Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing perm/limit checks in multiple places #953

Open
ChrisChrome opened this issue Jan 18, 2023 · 1 comment
Open

Missing perm/limit checks in multiple places #953

ChrisChrome opened this issue Jan 18, 2023 · 1 comment
Assignees
@erkinalp @TheArcaneBrony @ChrisChrome @MaddyUnderStars
Labels
Bug Something isn't working Module: API Priority:high Breaks major functionality, or renders Spacebar unusable Route All route issues Security

Comments

@ChrisChrome
Copy link
Contributor

At multiple points in the API, there seems to be a lack of permission checks, and limit checks

This affects too many endpoints to name here, examples are welcome to be posted as comments
@ChrisChrome ChrisChrome added Bug Something isn't working Route All route issues Module: API Security Good first issue epic Priority:high Breaks major functionality, or renders Spacebar unusable labels Jan 18, 2023
@ChrisChrome ChrisChrome pinned this issue Jan 18, 2023
@erkinalp
Copy link
Contributor

Numeric limits are intentionally not enforced in certain endpoints, some due to the administrative nature of the endpoint, others due to the fact we do not yet have the corresponding configuration facilities for those limits.
Need to identify which non-enforcements are intentional and which ones are overlooked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@erkinalp erkinalp

@TheArcaneBrony TheArcaneBrony

@ChrisChrome ChrisChrome

@MaddyUnderStars MaddyUnderStars

Labels
Bug Something isn't working Module: API Priority:high Breaks major functionality, or renders Spacebar unusable Route All route issues Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@erkinalp @TheArcaneBrony @ChrisChrome @MaddyUnderStars