Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can BPN validation be bypassed? #307

Closed
SebastianOpriel opened this issue May 4, 2023 · 0 comments
Closed

Can BPN validation be bypassed? #307

SebastianOpriel opened this issue May 4, 2023 · 0 comments
Labels
bug Something isn't working

Comments

@SebastianOpriel
Copy link

Describe the bug

I would like to know if BPN validation can be bypassed if Catena-X portal does not check Connector URLs of onboarded connectors (need to admit, not being too deep into BPN details yet). Thus, how this risk is mitigated currently?

Potential vector

  1. You will need a BPN of a connector, which you want to mimic referred to "BPN_OF_INTEREST".
  2. Create a connector for URL https://{{BPN_OF_INTEREST}}.yourdomain.com/[...]/OWN_BPN
  3. Register connector in CX portal
  4. Try to negotiate a contract with a data offering which has BPN validation active

Expected behavior

Not being able to negotiate a contract

Possible Implementation to mitigate risk

use endswith instead of contains
@SebastianOpriel SebastianOpriel added the bug Something isn't working label May 4, 2023
@eclipse-tractusx eclipse-tractusx locked and limited conversation to collaborators Jun 22, 2023
@paullatzelsperger paullatzelsperger converted this issue into discussion #521 Jun 22, 2023

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@SebastianOpriel