Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rest(xss): Prevent stored XSS #2833

Merged
merged 1 commit into from
Jan 12, 2025
Merged

rest(xss): Prevent stored XSS #2833

merged 1 commit into from
Jan 12, 2025

Conversation

smrutis1
Copy link
Contributor

Please provide a summary of your changes here.

  • Which issue is this pull request belonging to and how is it solving it? (Refer to issue here)
  • Did you add or update any new dependencies that are required for your change?

This PR is to sanitize JSON and request parameters, headers containing potential malicious texts such as <img/src/onerror = alert(1)> and store it as &lt;img/src/onerror=alert(1)&gt; in database.

Issue:

Suggest Reviewer

@GMishx @heliocastro @hoangnt2

How To Test?

How should these changes be tested by the reviewer?
Have you implemented any additional tests?

Checklist

Must:

  • All related issues are referenced in commit messages and in PR

@smrutis1 smrutis1 added needs code review needs general test This is general testing, meaning that there is no org specific issue to check for labels Dec 18, 2024
@smrutis1 smrutis1 force-pushed the fix/XSS branch 2 times, most recently from b450b74 to 2718dd2 Compare December 18, 2024 08:36
@smrutis1 smrutis1 added the WIP work in progress label Dec 19, 2024
GMishx
GMishx requested changes Dec 20, 2024
View reviewed changes
Copy link
Member

@GMishx GMishx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor change, rest looks good.

rest/rest-common/pom.xml Outdated Show resolved Hide resolved
@GMishx
Copy link
Member

GMishx commented Dec 20, 2024

As discussed, please open relevant issue in frontend project.

@smrutis1 smrutis1 mentioned this pull request Dec 20, 2024
Open
@smrutis1
fix(rest): Prevent stored XSS
f30c2ea 
Signed-off-by: Smruti Prakash Sahoo <[email protected]>
@smrutis1 smrutis1 removed the WIP work in progress label Jan 7, 2025
GMishx
GMishx approved these changes Jan 8, 2025
View reviewed changes
Copy link
Member

@GMishx GMishx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes looks good.

@heliocastro heliocastro merged commit 6ba3bf6 into eclipse-sw360:main Jan 12, 2025
3 checks passed
heliocastro
heliocastro reviewed Jan 12, 2025
View reviewed changes
Copy link
Contributor

@heliocastro heliocastro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you

@GMishx GMishx deleted the fix/XSS branch January 13, 2025 09:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@heliocastro heliocastro heliocastro left review comments

@GMishx GMishx GMishx approved these changes

@KoukiHama KoukiHama Awaiting requested review from KoukiHama KoukiHama is a code owner

@arunazhakesan arunazhakesan Awaiting requested review from arunazhakesan arunazhakesan is a code owner

@ag4ums ag4ums Awaiting requested review from ag4ums ag4ums is a code owner

Assignees
No one assigned
Labels
needs general test This is general testing, meaning that there is no org specific issue to check for
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@smrutis1 @GMishx @heliocastro