Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[NCP-555][storage] Add an allow list of domain names for uploading files to storage #804

Open
ipfaze opened this issue Nov 29, 2023 · 3 comments · May be fixed by #858
Open

[NCP-555][storage] Add an allow list of domain names for uploading files to storage #804

ipfaze opened this issue Nov 29, 2023 · 3 comments · May be fixed by #858
Labels
enhancement New feature or request low security

Comments

@ipfaze
Copy link
Contributor

ipfaze commented Nov 29, 2023
edited by jira bot
Loading

NCP-555

To enforce security, we would like to add an allow list to make sure we upload our files to a trusted object storage.

https://www.notion.so/scalingooriginal/Is-the-URL-schema-port-and-destination-enforced-with-a-positive-allow-list-b5748b867b52451e9d6f70081c8d82ae
@ipfaze ipfaze added enhancement New feature or request low labels Nov 29, 2023
@EtienneM EtienneM changed the title [S3] - add an allowlist of domain names for uploading files to storage [storage] Add an allowlist of domain names for uploading files to storage Dec 12, 2023
@EtienneM EtienneM changed the title [storage] Add an allowlist of domain names for uploading files to storage [storage] Add an allow list of domain names for uploading files to storage Dec 12, 2023
@SCedricThomas
Copy link
Contributor

Here is the meeting we had with infosec that specify the requirements of this fix: https://www.notion.so/scalingooriginal/SCAR-Upload-deployments-logs-to-OOS-bf134f86588c46f7ac28ab349f360240

@ipfaze
Copy link
Contributor Author

ipfaze commented Mar 15, 2024
edited
Loading

STORY-428

@yanjost
Copy link

yanjost commented Mar 28, 2024

Proposal:

  • emit a log line if the allowlist is not configured
  • add a method in the object to automatically load the allowlist from the environment variable (ex: OBJECT_STORAGE_ALLOWLIST)

@yanjost yanjost changed the title [storage] Add an allow list of domain names for uploading files to storage [NCP-555][storage] Add an allow list of domain names for uploading files to storage Mar 28, 2024
@sihamais sihamais linked a pull request Mar 28, 2024 that will close this issue
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request low security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(storage): add allow list check on S3 creation Scalingo/go-utils
3 participants
@yanjost @ipfaze @SCedricThomas