upaas

History

clawbot 6475389280 test: add IDOR tests for resource deletion ownership verification Tests demonstrate that env vars, labels, volumes, and ports can be deleted via another app's URL path without ownership checks. All 4 tests fail, confirming the vulnerability described in #19.		2026-02-15 21:00:41 -08:00
..
config	Add deployment improvements and UI enhancements	2025-12-30 15:05:26 +07:00
database	fix: use hashed webhook secrets for constant-time comparison	2026-02-15 14:06:53 -08:00
docker	Add build log file storage and download functionality	2026-01-01 06:08:00 -08:00
globals	Initial commit with server startup infrastructure	2025-12-29 15:46:03 +07:00
handlers	test: add IDOR tests for resource deletion ownership verification	2026-02-15 21:00:41 -08:00
healthcheck	Initial commit with server startup infrastructure	2025-12-29 15:46:03 +07:00
logger	Initial commit with server startup infrastructure	2025-12-29 15:46:03 +07:00
middleware	Add CSRF protection to state-changing POST endpoints	2026-02-15 14:17:55 -08:00
models	fix: use hashed webhook secrets for constant-time comparison	2026-02-15 14:06:53 -08:00
server	test: add IDOR tests for resource deletion ownership verification	2026-02-15 21:00:41 -08:00
service	Merge pull request 'Set Secure flag on session cookie in production mode (closes #5 )' (#10 ) from clawbot/upaas:fix/issue-5 into main	2026-02-16 05:58:22 +01:00
ssh	Initial commit with server startup infrastructure	2025-12-29 15:46:03 +07:00