sneak/upaas
1
0
Fork 0
Code Issues 21 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
0f3e99f7cc
upaas/internal
History
clawbot 0f3e99f7cc test: add IDOR tests for resource deletion ownership verification 
Tests demonstrate that env vars, labels, volumes, and ports can be
deleted via another app's URL path without ownership checks.

All 4 tests fail, confirming the vulnerability described in #19.
2026-02-15 20:52:19 -08:00
..
config Add deployment improvements and UI enhancements 2025-12-30 15:05:26 +07:00
database Add commit URL to Slack notifications with link and backtick formatting 2025-12-31 16:29:22 -08:00
docker Add build log file storage and download functionality 2026-01-01 06:08:00 -08:00
globals Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
handlers test: add IDOR tests for resource deletion ownership verification 2026-02-15 20:52:19 -08:00
healthcheck Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
logger Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
middleware Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
models Add commit URL to Slack notifications with link and backtick formatting 2025-12-31 16:29:22 -08:00
server Add build log file storage and download functionality 2026-01-01 06:08:00 -08:00
service Fix app status not updated when deployment fails or service restarts 2026-01-01 06:59:03 -08:00
ssh Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00