Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow referencing existing Defender resources #27

Merged
merged 14 commits into from
Oct 28, 2023
Merged

Allow referencing existing Defender resources #27

merged 14 commits into from
Oct 28, 2023

Conversation

shahnami
Copy link
Member

MCarlomagno
MCarlomagno approved these changes Oct 19, 2023
View reviewed changes
Copy link
Member

@MCarlomagno MCarlomagno left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, my only concern is about security, is it possible to reference resources from another tenant? Let's say I see the actionId from another tenant in the forum and I attack that tenant triggering that action using a monitor from my own tenant, would that be possible?

src/cmd/deploy.ts Show resolved Hide resolved
CoveMB
CoveMB reviewed Oct 20, 2023
View reviewed changes
src/cmd/deploy.ts Show resolved Hide resolved
src/types/types/resources.schema.d.ts Show resolved Hide resolved
@shahnami
Copy link
Member Author

LGTM, my only concern is about security, is it possible to reference resources from another tenant? Let's say I see the actionId from another tenant in the forum and I attack that tenant triggering that action using a monitor from my own tenant, would that be possible?

These are secured by tenant-scoped API keys (since it uses defender-sdk). When a reference is made, we try to pull that data in during, for example, the deploy, but if the user doesn't have access to that resource, the authoriser will throw.

@shahnami shahnami merged commit efe1439 into main Oct 28, 2023
3 checks passed
@shahnami shahnami deleted the plat-2817-allow-defender-as-code-to-reference-existing-resources branch October 28, 2023 12:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CoveMB CoveMB CoveMB left review comments

@MCarlomagno MCarlomagno MCarlomagno approved these changes

@ggonzalez94 ggonzalez94 Awaiting requested review from ggonzalez94

@pasevin pasevin Awaiting requested review from pasevin

@zeljkoX zeljkoX Awaiting requested review from zeljkoX

@LuisUrrutia LuisUrrutia Awaiting requested review from LuisUrrutia

@dylankilkenny dylankilkenny Awaiting requested review from dylankilkenny

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@shahnami @MCarlomagno @CoveMB