sneak/upaas
1
0
Fork 0
Code Issues 21 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
13d5467177
upaas/internal
History
clawbot 13d5467177 fix: add ownership verification on env var, label, volume, and port deletion 
Verify that the resource's AppID matches the URL path app ID before
allowing deletion. Without this check, any authenticated user could
delete resources belonging to any app by providing the target resource's
ID in the URL regardless of the app ID in the path (IDOR vulnerability).

Closes #19
2026-02-15 20:52:59 -08:00
..
config Add deployment improvements and UI enhancements 2025-12-30 15:05:26 +07:00
database Add commit URL to Slack notifications with link and backtick formatting 2025-12-31 16:29:22 -08:00
docker Add build log file storage and download functionality 2026-01-01 06:08:00 -08:00
globals Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
handlers fix: add ownership verification on env var, label, volume, and port deletion 2026-02-15 20:52:59 -08:00
healthcheck Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
logger Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
middleware Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
models Add commit URL to Slack notifications with link and backtick formatting 2025-12-31 16:29:22 -08:00
server Add build log file storage and download functionality 2026-01-01 06:08:00 -08:00
service Fix app status not updated when deployment fails or service restarts 2026-01-01 06:59:03 -08:00
ssh Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00