Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: Address User-Controlled Data Risk in isAuthenticated() #27562

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

gantoin
Copy link

@gantoin gantoin commented Oct 12, 2024

Related to #27051

For enhancing application security, this PR modifies the isAuthenticated() endpoint to return a boolean indicating the authentication status instead of a potentially user-controlled value (principal.getName()). This change mitigates the risk of reflecting user-controlled data and strengthens the security of the application.


Please make sure the below checklist is followed for Pull Requests.

If the PR is not ready for review, please consider converting it to a Draft. You can also add the skip-ci label to prevent CI build on branch.

@CLAassistant
Copy link

CLAassistant commented Oct 12, 2024

CLA assistant check
All committers have signed the CLA.

@gantoin gantoin marked this pull request as draft October 12, 2024 16:08
@gantoin gantoin marked this pull request as ready for review October 14, 2024 07:39
@gantoin gantoin marked this pull request as draft October 14, 2024 13:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants