whitelist/regex for remote resource URL requests
Reported by Greg Schueler | April 25th, 2011 @ 09:32 AM | in Rundeck 1.3 (closed)
"For example, an additional check should be made to prevent
rundeck from making requests to some random endpoint. Something
like: framework.properties.secure_domain.0=https://internal.host.network:
(regex or glob here)
framework.properties.secure_domain.1=file:///var/rundeck/* (regex
or glob here)
the above is nice to have considering the users are authenticated
before being able to make the call."
Comments and changes to this ticket
-
Greg Schueler April 25th, 2011 @ 11:48 AM
considering these properties to check:
in
project.properties: "project.resources.allowedURL.0-X"in
framework.properties: "framework.resources.allowedURL.0-X" -
Deleted User April 25th, 2011 @ 11:52 AM
I forgot about project.properties. That's probably the best place to put the project level restrictions.
-
-
Deleted User April 25th, 2011 @ 12:07 PM
Yeah, start in project.properties. Another ticket should be created for global override, which I kinda see framework.properties providing.
-
Greg Schueler April 25th, 2011 @ 12:28 PM
don't really need a separate ticket...if you want framework.props global
override it's easier as part of this ticket -
Deleted User April 25th, 2011 @ 12:45 PM
Framework.properties can be the override. Add a log message when project.properties rules are completely overridden by a more restrictive framework.properties rule.
-
Greg Schueler April 25th, 2011 @ 03:54 PM
if
project.resources.url== input url, then it is explicitly allowed.otherwise this logic is used:
F=framework.props
P=project.props
unset= no regexes set
pass=1 or more regexes match
fail=0 regexes matchP\F| unset | pass | fail unset| no | yes | no pass | yes | yes | no fail | no | no | noyes= allow URL
no= disallow URL -
Deleted User April 26th, 2011 @ 11:10 AM
- State changed from “new” to “resolved”
(from [07df1f4a3b2fae5c64878dfb9889077de4363bd3]) Support allowedURL regex properties for resource provider URLs [#260 state:resolved] https://github.com/dtolabs/rundeck/commit/07df1f4a3b2fae5c64878dfb9...
-
Deleted User April 26th, 2011 @ 11:10 AM
(from [b1c05e70e4d33285c7f4244606004daa20451bc1]) Add whitelist/regex for project/framework.properties provider URLs [#260 state:resolved] https://github.com/dtolabs/rundeck/commit/b1c05e70e4d33285c7f424460...
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
(DEPRECATED) Please use github issues for issue tracking at http://github.com/dtolabs/rundeck/issues
People watching this ticket
Greg Schueler
Referenced by
-
260
whitelist/regex for remote resource URL requests
(from [07df1f4a3b2fae5c64878dfb9889077de4363bd3])
Support...
-
260
whitelist/regex for remote resource URL requests
(from [b1c05e70e4d33285c7f4244606004daa20451bc1])
Add whi...