preview Comments Updated (UTC)
unleash-docs ⬜️ Ignored (Inspect) May 27, 2023 0:20am
unleash-monorepo-frontend ⬜️ Ignored (Inspect) Visit Preview May 27, 2023 0:20am

@chriswk chriswk added the bug label May 27, 2023
chriswk
chriswk commented May 27, 2023
View reviewed changes
src/test/e2e/api/auth/leading-slashes-are-stripped.e2e.test.ts
Comment on lines +48 to +59
test(`Access with API token is granted`, async () => {
let token = await app.services.apiTokenService.createApiTokenWithProjects({
environment: 'default',
projects: ['default'],
tokenName: 'test',
type: ApiTokenType.CLIENT,
});
await app.request
.get('/api/client/features')
.set('Authorization', token.secret)
.expect(200);
});
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know we're testing this already, so this test could probably be removed.

@chriswk chriswk force-pushed the task/refuseMultipleSuccessiveSlashesInPath branch from 5a7d8bd to a837989 Compare May 27, 2023 12:14
@chriswk chriswk merged commit 3d872cf into main May 27, 2023
10 checks passed
@chriswk chriswk deleted the task/refuseMultipleSuccessiveSlashesInPath branch May 27, 2023 12:31
chriswk pushed a commit that referenced this pull request May 27, 2023
@chriswk
security: Reject multiple successive slashes in path (#3880)
e45b86c
chriswk pushed a commit that referenced this pull request May 27, 2023
@chriswk
security: Reject multiple successive slashes in path (#3880)
de8d625
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ivarconr ivarconr ivarconr approved these changes

@kwasniew kwasniew Awaiting requested review from kwasniew

Assignees

@chriswk chriswk

Labels
bug
Projects
Issues and PRs
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@chriswk @ivarconr