-
Notifications
You must be signed in to change notification settings - Fork 642
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Enhancement] Validate the Url parameter in Http Subscriber #758
Labels
enhancement
New feature or request
Milestone
Comments
jinrongluo
added a commit
to jinrongluo/incubator-eventmesh
that referenced
this issue
Feb 7, 2022
jinrongluo
added a commit
to jinrongluo/incubator-eventmesh
that referenced
this issue
Feb 7, 2022
jinrongluo
added a commit
to jinrongluo/incubator-eventmesh
that referenced
this issue
Feb 7, 2022
jinrongluo
added a commit
to jinrongluo/incubator-eventmesh
that referenced
this issue
Feb 8, 2022
xwm1992
added a commit
that referenced
this issue
Apr 7, 2022
* update project version to 1.3.0-RELEASE * Delete gradle/wrapper directory * update docs * update Dockerfile and build.gradle * update build.gradle * update Dockerfile path * Update .asf.yaml disabled protected branch (cherry picked from commit 4b60e37) * Update .asf.yaml (cherry picked from commit a051d06) * [Infra] trigger branch protection change (cherry picked from commit d9a9a5b) * [Infra] retrigger .asf.yaml protections (cherry picked from commit 8e5a196) * update some docs Signed-off-by: qqeasonchen <qqeasonchen@gmail.com> (cherry picked from commit faf1fc1) * update Dockerfile path (cherry picked from commit 2790b78) * Update java sdk docs (#663) (cherry picked from commit 56b665b) * Add files via upload add pluggable-protocols.png (cherry picked from commit ce62aa0) * [Infra] retrigger .asf.yaml protections (cherry picked from commit 8e5a196) * Update .asf.yaml make the master branch under the protected * [ISSUE #670] fix checkstyle check fail (#680) fix checkstyle check fail * [MINOR] Fixed redundant boxing operations (#684) * [MINOR] new Runnable() can be replaced with lambda (#685) * gradle * Anonymous new Runnable() can be replaced with lambda * Anonymous new Runnable() can be replaced with lambda * add logger print exception * [MINOR] ConfigurationWrapper class adds thread pool shutdown (#683) * gradle * ConfigurationWrapper class adds thread pool shutdown * [ISSUE #677] Translate readme files from English to Chinese (#678) * translate English to Chinese close #677 * [ISSUE #405]update cloudevents examples (#688) [Minor #405] update cloudevents examples * Bump gradle version to 7.3.3 Support Java17 build * [ISSUE #690]Remove extra code style check job in CI (#691) Close ISSUE #690. * Update intro.md (#693) * Add files via upload (#694) * [ISSUE #692]Change the default merge strategy to squash (#695) * Change the default merge strategy to squash close #692 * [ISSUE #673] update eventmesh-runtime-quickstart-with-docker.md en & cn (#698) * update eventmesh-runtime-quickstart-with-docker.md en & cn close #673 * [MINOR] Change Tar and Zip name (#699) * [Issue #702] Fix Slack Join link (#705) close #702 * Updated Notice file to 2022 (#704) * add instruction docs of trace and metrics in eventmesh (#706) * [ISSUE #405]Fix args typo in examples (#707) fixed #405 * [ISSUE #696] Add metrics plugin (#709) 1. Add Metrics plugin module 2. Implement opentelemetry metrics module related issue #696 * [ISSUE #713] Fix trace bug (#712) * add docs * change default spanExporter to span * [Issue #533] Adding design doc for EventMesh Workflow * [Issue #553] Adding design doc for EventMesh Workflow (#714) * [Issue #553] update the design doc. * small updates to doc Signed-off-by: Tihomir Surdilovic <tihomir@temporal.io> * small update Signed-off-by: Tihomir Surdilovic <tihomir@temporal.io> * adding asyncapi type to event defs Signed-off-by: Tihomir Surdilovic <tihomir@temporal.io> * Remove unnecessary call toString (#719) * [Issue #553] add workflow diagram to the design doc * Update intro.md (#722) * Update roadmap.md (#721) * Missed exception cause (#724) close #727 * [ISSUE #726] Remove the misleading annotation (#725) close #726 * [ISSUE #729] Bump netty version (#730) * Bump netty version close #729 * [ISSUE #732] Binary package