Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH private key not validated on updateProject #1584

Open
smlx opened this issue Jan 24, 2020 · 0 comments · May be fixed by #3662
Open

SSH private key not validated on updateProject #1584

smlx opened this issue Jan 24, 2020 · 0 comments · May be fixed by #3662
Labels
1-api-auth API & Authentication subsystem

Comments

@smlx
Copy link
Member

smlx commented Jan 24, 2020

Describe the bug
Using the updateProject mutation you can set the private key field to any string. This will cause operations using that key to fail.

To Reproduce
Steps to reproduce the behavior:

  1. Use the updateProject mutation, providing an invalid private key.
  2. Mutation succeeds.
  3. Inspect the project, and see that it has an invalid private key.

Expected behavior
I expected the SSH key to be validated in some way. It doesn't even have to be fully parsed if that is expensive, just check that the first line is the correct format.

Screenshots
n/a

Additional context
n/a
@rocketeerbkw rocketeerbkw added the 1-api-auth API & Authentication subsystem label Oct 21, 2021
@shreddedbacon shreddedbacon linked a pull request Mar 4, 2024 that will close this issue
Draft
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1-api-auth API & Authentication subsystem
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: use api-sidecar-handler to offload sshkey handling and add more types uselagoon/lagoon
2 participants
@rocketeerbkw @smlx