Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sprunje should implement whitelisting and validation #640

Closed
alexweissman opened this issue Feb 7, 2017 · 1 comment
Closed

Sprunje should implement whitelisting and validation #640

alexweissman opened this issue Feb 7, 2017 · 1 comment
Assignees
@alexweissman
Labels
REST API API standard security Framework security issue
Milestone
4.x

Comments

@alexweissman
Copy link
Member

Right now, Sprunje will automatically match query parameters for filter and sort to columns in your table(s). However, allowing certain columns to be filtered/sorted on could be a security issue - you may not want to allow sorting a list of users based on their account_balance - even if the actual values in the column aren't returned with the results.

I sorta started this, but never finished it - every custom Sprunje should have either a whitelist, or blacklist, of allowed filters and sorts.
@alexweissman alexweissman added REST API API standard security Framework security issue labels Feb 7, 2017
@alexweissman alexweissman added this to the 4.0 milestone Mar 1, 2017
@alexweissman alexweissman self-assigned this Mar 14, 2017
@alexweissman
Copy link
Member Author

This has been done in 4.0.12-Alpha.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexweissman alexweissman

Labels
REST API API standard security Framework security issue
Projects
None yet
Milestone
4.x
Development

No branches or pull requests
1 participant
@alexweissman