Skip to content

Enforce URL path semantics in containment lookup #2059

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jeswr merged 12 commits into from
Jul 10, 2023
Merged

Enforce URL path semantics in containment lookup #2059

jeswr merged 12 commits into from
Jul 10, 2023

Conversation

@NSeydoux
Copy link
Contributor

@NSeydoux NSeydoux commented Jun 30, 2023

When listing contained resources with getContainedResourcesAll, in addition to using ldp:contains claims, we apply a filter so that we only return resources that are child resources of the target container from a URL path semantics perspective as well. This means [https://pod.example.org/foo/bar/moo](https://pod.example.org/foo/bar/moo%60) cannot be considered a child resource of [https://pod.example.org/foo/](https://pod.example.org/foo/%60). Resources from a different origin will also be excluded.

This prevents malicious Pods from claiming containment across domains, which could lead to incorrect behavior of the clients.

  • I've added a unit test to test for potential regressions of this bug.
  • The changelog has been updated, if applicable.
  • Commits in this PR are minimal and have descriptive commit messages.

@NSeydoux NSeydoux requested a review from a team as a code owner June 30, 2023 11:47
@vercel
Copy link

vercel bot commented Jun 30, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
solid-client-js ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 10, 2023 10:26am

jeswr
jeswr approved these changes Jul 1, 2023
View reviewed changes
jeswr
jeswr suggested changes Jul 1, 2023
View reviewed changes
Copy link
Contributor

@jeswr jeswr left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Meant to request changes rather than approve

@NSeydoux NSeydoux temporarily deployed to ESS PodSpaces July 3, 2023 09:07 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS PodSpaces July 3, 2023 09:07 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS PodSpaces July 3, 2023 09:08 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to NSS July 3, 2023 09:08 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS Dev-Next July 3, 2023 09:08 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS PodSpaces July 3, 2023 09:08 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to NSS July 3, 2023 09:08 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS PodSpaces July 3, 2023 09:08 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to NSS July 3, 2023 09:08 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS Dev-Next July 3, 2023 09:08 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS PodSpaces July 3, 2023 09:30 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS PodSpaces July 3, 2023 09:30 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to NSS July 3, 2023 09:30 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS PodSpaces July 3, 2023 09:30 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS PodSpaces July 3, 2023 09:30 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS Dev-Next July 3, 2023 09:30 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to NSS July 3, 2023 09:30 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS PodSpaces July 3, 2023 09:30 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to NSS July 3, 2023 09:30 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS Dev-Next July 3, 2023 09:30 — with GitHub Actions Inactive
@NSeydoux NSeydoux requested a review from jeswr July 3, 2023 09:32
jeswr
jeswr reviewed Jul 3, 2023
View reviewed changes
@NSeydoux NSeydoux temporarily deployed to ESS PodSpaces July 3, 2023 20:36 — with GitHub Actions Inactive
@NSeydoux NSeydoux requested a review from jeswr July 10, 2023 09:12
@NSeydoux NSeydoux temporarily deployed to ESS PodSpaces July 10, 2023 09:18 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS PodSpaces July 10, 2023 09:18 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to NSS July 10, 2023 09:18 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS PodSpaces July 10, 2023 09:18 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS PodSpaces July 10, 2023 09:18 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS Dev-Next July 10, 2023 09:18 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to NSS July 10, 2023 09:18 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS PodSpaces July 10, 2023 09:18 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to NSS July 10, 2023 09:18 — with GitHub Actions Inactive
@NSeydoux NSeydoux temporarily deployed to ESS Dev-Next July 10, 2023 09:18 — with GitHub Actions Inactive
@jeswr jeswr temporarily deployed to ESS PodSpaces July 10, 2023 10:25 — with GitHub Actions Inactive
@jeswr jeswr temporarily deployed to ESS PodSpaces July 10, 2023 10:25 — with GitHub Actions Inactive
@jeswr jeswr temporarily deployed to NSS July 10, 2023 10:25 — with GitHub Actions Inactive
@jeswr jeswr temporarily deployed to ESS PodSpaces July 10, 2023 10:25 — with GitHub Actions Inactive
@jeswr jeswr temporarily deployed to ESS PodSpaces July 10, 2023 10:25 — with GitHub Actions Inactive
@jeswr jeswr temporarily deployed to ESS Dev-Next July 10, 2023 10:25 — with GitHub Actions Inactive
@jeswr jeswr temporarily deployed to NSS July 10, 2023 10:25 — with GitHub Actions Inactive
@jeswr jeswr temporarily deployed to ESS PodSpaces July 10, 2023 10:25 — with GitHub Actions Inactive
@jeswr jeswr temporarily deployed to NSS July 10, 2023 10:25 — with GitHub Actions Inactive
@jeswr jeswr temporarily deployed to ESS Dev-Next July 10, 2023 10:25 — with GitHub Actions Inactive
@jeswr jeswr enabled auto-merge (squash) July 10, 2023 10:25
@jeswr jeswr merged commit a4265d2 into main Jul 10, 2023
@jeswr jeswr deleted the fix/SDK-3153_path-semantics-containment branch July 10, 2023 10:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jeswr jeswr jeswr approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@NSeydoux @jeswr