Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unvalidated redirect vulnerability detection in Vert.x 4 #5381

Merged
merged 1 commit into from
Jun 20, 2023
Merged

Unvalidated redirect vulnerability detection in Vert.x 4 #5381

merged 1 commit into from
Jun 20, 2023

Conversation

jandro996
Copy link
Member

@jandro996 jandro996 commented Jun 14, 2023
edited
Loading

What Does This Do

  • Support header vulnerability detection Vertx-4.X (io.vertx.core.http.HttpServerResponse.putHeader instrumentation)
  • Vertx-4.X io.vertx.ext.web.impl.RoutingContextImpl.reroute instrumentation
  • Add new smoke-test module vertx-4.2

Motivation

  • Add unvalidated redirect vulnerability support for vertx-4.x

Additional Notes

@jandro996 jandro996 added tag: do not merge Do not merge changes tag: no release notes Changes to exclude from release notes comp: asm iast Application Security Management (IAST) labels Jun 14, 2023
@pr-commenter
Copy link

pr-commenter bot commented Jun 14, 2023
edited
Loading

Benchmarks

Parameters

Baseline Candidate
commit 1.16.0-SNAPSHOT~0226e41db3 1.16.0-SNAPSHOT~9f73fce0c9
config baseline candidate
See matching parameters
Baseline Candidate
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 22 cases.

@jandro996 jandro996 force-pushed the alejandro.gonzalez/unvalidated_redirect_vertx_from_master branch from 652be5d to 259ff74 Compare June 14, 2023 08:41
@jandro996 jandro996 force-pushed the alejandro.gonzalez/unvalidated_redirect_vertx_from_master branch 3 times, most recently from bc23838 to a7ba23f Compare June 15, 2023 12:29
@jandro996 jandro996 force-pushed the alejandro.gonzalez/unvalidated_redirect_vertx_40 branch 2 times, most recently from b24d234 to 98fce2d Compare June 15, 2023 12:44
Base automatically changed from alejandro.gonzalez/unvalidated_redirect_vertx_from_master to master June 15, 2023 15:55
@jandro996 jandro996 force-pushed the alejandro.gonzalez/unvalidated_redirect_vertx_40 branch from 24db773 to af9b603 Compare June 15, 2023 16:26
@smola smola changed the title Add vertx4 instrumentation Support header vulnerability detection in Vert.x 4 Jun 16, 2023
@smola smola removed the tag: no release notes Changes to exclude from release notes label Jun 16, 2023
jandro996
jandro996 commented Jun 16, 2023
View reviewed changes
...-tests/iast-util/src/testFixtures/groovy/datadog/smoketest/AbstractIastVertxSmokeTest.groovy Outdated
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@manuel-alvarez-alvarez what do you think about keep this functionality? I'm not sure if it will be useful in the future

@jandro996 jandro996 changed the title Support header vulnerability detection in Vert.x 4 Unvalidated redirect vulnerability detection in Vert.x 4 Jun 16, 2023
@jandro996 jandro996 marked this pull request as ready for review June 16, 2023 11:55
@jandro996 jandro996 requested a review from a team June 16, 2023 11:55
@jandro996 jandro996 requested a review from a team as a code owner June 16, 2023 11:55
@jandro996 jandro996 removed the tag: do not merge Do not merge changes label Jun 16, 2023
@jandro996 jandro996 force-pushed the alejandro.gonzalez/unvalidated_redirect_vertx_40 branch from 52bbe0a to 9f73fce Compare June 19, 2023 09:33
@jandro996 jandro996 merged commit f26d436 into master Jun 20, 2023
@jandro996 jandro996 deleted the alejandro.gonzalez/unvalidated_redirect_vertx_40 branch June 20, 2023 07:38
@github-actions github-actions bot added this to the 1.17.0 milestone Jun 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DDJavierSantos DDJavierSantos DDJavierSantos approved these changes

@manuel-alvarez-alvarez manuel-alvarez-alvarez manuel-alvarez-alvarez approved these changes

Assignees
No one assigned
Labels
comp: asm iast Application Security Management (IAST)
Projects
None yet
Milestone
1.17.0
Development

Successfully merging this pull request may close these issues.
4 participants
@jandro996 @manuel-alvarez-alvarez @DDJavierSantos @smola