Add Privacy Request Input Sanitization #2655
Conversation
Passing run #813 ↗︎
Details:
This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. |
||||||||||||||||||||
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## main #2655 +/- ##
==========================================
+ Coverage 86.53% 86.73% +0.20%
==========================================
Files 291 295 +4
Lines 16488 16753 +265
Branches 2118 2145 +27
==========================================
+ Hits 14268 14531 +263
Misses 1819 1819
- Partials 401 403 +2
... and 23 files with indirect coverage changes Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report in Codecov by Sentry. |
|
@RobertKeyser @daveqnet would you mind giving me some examples here of clearly dangerous/invalid user input so I can use them for test cases? I trust y'all here as the experts 😄 thank you! |
Hmmm, it's a tricky one, as what constitutes dangerous input depends on what the input is being used for. Does the guidance here help: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/ ? I'll also try to provide you a few examples of some real injection vulnerabilities from non-fides penetration tests to help. |
There was a problem hiding this comment.
Couple comments. But there's lots of other APIs to consider - here are a couple examples:
User.username,User.first_name,User.last_nameSystem.name,System.description(plusDataset,DataCategory... allResourcemodels)Organizationhas many string fields (name,description,controller.name...)- ...?
src/fides/api/ops/schemas/connection_configuration/connection_secrets_email.py
Show resolved
Hide resolved
|
If you're just looking for a list of our API endpoints that accept strings in the request body, I'd assume the majority do, too many to just list here. Most of the ops schemas are here: If you're just trying to make a list to work from, you might write a script that goes through the contents of http://localhost:8080/openapi.json, for each request looks for the |
|
based on the feedback here, it sounds like the safest way to go about things here is to update every string to use Additionally, logging around when values get truncated would be helpful for debugging |
|
@ThomasLaPiana I know the unsafe tests aren't being run in Github but let's make sure we run those to make sure we don't break any connector integrations with this change. |
ThomasLaPiana
changed the title
|
quick update: I can't test the specific fixes I made because I'm not sure how to use the local test env. It now requires privacy request configurations. Will message in slack and try to get this sorted an update to the update: Adam got me pointed in the right direction, I wasn't leveraging the special |
ThomasLaPiana
added
the
run unsafe ci checks
|
Both security issues confirmed closed. Cleaning up now and merging |
|
Patch coverage is lacking but overall coverage is up, we're calling this one a win 🙃 Failing tests are known-failing, considering this good to merge |
ThomasLaPiana
deleted the
ThomasLaPiana-add-user-validation-sanitization
branch
Closes https://github.com/ethyca/security-issues/issues/3
Closes https://github.com/ethyca/security-issues/issues/4
Code Changes
PhoneNumberclass with validation that can be reused across the applicationEmailStrinstead ofstrSafeStrclass that sanitizes input valuesSafeStrin place ofstrSteps to Confirm
Pre-Merge Checklist
CHANGELOG.mdDescription Of Changes
This PR adds new custom types designed to improve automatic validation and sanitization of user input data. It also applies these new custom types to the privacy request endpoints to remediate the above-linked issues