Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new Security Analyzer check for permissions on "Activity Feed" and "User Profile" pages #5080

Merged
merged 3 commits into from
Apr 10, 2022
Merged

Add new Security Analyzer check for permissions on "Activity Feed" and "User Profile" pages #5080

merged 3 commits into from
Apr 10, 2022

Conversation

daguiler
Copy link
Contributor

@daguiler daguiler commented Apr 10, 2022
edited by mitchelsellers
Loading

Summary

This pull request adds this new CheckUserProfilePage class to check the visibility of the user profile page defined in Site Settings > Site Behavior > Default Pages > User Profile Page, according to the following criteria:

Case 1: the selected user profile page is "Activity Feed"

  • If the Activity Feed page cannot be found, or is deleted, it returns PASS.
  • Otherwise, if the Activity Feed page is public, it returns ALERT.
  • Otherwise, if My Profile cannot be found or is deleted, it returns PASS.
  • Otherwise, if My Profile is public, it returns ALERT.
  • Otherwise, it returns PASS.

Case 2: the selected user profile page is not "Activity Feed"

  • If the selected user profile page cannot be found, or is deleted, it returns PASS.
  • Otherwise, if the selected user profile page is public, it returns ALERT.
  • Otherwise, it returns PASS.

image

Also, a new base class for audit checks is introduced, and some refactoring to the existing CheckTelerikPresence class is done in order to avoid redundancy.

mitchelsellers
mitchelsellers approved these changes Apr 10, 2022
View reviewed changes
Copy link
Contributor

@mitchelsellers mitchelsellers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great to me! I also updated the description so that the issue was linked for auto-close.

@mitchelsellers mitchelsellers added this to the 9.10.3 milestone Apr 10, 2022
valadas
valadas approved these changes Apr 10, 2022
View reviewed changes
Copy link
Contributor

@valadas valadas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome work, thanks a lot, looks good to me.

@valadas valadas merged commit 7485079 into dnnsoftware:develop Apr 10, 2022
@daguiler daguiler deleted the bugfix/DNN-60239 branch April 10, 2022 14:31
@daguiler daguiler mentioned this pull request Apr 10, 2022
Merged
@valadas valadas modified the milestones: 9.10.3, 9.11.0 Sep 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mitchelsellers mitchelsellers mitchelsellers approved these changes

@valadas valadas valadas approved these changes

Assignees
No one assigned
Labels
Type: Enhancement
Projects
None yet
Milestone
9.11.0
Development

Successfully merging this pull request may close these issues.

Add new Security Analyzer check for permissions on "Activity Feed" and "User Profile" pages
3 participants
@daguiler @mitchelsellers @valadas