Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize error output for prevent XSS security issues #2782

Merged
merged 2 commits into from
Oct 26, 2022
Merged

Sanitize error output for prevent XSS security issues #2782

merged 2 commits into from
Oct 26, 2022

Conversation

msaf1980
Copy link
Contributor

No description provided.

@msaf1980 msaf1980 marked this pull request as draft October 26, 2022 06:18
@msaf1980 msaf1980 force-pushed the fix_xss branch 3 times, most recently from 078096b to 5e5496d Compare October 26, 2022 07:00
@msaf1980 msaf1980 marked this pull request as ready for review October 26, 2022 07:35
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 26, 2022
View reviewed changes
webapp/graphite/errors.py Show resolved Hide resolved
@deniszh
Copy link
Member

deniszh commented Oct 26, 2022

Hi @msaf1980
Thanks for your patch! maybe you know, do we have issue for that xss? or it's new?

@msaf1980
Copy link
Contributor Author

msaf1980 commented Oct 26, 2022
edited
Loading

Hi @msaf1980 Thanks for your patch! maybe you know, do we have issue for that xss? or it's new?

As I think, It's fix all XSS raised from all Django requests handlers annotated with @handleInputParameterError (if exception is InputParameterError)
Work with #2779
And PR has tests for /metrics/find for check that this work.

@deniszh
Copy link
Member

deniszh commented Oct 26, 2022

Yes, looks like majority of issues. Nice fix! Will merge and check opened xss tickets against it.

@deniszh deniszh merged commit 9c62600 into graphite-project:master Oct 26, 2022
@deniszh deniszh mentioned this pull request Nov 6, 2022
Open
deniszh pushed a commit to deniszh/graphite-web that referenced this pull request Feb 19, 2023
@msaf1980 @deniszh
Sanitize error output for prevent XSS security issues (graphite-proje…
f58586a 
…ct#2782)

* tests for XSS

* sanitize error output for prevent XSS issues

(cherry picked from commit 9c62600)
@deniszh deniszh mentioned this pull request Feb 19, 2023
Merged
@deniszh
Copy link
Member

deniszh commented Feb 19, 2023

💚 All backports created successfully

Status Branch Result
1.1.x

Questions ?

Please refer to the Backport tool documentation

deniszh added a commit that referenced this pull request Feb 19, 2023
@deniszh
Merge pull request #2799 from deniszh/backport/1.1.x/pr-2782
eb2fe76 
[1.1.x] Sanitize error output for prevent XSS security issues (#2782)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deniszh deniszh deniszh left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@msaf1980 @deniszh