Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WW-5350 Implement OGNL Allowlist capability #781

Merged
merged 2 commits into from
Nov 14, 2023
Merged

Conversation

kusalk
Copy link
Member

@kusalk kusalk commented Nov 5, 2023

WW-5350

Implementation for strict OGNL allowlist feature. It is up to the application to determine which classes/packages need to be allowlisted. The exclusion list will still take precedence (classes on the exclusion list cannot be allowlisted).

I hope to clean this implementation up and both OgnlUtil and SecurityMemberAccess up as part of WW-5343.

@kusalk kusalk marked this pull request as draft November 5, 2023 12:41
Base automatically changed from WW-5350-allowlist to master November 12, 2023 08:56
@kusalk kusalk marked this pull request as ready for review November 12, 2023 09:02
@kusalk kusalk requested a review from lukaszlenart November 12, 2023 09:02
Copy link

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 2 Code Smells

77.9% 77.9% Coverage
0.0% 0.0% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

@lukaszlenart
Copy link
Member

It would be good to document this new future to more visible to the users. Could you also add a section about this new allow list here?

@kusalk
Copy link
Member Author

kusalk commented Nov 12, 2023

@lukaszlenart Yep I'll add something about the OgnlGuard too

@kusalk
Copy link
Member Author

kusalk commented Nov 14, 2023

@lukaszlenart Going to merge this - but I haven't forgotten about the documentation - I will throw up a PR covering all new capabilities as soon as I've finished #791 :)

@kusalk kusalk merged commit 9f45983 into master Nov 14, 2023
9 of 10 checks passed
@kusalk kusalk deleted the WW-5350-allowlist-2 branch November 14, 2023 13:39
copybara-service bot pushed a commit to google/bughunters that referenced this pull request Dec 10, 2024
copybara-service bot pushed a commit to google/bughunters that referenced this pull request Dec 10, 2024
copybara-service bot pushed a commit to google/bughunters that referenced this pull request Dec 11, 2024
copybara-service bot pushed a commit to google/bughunters that referenced this pull request Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants