Page MenuHomePhabricator

Fix incorrect key handling in extended policy filtering
ClosedPublic

Authored by epriestley on Jan 11 2016, 12:44 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Dec 19, 3:47 PM
Unknown Object (File)
Thu, Dec 19, 12:51 PM
Unknown Object (File)
Sun, Dec 1, 1:54 AM
Unknown Object (File)
Sun, Dec 1, 1:46 AM
Unknown Object (File)
Sun, Dec 1, 1:46 AM
Unknown Object (File)
Sun, Dec 1, 1:46 AM
Unknown Object (File)
Sun, Dec 1, 1:28 AM
Unknown Object (File)
Wed, Nov 27, 2:29 PM
Subscribers
None

Details

Summary

Via HackerOne. The use of $key here should be $extended_key.

Exploiting this requires a very unusual group of objects to be subjected to extended policy checks. I believe there is no way to actually get anything bad through the policy filter today, but this could have been an issue in the future.

Test Plan
  • Added a unit test which snuck something through the policy filter.
  • Fixed use of $extended_key.
  • Test now passes.

Diff Detail

Repository
rP Phabricator
Branch
pfilter1
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 10048
Build 12160: Run Core Tests
Build 12159: arc lint + arc unit

Event Timeline

epriestley retitled this revision from to Fix incorrect key handling in extended policy filtering.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
  • Slightly more detailed comment.
chad edited edge metadata.
This revision is now accepted and ready to land.Jan 11 2016, 3:03 PM
This revision was automatically updated to reflect the committed changes.