sneak/upaas
1
0
Fork 0
Code Issues 21 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
13d5467177
upaas/internal/handlers
History
clawbot 13d5467177 fix: add ownership verification on env var, label, volume, and port deletion 
Verify that the resource's AppID matches the URL path app ID before
allowing deletion. Without this check, any authenticated user could
delete resources belonging to any app by providing the target resource's
ID in the URL regardless of the app ID in the path (IDOR vulnerability).

Closes #19
2026-02-15 20:52:59 -08:00
..
app.go fix: add ownership verification on env var, label, volume, and port deletion 2026-02-15 20:52:59 -08:00
auth.go Add deployment improvements and UI enhancements 2025-12-30 15:05:26 +07:00
dashboard.go Add real-time deployment updates and refactor JavaScript 2026-01-01 05:22:56 +07:00
handlers_test.go test: add IDOR tests for resource deletion ownership verification 2026-02-15 20:52:19 -08:00
handlers.go Add deployment improvements and UI enhancements 2025-12-30 15:05:26 +07:00
healthcheck.go Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
setup.go Add deployment improvements and UI enhancements 2025-12-30 15:05:26 +07:00
webhook.go Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00