search

lunasec-io / lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
https://www.lunasec.io/
Other
1.44k stars 164 forks source link

Survey #1106

Closed factoidforrest closed 1 year ago

factoidforrest commented 1 year ago

moreinfo_003

Survey with open ended question boxes. Appears for new users directly after signup, and for all existing users who have not yet completed the survey. Blocks use of the app for new users without projects (sidebar will be hidden by our current "wizard" system). Replaces access to the home page for existing users, but projects will still be accessible via sidebar.

Fields are required by html5 validation. stored in db as jsonb. Jsonb column size is limited at the DB level, but no other structural validation is done. I left this very open because questions may change and theres no real reason I know of for this data to be super contrete, we are a startup. Unless there is some jsonb postgres vuln or something. @freeqaz please let me know if you see any security concerns in this, would like different questions, etc. You (and Yiannis) will be the only ones actually using the data so let me know whatever you need!

There is no data retrieval in the app as part of this PR. If you would like to view these through an admin panel instead of through prod hasura, let me know @freeqaz

github-actions[bot] commented 1 year ago

Hasura Semantic Diff

Hasura config files have changed. This comment shows which fields have changed ignoring formatting.

Click to expand! ``` select_permissions - two list entries removed: - role: service permission: columns: - github_id - github_node_id - id - kratos_id - role filter: {} - role: user permission: columns: - github_node_id - id - kratos_id - role filter: _or: - id: _eq: X-Hasura-Real-User-Id - _exists: _table: name: users schema: public _where: _and: - id: _eq: X-Hasura-Real-User-Id - role: _eq: lunatrace_admin + two list entries added: - role: service permission: columns: - github_id - github_node_id - id - kratos_id - role - survey filter: {} - role: user permission: columns: - github_node_id - id - kratos_id - role - survey filter: _or: - id: _eq: X-Hasura-Real-User-Id - _exists: _table: name: users schema: public _where: _and: - id: _eq: X-Hasura-Real-User-Id - role: _eq: lunatrace_admin update_permissions + one list entry added: - role: user permission: columns: - survey filter: _or: - id: _eq: X-Hasura-Real-User-Id - _exists: _table: name: users schema: public _where: _and: - id: _eq: X-Hasura-Real-User-Id - role: _eq: lunatrace_admin check: null diff --git a/lunatrace/bsl/hasura/migrations/lunatrace/1675284578762_user_signup_questions/down.sql b/lunatrace/bsl/hasura/migrations/lunatrace/1675284578762_user_signup_questions/down.sql new file mode 100644 index 00000000..b8c8f1bc --- /dev/null +++ b/lunatrace/bsl/hasura/migrations/lunatrace/1675284578762_user_signup_questions/down.sql @@ -0,0 +1,2 @@ + +ALTER TABLE public.users DROP COLUMN survey; diff --git a/lunatrace/bsl/hasura/migrations/lunatrace/1675284578762_user_signup_questions/up.sql b/lunatrace/bsl/hasura/migrations/lunatrace/1675284578762_user_signup_questions/up.sql new file mode 100644 index 00000000..ee201015 --- /dev/null +++ b/lunatrace/bsl/hasura/migrations/lunatrace/1675284578762_user_signup_questions/up.sql @@ -0,0 +1,3 @@ + +ALTER TABLE public.users ADD COLUMN survey jsonb CHECK (length(survey::text) < 10000) NULL; + ```