failed to execute (#733) close #732 * [Issue #735] log4j 2.17.1 (#736) * log4j 2.17.1 * Update known-dependencies.txt * Update LICENSE * fix item mislabeled as MIT when they are ASL * fix log4j urls https://logging.apache.org/log4j/2.x/log4j-slf4j-impl/license.html * [MINOR] Remove the unnecessary boxing (#731) * Use archiveBaseName and archiveVersion to optimize gradle zip task (#728) * Add environment and version selector in bug_report.yml (#734) * Fix bug report template (#741) * add eventmesh-admin-rocketmq into rootProject * [ISSUE #737] Add Netty license (#738) close #737 * [Issue #750] junit should only be used in tests (#751) * junit should only be used in tests add back assertj revert assertj changes build issues centralise junit dependency Update build.gradle * junit 4.12 has a CVE close #750 * [Issue #752] upgrade httpclient (#753) * upgrade httpclient * commons-codec transitive dependency upgrade close #752 * [Issue-754] upgrade guava (#757) * upgrade guava * [Issue #758] validate subscriber Url (#759) * [Issue #758] validate subscriber Url * [Issue #758] fix build issue * [Issue #758] fix checkstyle issue * [Issue #758] fix license check issue close #758 * [Issue #655] Adding send message constraints for message size and batch size (#760) * [Issue #655] Adding send message constraints for message size and batch size * [MINOR] Fix plugin cannot load properties from classpath (#763) * [MINOR] Fix plugin cannot load properties from classpath * Fix callback warning * [MINOR] Remove unused field in example (#766) * [MINOR] Allow run script in other directory (#765) * [MINOR] Fix the hardcode ip address (#767) * [Issue #768] fix issue in update HTTP subscriber (#769) * [Issue #768] fix issue in update HTTP subscriber * [Issue #769] use Serialization to deep clone object and adding equals method to SubscriptionItem * [Issue #768] fix build checkstyle issue close #768 * update checkstyle.xml (#773) add suppresswarnings filter * Rebase the grpc branch to master branch (#771) * [Issue #417] Grpc Transport Protocol support (#710) Grpc Transport Protocol support * [Issue #417] Create getting started instructions for Grpc transport procotol * [Issue #417] update Grpc Message Model name to SimpleMessage * [Issue #417] more update Grpc Message Model name to SimpleMessage * [Issue #718] Fix readme file and protobuf file based on review comments * [Issue #745] fix the ack bugs and cloudevent message resolver * [Issue #744] update SDK API message model * [Issue #744] fix the gRPC Consumer SubscribeStream Message handler * [Issue #744] Grpc Request-Reply API support * [Issue #744] Bug fix for Grpc Request-Reply API support * [Issue #744] minor fix for Grpc request-Reply API * [Issue #744] fix infinte message loop in Grpc CloudEvent request-Reply API * [Issue #744] Fix Grpc subscribe-unsubscribe bug * [Issue #744] Fix Data models in Grpc Request-Reply API * [Issue #744] Code optimization for Grpc Request-Reply API * [Issue #417] support Grpc broadcast async publish * [Issue #718] add synchronized calls for grpc streamObserver * supply apache header * add checkstyle ignore for grpc * fix checkstyle error * fix javax.annotation.generated compile error * fix javax.annotation.generated compile error * supply dependencies licenses * update known-dependencies.txt * update known-dependencies.txt Co-authored-by: jinrongluo <kapoking@gmail.com> * [Issue #774] Optimize the object property description of eventmesh client (#775) * modify: add group field in UserAgent, delete ProducerGroup and ConsumerGroup field * modify: fix checksyle error * modify: fix checksyle error in ClientGroupWrapper.java close #774 * Update roadmap.md (#779) * [Issue #780] Modify the define level of EventListener from Topic to Consumer (#781) * modify: add group field in UserAgent, delete ProducerGroup and ConsumerGroup field * modify: fix checksyle error * modify: fix checksyle error in ClientGroupWrapper.java * modify: move EventListner in the level of Consumer instead of