Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

fix: cherry-pick verify rbac permission in web terminal - 2.12 #19330

Merged
merged 2 commits into from
Jul 31, 2024
Merged

fix: cherry-pick verify rbac permission in web terminal - 2.12 #19330

merged 2 commits into from
Jul 31, 2024

Conversation

pasha-codefresh
Copy link
Member

No description provided.

@pasha-codefresh
Merge commit from fork
09e9a0a 
* feat: verify rbac on each message and not just during handshake

Signed-off-by: pashakostohrys <pavel@codefresh.io>

* cover with tests

Signed-off-by: pashakostohrys <pavel@codefresh.io>

* fix: linter and e2e tests

Signed-off-by: pashakostohrys <pavel@codefresh.io>

* fix: linter and e2e tests

Signed-off-by: pashakostohrys <pavel@codefresh.io>

---------

Signed-off-by: pashakostohrys <pavel@codefresh.io>
(cherry picked from commit e36248c)
@pasha-codefresh pasha-codefresh requested a review from a team as a code owner July 31, 2024 20:36
ishitasequeira
ishitasequeira reviewed Jul 31, 2024
View reviewed changes
Copy link
Member

@ishitasequeira ishitasequeira left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pasha-codefresh can you link the original PR?

@pasha-codefresh
Copy link
Member Author

@ishitasequeira it was part of CVE , i cant find it in the list. Looks like it was deleted

@pasha-codefresh
Copy link
Member Author

This is GHSA
GHSA-v8wx-v5jq-qhhw

@codecov Codecov
Copy link

codecov bot commented Jul 31, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 37.50000% with 15 lines in your changes missing coverage. Please review.

Project coverage is 50.33%. Comparing base (004cabb) to head (dd38043).
Report is 44 commits behind head on release-2.12.

Files with missing lines Patch % Lines
server/application/websocket.go 39.13% 12 Missing and 2 partials ⚠️
server/application/terminal.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@              Coverage Diff              @@
##           release-2.12   #19330   +/-   ##
=============================================
  Coverage         50.32%   50.33%           
=============================================
  Files               312      312           
  Lines             43097    43119   +22     
=============================================
+ Hits              21689    21704   +15     
- Misses            18920    18931   +11     
+ Partials           2488     2484    -4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@pasha-codefresh pasha-codefresh merged commit d6c37aa into argoproj:release-2.12 Jul 31, 2024
22 of 24 checks passed
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@ishitasequeira ishitasequeira ishitasequeira approved these changes

@crenshaw-dev crenshaw-dev crenshaw-dev approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pasha-codefresh @crenshaw-dev @ishitasequeira