sneak/upaas
1
0
Fork 0
Code Issues 21 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
6475389280
upaas/internal/handlers
History
clawbot 6475389280 test: add IDOR tests for resource deletion ownership verification 
Tests demonstrate that env vars, labels, volumes, and ports can be
deleted via another app's URL path without ownership checks.

All 4 tests fail, confirming the vulnerability described in #19.
2026-02-15 21:00:41 -08:00
..
app.go Merge pull request 'Clean up Docker container when deleting an app (closes #2)' (#7) from clawbot/upaas:fix/issue-2 into main 2026-02-16 05:56:56 +01:00
auth.go Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
dashboard.go Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
handlers_test.go test: add IDOR tests for resource deletion ownership verification 2026-02-15 21:00:41 -08:00
handlers.go Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
healthcheck.go Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
setup.go Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
webhook.go fix: limit webhook request body size to 1MB to prevent DoS (closes #1) 2026-02-08 12:02:06 -08:00