sneak/upaas
1
0
Fork 0
Code Issues 21 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
dcdecafc61
upaas/internal
History
clawbot 867cdf01ab fix: add ownership verification on env var, label, volume, and port deletion 
Verify that the resource's AppID matches the URL path app ID before
allowing deletion. Without this check, any authenticated user could
delete resources belonging to any app by providing the target resource's
ID in the URL regardless of the app ID in the path (IDOR vulnerability).

Closes #19
2026-02-15 21:02:46 -08:00
..
config Add deployment improvements and UI enhancements 2025-12-30 15:05:26 +07:00
database fix: use hashed webhook secrets for constant-time comparison 2026-02-15 14:06:53 -08:00
docker Add build log file storage and download functionality 2026-01-01 06:08:00 -08:00
globals Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
handlers fix: add ownership verification on env var, label, volume, and port deletion 2026-02-15 21:02:46 -08:00
healthcheck Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
logger Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
middleware Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
models fix: use hashed webhook secrets for constant-time comparison 2026-02-15 14:06:53 -08:00
server fix: add ownership verification on env var, label, volume, and port deletion 2026-02-15 21:02:46 -08:00
service Merge pull request 'Set Secure flag on session cookie in production mode (closes #5)' (#10) from clawbot/upaas:fix/issue-5 into main 2026-02-16 05:58:22 +01:00
ssh Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00