Skip to content

Develop #152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
thekevinm wants to merge 13 commits into
base: master
Choose a base branch
from
Open

Develop #152

thekevinm wants to merge 13 commits into from

Conversation

@thekevinm
Copy link
Contributor

@thekevinm thekevinm commented Jan 15, 2026

No description provided.

nicdavidson and others added 13 commits April 1, 2025 14:28
@nicdavidson
adding validation for priv key files
ba09317
@codyllord
add functionality to filter services seen by non-admin users based on…
e109190 
… their assigned roles and permissions
@nicdavidson @claude
fix: Resolve critical SQL injection vulnerability in RBAC service fil…
1bbae74 
…tering

- Replace string concatenation with parameterized queries in Service::selectByRequest()
- Add input validation for service IDs (numeric check and type casting)
- Prevent SQL injection attacks in role-based access control filtering
- Maintain backward compatibility while securing database queries

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@codyllord @claude
fix: Add server-side input validation and sanitization for service la…
213b5d3 
…bels

Implements security fix for Stored XSS vulnerability in Services tab.

Changes:
- Add validation rules for label (max 80 chars) and description (max 255 chars)
- Add setLabelAttribute() mutator to strip HTML tags from labels
- Add setDescriptionAttribute() mutator to strip HTML tags from descriptions

This prevents malicious JavaScript injection in service label and description
fields, addressing the XSS vulnerability identified in security audit.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@thekevinm
50 API Snowflake limit for marketplace
8d56ee0
@codyllord
fix security vulnerability regarding PTT-2025-032
2414566
@thekevinm
Merge pull request #150 from dreamfactorysoftware/PTT-2025-032
51ad7b6 
Ptt 2025 032
@thekevinm
cleaned up http/rws connector support with curl
48e106a
@thekevinm
Merge pull request #151 from dreamfactorysoftware/http-connector
bdc2a8b 
Http connector
@thekevinm
Merge pull request #137 from dreamfactorysoftware/priv-key-fix
5686b6f 
adding validation for priv key files
@thekevinm
Merge pull request #144 from dreamfactorysoftware/ui-filter-by-role
ecfe7bc 
API Docs UI filter by role
@thekevinm
Merge pull request #147 from dreamfactorysoftware/xss-field-validation
9e815ee 
Xss field validation
@thekevinm
Revert "50 API Snowflake limit for marketplace"
cbc6faa 
This reverts commit 8d56ee0.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@thekevinm @nicdavidson @codyllord