Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change middleware registration order #2796

Merged
merged 8 commits into from
Feb 19, 2024
Merged

Change middleware registration order #2796

merged 8 commits into from
Feb 19, 2024

Conversation

PatStLouis
Copy link
Contributor

This addresses issue #2666. The validation middlewares were registered before the authorization middlewares resulting in unauthorized requests executing the validation code in the application. This leads to a security flaw as validation libraries could be exploited and could be considered a form remote code injection.

The fix is simple and results on authorization checks happening before request validations.

@esune @amanji please review these changes and let me know what you think!

@PatStLouis
change middleware registration order
6401d8c 
Signed-off-by: PatStLouis <[email protected]>
@PatStLouis
lint me alone!
5f4858a 
Signed-off-by: PatStLouis <[email protected]>
@PatStLouis
shorten comment
2f92b4d 
Signed-off-by: PatStLouis <[email protected]>
@PatStLouis
linting again...
9a3ec90 
Signed-off-by: PatStLouis <[email protected]>
@swcurran
Copy link
Contributor

Please update for base branch. Good if you can change it so I can do that. Not sure why I can’t with your PRs.

@swcurran swcurran requested review from esune and jamshale February 17, 2024 00:47
@swcurran
Copy link
Contributor

Adding reviewers @jamshale and @esune

@swcurran
Copy link
Contributor

@PatStLouis —need another base update and we can merge this.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@swcurran swcurran merged commit adc5c67 into openwallet-foundation:main Feb 19, 2024
8 checks passed
@swcurran swcurran mentioned this pull request Feb 22, 2024
Closed
@PatStLouis PatStLouis deleted the pstlouis/change-validation-middleware-order branch May 27, 2024 00:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jamshale jamshale jamshale approved these changes

@esune esune Awaiting requested review from esune

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@PatStLouis @swcurran @jamshale