Page MenuHomeSoftware Heritage
Create Task
Maniphest T4226

Restrict the query of /raw/(swhid)/ Web API endpoint to privileged users
Closed, MigratedEdits Locked
Actions

Description

That endpoint can leak sensible information about authors in the archive so it has been decided to
restrict its use to staff users and users with a specific permission.

Revisions and Commits

rDWAPPS Web applications
D7804rDWAPPSfdaaa3a24ca5 api/raw: Ensure to ignore display names in raw object endpoint
D7794rDWAPPS3fc9c9276cff api/raw: Restrict raw object endpoint use to privileged users
rSPSITE puppet-swh-site
D7818rSPSITE1f84dda70032 webapp: Add missing conf for swh_raw_object throttle scope
D7810rSPSITE7c6b34e62151 keycloak: Add swh.web.api.raw_object role

Related Objects

Event Timeline

anlambert triaged this task as Normal priority.May 9 2022, 5:05 PM
anlambert created this task.
anlambert mentioned this in D7794: api/raw: Restrict raw object endpoint use to privileged users.May 9 2022, 5:09 PM
anlambert added a revision: D7794: api/raw: Restrict raw object endpoint use to privileged users.May 9 2022, 5:52 PM
anlambert added a commit: rDWAPPS3fc9c9276cff: api/raw: Restrict raw object endpoint use to privileged users.May 10 2022, 2:20 PM
anlambert added a revision: D7804: api/raw: Ensure to ignore display names in raw object endpoint.May 10 2022, 3:31 PM
anlambert added a commit: rDWAPPSfdaaa3a24ca5: api/raw: Ensure to ignore display names in raw object endpoint.May 11 2022, 10:52 AM
anlambert added a revision: D7810: keycloak: Add swh.web.api.raw_object role.May 11 2022, 10:55 AM
anlambert added a commit: rSPSITE7c6b34e62151: keycloak: Add swh.web.api.raw_object role.May 11 2022, 1:44 PM
anlambert added a revision: D7818: webapp: Add missing conf for swh_raw_object throttle scope.May 12 2022, 1:56 PM
anlambert added a commit: rSPSITE1f84dda70032: webapp: Add missing conf for swh_raw_object throttle scope.May 12 2022, 1:59 PM
anlambert closed this task as Resolved.May 16 2022, 10:55 AM
anlambert claimed this task.

This has been implemented and deployed.

gitlab-migration changed the task status from Resolved to Migrated.Jan 8 2023, 4:36 PM
gitlab-migration claimed this task.
gitlab-migration added a subscriber: gitlab-migration.

This task has been migrated to GitLab.

About · Developer information · Legal