Page MenuHomePhabricator

Fix incorrect key handling in extended policy filtering
ClosedPublic

Authored by epriestley on Jan 11 2016, 12:44 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Dec 19, 3:47 PM
Unknown Object (File)
Thu, Dec 19, 12:51 PM
Unknown Object (File)
Sun, Dec 1, 1:54 AM
Unknown Object (File)
Sun, Dec 1, 1:46 AM
Unknown Object (File)
Sun, Dec 1, 1:46 AM
Unknown Object (File)
Sun, Dec 1, 1:46 AM
Unknown Object (File)
Sun, Dec 1, 1:28 AM
Unknown Object (File)
Wed, Nov 27, 2:29 PM
Subscribers
None

Details

Summary

Via HackerOne. The use of $key here should be $extended_key.

Exploiting this requires a very unusual group of objects to be subjected to extended policy checks. I believe there is no way to actually get anything bad through the policy filter today, but this could have been an issue in the future.

Test Plan
  • Added a unit test which snuck something through the policy filter.
  • Fixed use of $extended_key.
  • Test now passes.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley retitled this revision from to Fix incorrect key handling in extended policy filtering.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
  • Slightly more detailed comment.
chad edited edge metadata.
This revision is now accepted and ready to land.Jan 11 2016, 3:03 PM
This revision was automatically updated to reflect the committed changes.