Skip to content
This repository was archived by the owner on Sep 30, 2024. It is now read-only.

gitserver: More sophisticated argument building#62617

Closed
eseliger wants to merge 1 commit into
mainfrom
es/04-21-gitservermoresophisticatedargumentbuilding
Closed

gitserver: More sophisticated argument building#62617
eseliger wants to merge 1 commit into
mainfrom
es/04-21-gitservermoresophisticatedargumentbuilding

Conversation

@eseliger

@eseliger eseliger commented May 13, 2024

Copy link
Copy Markdown
Member

This PR aims to improve our command building and validation. Previously, every internal command would need to be added to the command allow list.

This meant that whatever we allow internal actors to do, we would also need to allow callers of exec to do, which exposes some risk.

This PR aims to clean up with that by marking certain arguments that we hard-code as safe, and verifies the other ones for safety.

Test plan:

E2E and integration tests are still passing, requesting review from security.

@cla-bot cla-bot Bot added the cla-signed label May 13, 2024
@eseliger eseliger mentioned this pull request May 13, 2024
Merged
@eseliger Graphite App

eseliger commented May 13, 2024
edited
Loading

Copy link
Copy Markdown
Member Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

Join @eseliger and the rest of your teammates on Graphite Graphite

@github-actions github-actions Bot added team/product-platform team/source Tickets under the purview of Source - the one Source to graph it all labels May 13, 2024
@eseliger eseliger force-pushed the es/04-21-gitservermoresophisticatedargumentbuilding branch 3 times, most recently from 6541dbc to 2624f11 Compare May 13, 2024 04:20
Base automatically changed from es/04-21-gitservermovespecargsafetycheckintogitlayer to main May 13, 2024 12:22
@eseliger eseliger force-pushed the es/04-21-gitservermoresophisticatedargumentbuilding branch from 2624f11 to f505870 Compare May 16, 2024 14:06
@eseliger
gitserver: More sophisticated argument building
9c3e846 
This PR aims to improve our command building and validation. Previously, every internal command would need to be added to the command allow list.

This meant that whatever we allow internal actors to do, we would also need to allow callers of exec to do, which exposes some risk.

This PR aims to clean up with that by marking certain arguments that we hard-code as safe, and verifies the other ones for safety.

Test plan:

E2E and integration tests are still passing, requesting review from security.
@eseliger eseliger force-pushed the es/04-21-gitservermoresophisticatedargumentbuilding branch from f505870 to 9c3e846 Compare May 16, 2024 14:07
@eseliger eseliger mentioned this pull request May 16, 2024
Closed
@eseliger eseliger closed this Sep 2, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

cla-signed team/product-platform team/source Tickets under the purview of Source - the one Source to graph it all

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@eseliger