search

openHPI / codeharbor

Exchange of Programming Exercises acrossdiverse Code Assessment Systems through CodeHarbor
BSD 3-Clause "New" or "Revised" License
6 stars 3 forks source link

Fix account_link security issue #1577

Closed kkoehn closed 3 weeks ago

kkoehn commented 1 month ago

Fixes a security issue enabling access to any account_link given the id. I only fixed the occurrences in the task_controller since the collections_controller would need a spec as well and is not in use at the moment. The collection-export should be fixed and tested in another PR.

fixes: #1566

codecov[bot] commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 94.08%. Comparing base (992aeab) to head (f17547c). Report is 13 commits behind head on master.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #1577 +/- ## ========================================== + Coverage 93.83% 94.08% +0.24% ========================================== Files 123 123 Lines 2985 2990 +5 ========================================== + Hits 2801 2813 +12 + Misses 184 177 -7 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

MrSerth commented 4 weeks ago

By the way: What I really like about the refactoring you did is the refactoring within the ProFormA service. I like passing the AccountLink object rather than just the ID :+1:.