Closed fitzthum closed 2 years ago
Lint check should be fixed once Derren's PR is merged.
I see no check that value of resource_path as no / or \ chars in it. I would check both in insert_resource and in get_resource_path, and return Err.
Since the path is now set in the database by the guest owner, I'm not sure we need to worry about directory traversal stuff as much. The insert and delete methods are only used in the tests. Guest owners are expected to add resources via the database directly (until we have a tool that does this for them). It might still be good to do some sanitization of the path (when we get the path, for instance), but some users might reasonably want to have slashes in the path if they have a lot of resources. wdyt?
Support for getting resources from the KBS. This will be used for signature verification among other things.
For now there is a simple database table that keeps track of the different resources and the policies associated with them. At the moment we are only supporting one resource per
resource_type
and theresource_id
is unused. This looks a bit weird and will be updated after the first release when we add an additional parameters field to the request api. Until then I think this is the best way.@dubek