Skip to content

Commit

Permalink
update lint description
Browse files Browse the repository at this point in the history
  • Loading branch information
@inian
inian committed May 10, 2024
1 parent 95f050c commit 01cfad7
Show file tree
Hide file tree
Showing 6 changed files with 14 additions and 14 deletions.
2 changes: 1 addition & 1 deletion lints/0002_auth_users_exposed.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ select
'ERROR' as level,
'EXTERNAL' as facing,
array['SECURITY'] as categories,
'Detects if auth.users is exposed to anon or authenticated roles via a view or materialized view in the public schema, potentially compromising user data security.' as description,
'Detects if auth.users is exposed to anon or authenticated roles via a view or materialized view in schemas exposed to PostgREST, potentially compromising user data security.' as description,
format(
'View/Materialized View "%s" in the public schema may expose \`auth.users\` data to anon or authenticated roles.',
c.relname
Expand Down
4 changes: 2 additions & 2 deletions lints/0010_security_definer_view.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@ select
'ERROR' as level,
'EXTERNAL' as facing,
array['SECURITY'] as categories,
'Detects views that are SECURITY DEFINER meaning that they ignore row level security (RLS) policies.' as description,
'Detects views defined with the SECURITY DEFINER property. These views enforce Postgres permissions and row level security policies (RLS) of the view creator, rather than that of the querying user' as description,
format(
'View \`%s.%s\` is SECURITY DEFINER',
'View \`%s.%s\` is defined with the SECURITY DEFINER property',
n.nspname,
c.relname
) as detail,
Expand Down
2 changes: 1 addition & 1 deletion lints/0013_rls_disabled_in_public.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ select
'ERROR' as level,
'EXTERNAL' as facing,
array['SECURITY'] as categories,
'Detects cases where row level security (RLS) has not been enabled on a table in the \`public\` schema.' as description,
'Detects cases where row level security (RLS) has not been enabled on tables in schemas exposed to PostgREST' as description,
format(
'Table \`%s.%s\` is public, but RLS has not been enabled.',
n.nspname,
Expand Down
2 changes: 1 addition & 1 deletion lints/0016_materialized_view_in_api.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ select
'WARN' as level,
'EXTERNAL' as facing,
array['SECURITY'] as categories,
'Detects materialized views that are potentially accessible over APIs.' as description,
'Detects materialized views that are potentially accessible over the Data APIs.' as description,
format(
'Materialized view \`%s.%s\` is selectable by anon or authenticated roles',
n.nspname,
Expand Down
8 changes: 4 additions & 4 deletions splinter.json
View file

Large diffs are not rendered by default.

10 changes: 5 additions & 5 deletions splinter.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ select
'ERROR' as level,
'EXTERNAL' as facing,
array['SECURITY'] as categories,
'Detects if auth.users is exposed to anon or authenticated roles via a view or materialized view in the public schema, potentially compromising user data security.' as description,
'Detects if auth.users is exposed to anon or authenticated roles via a view or materialized view in schemas exposed to PostgREST, potentially compromising user data security.' as description,
format(
'View/Materialized View "%s" in the public schema may expose \`auth.users\` data to anon or authenticated roles.',
c.relname
Expand Down Expand Up @@ -570,9 +570,9 @@ select
'ERROR' as level,
'EXTERNAL' as facing,
array['SECURITY'] as categories,
'Detects views that are SECURITY DEFINER meaning that they ignore row level security (RLS) policies.' as description,
'Detects views defined with the SECURITY DEFINER property. These views enforce Postgres permissions and row level security policies (RLS) of the view creator, rather than that of the querying user' as description,
format(
'View \`%s.%s\` is SECURITY DEFINER',
'View \`%s.%s\` is defined with the SECURITY DEFINER property',
n.nspname,
c.relname
) as detail,
Expand Down Expand Up @@ -662,7 +662,7 @@ select
'ERROR' as level,
'EXTERNAL' as facing,
array['SECURITY'] as categories,
'Detects cases where row level security (RLS) has not been enabled on a table in the \`public\` schema.' as description,
'Detects cases where row level security (RLS) has not been enabled on tables in schemas exposed to PostgREST' as description,
format(
'Table \`%s.%s\` is public, but RLS has not been enabled.',
n.nspname,
Expand Down Expand Up @@ -792,7 +792,7 @@ select
'WARN' as level,
'EXTERNAL' as facing,
array['SECURITY'] as categories,
'Detects materialized views that are potentially accessible over APIs.' as description,
'Detects materialized views that are potentially accessible over the Data APIs.' as description,
format(
'Materialized view \`%s.%s\` is selectable by anon or authenticated roles',
n.nspname,
Expand Down

0 comments on commit 01cfad7

Please sign in to comment.