Skip to content
This repository was archived by the owner on Sep 30, 2024. It is now read-only.
This repository was archived by the owner on Sep 30, 2024. It is now read-only.

Site-config and global-settings lack input validation #60492

Closed
#60808
Closed
Site-config and global-settings lack input validation#60492
#60808
Assignees
fkling
Labels
bugAn error, flaw or fault that produces an incorrect or unexpected result, or behavior.team/code-searchIssues owned by the code search team
@daxmc99

Description

@daxmc99
daxmc99
opened on Feb 13, 2024

During #inc-274 we found that both the site-config and global-settings lack any form of input validation.

A user could set a key like this

{
  "message": "javaref[https://sourcegraph.com]",
}

(warning! If you set this you will need to go into the database to remove it from the global settings)

in the global settings which would result in code-nav breaking.

Requests

Perform input validation of site-config and global-settings to prevent erroneous keys from breaking other features.

Concerns

Deprecation of site-config options during upgrades could be an issue

@eseliger mentioned we used to have this but now we do not?

Metadata

Metadata

Assignees

Labels

bugAn error, flaw or fault that produces an incorrect or unexpected result, or behavior.team/code-searchIssues owned by the code search team

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions