Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Namespace Rule checker to stop replaying the last request #112

Closed
rifiles opened this issue Dec 15, 2020 · 1 comment · Fixed by #115
Closed

Update Namespace Rule checker to stop replaying the last request #112

rifiles opened this issue Dec 15, 2020 · 1 comment · Fixed by #115
Assignees
@rifiles

Comments

@rifiles
Copy link
Collaborator

rifiles commented Dec 15, 2020

Currently the namespace rule checker replays the entire sequence prior to sending the attack request. In the case of DELETE requests, resending that request can lead to false negatives because the resource would typically be successfully deleted during the replay. The checker's attack request would then receive a response akin to a 404, which would not trigger a bug in the checker even if the attack request would have otherwise been successful.
@rifiles rifiles self-assigned this Dec 15, 2020
@PatGod
Copy link
Contributor

PatGod commented Dec 15, 2020

Related to issue/question #104

@PatGod PatGod mentioned this issue Dec 15, 2020
Closed
@rifiles rifiles mentioned this issue Dec 16, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rifiles rifiles

Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@rifiles @PatGod