binding with topic in EventMesh * modify: fix the eventListener level problem in grpc protocal * modify: fix the eventListener problem in test case close #780 * [ISSUE #786] remove eventmesh-sdk-java model redundant code (#789) Co-authored-by: lucky-lsr <hacker_lsr@126.com> close #786 * Update roadmap.md (#791) * [ISSUE #783] clean useless code in runtime module (#787) * [ISSUE #783] clean useless code in runtime module * format code close #783 * [ISSUE #696] Add trace plugin (#749) * add docs * add trace plugin * fix ConfigurationWrapperTest error * fix checkstyle * fix checkstyle * [ISSUE #784] Fix words misspell, optimize admin http method code (#792) close #784 * [Issue #658] Eventmesh Http Support CloudEvents Webhook spec (#772) * [Issue #658] support CloudEvents Webhook spec * [Issue #658] create auth-http-basic security module * [Issue #658] create auth-http-basic security module * [Issue #658] code refactor for CloudEvents Webhook * [Issue #658] fix build checkstyles * [Issue #658] fix javadoc build issue * [Issue #658] fix javadoc build issue in eventmesh-security-auth-http-basic * [Issue #658] adding more log to the WebhookUtil * [Issue #658] address PR review comments. * [Issue #658] fixed checkstyles issue Co-authored-by: mike_xwm <mike_xwm@126.com> * [ISSUE #782] delete invalid code in eventmesh-connector-plugin module (#793) * [ISSUE #795] Fix doc eventmesh-runtime-quickstart-with-docker.md (#798) close #795 * [Enhancement] Some suggestions for eventmesh-examples (#794) * remove invalid code * read config from file * extract constants * format code close #794 * [Enhancement] compile project with junit error (#802) Co-authored-by: ylong <ylong.b@gamil.com> close #796 * [Enhancement] Run CI on all branch (#805) * [MINOR] sort dependencise before check (#808) * [ISSUE #806] code optimization and delete invalid code in eventmesh-e… (#807) * [ISSUE #806] code optimization and delete invalid code in eventmesh-examples module * use ExampleConstants to hold constants in examples * delete invalid code * [ISSUE #806] code optimization and delete invalid code in eventmesh-examples module Motivation Code style consistency in log msg Co-authored-by: fengyongshe <fengyongshe@cmss.chinamobile.com> close #806 Co-authored-by: xwm1992 <mike_xwm@126.com> Co-authored-by: Daniel Gruno <humbedooh@apache.org> Co-authored-by: qqeasonchen <qqeasonchen@gmail.com> Co-authored-by: Wenjun Ruan <wenjun@apache.org> Co-authored-by: yangjun <yangjun1120@gmail.com> Co-authored-by: 李晓双 Li Xiao Shuang <644968328@qq.com> Co-authored-by: Shoothzj <shoothzj@gmail.com> Co-authored-by: Junjie Zhou <1192031540@qq.com> Co-authored-by: ZePeng Chen <84842773+Roc-00@users.noreply.github.com> Co-authored-by: jinrongluo <kapoking@gmail.com> Co-authored-by: Tihomir Surdilovic <tihomir@temporal.io> Co-authored-by: PJ Fanning <pjfanning@users.noreply.github.com> Co-authored-by: wqliang <wqliang@apache.org> Co-authored-by: lrhkobe <34571087+lrhkobe@users.noreply.github.com> Co-authored-by: lucky-lsr <45811620+lucky-lsr@users.noreply.github.com> Co-authored-by: sarihuangshanrong <280456134@qq.com> Co-authored-by: TownChen <793847469@qq.com> Co-authored-by: AhahaGe <ahahage@163.com> Co-authored-by: SpiritZhang <howtoknow@qq.com> Co-authored-by: like <likegeek@163.com> Co-authored-by: beeylong@126.com <29363663+hsld9527@users.noreply.github.com> Co-authored-by: fengyongshe <fengyongshe@139.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Search before asking
Enhancement Request
Currently in HTTP Subscriber, the
url
parameter is not being validated by the Eventmesh runtime, and if a invalid url is specified, the event is delivered to this url wrongly. This can cause unwanted result and can be security issue in the Production environment.Describe the solution you'd like
We need to validate the
url
parameter in the HTTP subscriber, reject any invalid subscription request.Are you willing to submit PR?
The text was updated successfully, but these errors were encountered: