Page MenuHomePhabricator

Fix incorrect key handling in extended policy filtering
ClosedPublic

Authored by epriestley on Jan 11 2016, 12:44 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Dec 1, 1:54 AM
Unknown Object (File)
Sun, Dec 1, 1:46 AM
Unknown Object (File)
Sun, Dec 1, 1:46 AM
Unknown Object (File)
Sun, Dec 1, 1:46 AM
Unknown Object (File)
Sun, Dec 1, 1:28 AM
Unknown Object (File)
Wed, Nov 27, 2:29 PM
Unknown Object (File)
Nov 18 2024, 9:37 PM
Unknown Object (File)
Oct 19 2024, 9:46 PM
Subscribers
None

Details

Summary

Via HackerOne. The use of $key here should be $extended_key.

Exploiting this requires a very unusual group of objects to be subjected to extended policy checks. I believe there is no way to actually get anything bad through the policy filter today, but this could have been an issue in the future.

Test Plan
  • Added a unit test which snuck something through the policy filter.
  • Fixed use of $extended_key.
  • Test now passes.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley retitled this revision from to Fix incorrect key handling in extended policy filtering.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
  • Slightly more detailed comment.
chad edited edge metadata.
This revision is now accepted and ready to land.Jan 11 2016, 3:03 PM
This revision was automatically updated to reflect the committed changes.