github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-01-18 11:02:46 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
8cade1e825
discourse/spec
History
Daniel Waterworth 8cade1e825
SECURITY: Prevent large staff actions causing DoS 
This commit operates at three levels of abstraction:

 1. We want to prevent user history rows from being unbounded in size.
    This commit adds rails validations to limit the sizes of columns on
    user_histories,

 2. However, we don't want to prevent certain actions from being
    completed if these columns are too long. In those cases, we truncate
    the values that are given and store the truncated versions,

 3. For endpoints that perform staff actions, we can further control
    what is permitted by explicitly validating the params that are given
    before attempting the action,
2024-03-15 14:24:04 +08:00
..
fabricators DEV: Fix random typos (#25957) 2024-02-29 12:24:37 +01:00
fixtures DEV: Support description for properties in objects schema (#26172) 2024-03-15 07:47:42 +08:00
generator DEV: Improve site setting rename generator (#25354) 2024-01-25 10:45:46 +10:00
helpers PERF: omit HTML view from sessions by logged on users. (#26170) 2024-03-14 15:48:29 +11:00
import_export DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
initializers DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
integration FEATURE: Enable strict-dynamic Content-Security-Policy by default (#26051) 2024-03-07 15:20:31 +00:00
integrity Enable Embroider/Webpack code spliting for Wizard (#24919) 2023-12-20 13:15:06 +00:00
jobs DEV: Fix broken RunProblemCheck spec (#26074) 2024-03-07 13:31:59 +08:00
lib FIX: correctly strip unneeded csp directives under strict-dynamic (#26180) 2024-03-14 18:50:09 +00:00
mailers DEV: Update rubocop-discourse to latest version 2024-03-04 15:08:35 +01:00
migrations DEV: Switch over category settings to new table - Part 3 (#20657) 2023-09-12 09:51:49 +08:00
models SECURITY: Don't disclose the existence of secret subcategories 2024-03-15 14:23:55 +08:00
multisite DEV: Add S3 upload system specs using minio (#22975) 2023-08-23 11:18:33 +10:00
requests SECURITY: Prevent large staff actions causing DoS 2024-03-15 14:24:04 +08:00
script/import_scripts DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
serializers DEV: Support description for properties in objects schema (#26172) 2024-03-15 07:47:42 +08:00
services SECURITY: Prevent large staff actions causing DoS 2024-03-15 14:24:04 +08:00
support DEV: Move non scheduled problem checks to classes (#26122) 2024-03-14 10:55:01 +08:00
system DEV: Support description for properties in objects schema (#26172) 2024-03-15 07:47:42 +08:00
tasks DEV: Introduce rake task to validate discourse-compatibility file (#26158) 2024-03-13 13:57:41 +00:00
views FIX: Use subfolder-safe url for category in html view (#24595) 2023-11-28 19:08:14 +08:00
rails_helper.rb DEV: Use freeze_time_safe in more places (#25949) 2024-03-01 10:07:35 +10:00
regenerate_swagger_docs
swagger_helper.rb DEV: Bump rswag-specs from 2.11.0 to 2.13.0 (#24654) 2023-12-07 08:16:47 +08:00