Split archive browsing and administration/moderation
Closed, MigratedEdits Locked
Actions

Assigned To

Authored By

	vlorentz
	May 11 2022, 11:19 AM

Description

Along with T3951, I think there needs to be another split of swh-web: currently, it is used for both:

browsing (highly-untrusted) content of the archive
administrative stuff (save code now, add-forge ticketing, deposit, mailmaps)

This means XSS vulnerabilities in the former can grant attackers access to the latter, because they are on the same domain (shared cookies and sessions).

T4028 would make it harder to exploit this kind, but it is still a large attack surface.

See D7323 and D1322 for examples of such vulnerabilities, which would have had negligeable impact if privileged UIs were on a separate subdomain.
(Note that, of course, issues like D1433 and D7454 would not be mitigated by this; because they happen within administrative UIs)

Related Objects

Mentioned Here: D1322: fix XSS vulnerability in readme rendering for txt, md
D7454: Save Forge Now: Fix XSS in request list
T3951: Split the code of the public API from the frontent code in swh-web
T4028: Define and add a CSP to the web app

Event Timeline

vlorentz triaged this task as Normal priority.May 11 2022, 11:19 AM

vlorentz created this task.

vlorentz removed a parent task: T3949: Refactor swh.web.

vlorentz updated the task description. (Show Details)

This task has been migrated to GitLab.

Split archive browsing and administration/moderationClosed, MigratedEdits LockedActions

Description

Related Objects

Event Timeline

Split archive browsing and administration/moderation
Closed, MigratedEdits Locked
Actions