Order By Vulnerability

[mostlikelee]

Related issue: Resolves https://github.com/fleetdm/confidential/issues/14323

• Implements allowlist-based validation for all list endpoints that could surface sensitive data. An eng-init issue will be created to address ALL list endpoints for future proofing.

Entpoints affected | sensitive data:

• Hosts
• Policies
• Queries
• Users
• Invites
• Secret Variables
• Certificate Templates
• Host Certificates
• Batch Script Hosts

Checklist for submitter

If some of the following don't apply, delete the relevant line.

• Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
  See Changes files for more information.

• Input data is properly validated, SELECT * is avoided, SQL injection is prevented (using placeholders for values in statements)

• If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes

Testing

• Added/updated automated tests

• QA'd all new/changed functionality manually

[codecov]

Codecov Report

❌ Patch coverage is 81.73077% with 19 lines in your changes missing coverage. Please review.
✅ Project coverage is 66.34%. Comparing base (d83fd5f) to head (948cb91).
⚠️ Report is 98 commits behind head on main.

Files with missing lines	Patch %	Lines
server/platform/mysql/list_options.go	87.71%	5 Missing and 2 partials ⚠️
server/datastore/mysql/policies.go	66.66%	2 Missing and 2 partials ⚠️
server/datastore/mysql/certificate_templates.go	33.33%	1 Missing and 1 partial ⚠️
server/datastore/mysql/host_certificates.go	33.33%	1 Missing and 1 partial ⚠️
server/datastore/mysql/hosts.go	71.42%	1 Missing and 1 partial ⚠️
server/datastore/mysql/secret_variables.go	33.33%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #40143      +/-   ##
==========================================
+ Coverage   66.31%   66.34%   +0.02%     
==========================================
  Files        2449     2452       +3     
  Lines      196520   196719     +199     
  Branches     8537     8537              
==========================================
+ Hits       130332   130505     +173     
- Misses      54379    54398      +19     
- Partials    11809    11816       +7     

Flag	Coverage Δ
backend	68.13% <81.73%> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[mostlikelee]

pointing this out as technically a breaking change, although I don't expect customers or the FE to use h.id

[getvictor]

Looks good overall. Left a couple small comments.

[getvictor]

We should be using testify assert/require here, and other places.

[getvictor]

What error code will this return?

Can it implement IsClientError() = true interface?

[mostlikelee]

good catch, i also implemented Invalid() so this gets surfaced as a 422 err