Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(56) handle "scary config" #345

Open
Tracked by #238
ibihim opened this issue Dec 12, 2024 · 2 comments
Open
Tracked by #238

(56) handle "scary config" #345

ibihim opened this issue Dec 12, 2024 · 2 comments
Assignees
@ibihim
Labels
sig-auth-acceptance issues created during review for sig-auth-acceptance

Comments

@ibihim
Copy link
Collaborator

ibihim commented Dec 12, 2024
edited
Loading

What

Make it less likely, that rewrite params are used. They should be only used if necessary, like in the context of prom-label-proxy.

Why

  • Consuming header and query params, but leaving them as is, is usually a great first step into a CVE.
  • Letting the client modify authorization attributes is even worse.
  • Might be a hard requirement for Prometheus use cases with prom-label-proxy.
@ibihim ibihim mentioned this issue Dec 12, 2024
Open
58 tasks
@ibihim ibihim self-assigned this Dec 12, 2024
@ibihim ibihim changed the title (56) have a dedicated promtheus solution link OR (56) hide params pass-through behind a config Dec 12, 2024
@ibihim ibihim changed the title (56) hide params pass-through behind a config (56) hide params pass-through behind a config para, Dec 12, 2024
@ibihim ibihim changed the title (56) hide params pass-through behind a config para, (56) hide params pass-through behind a config param Dec 12, 2024
@ibihim ibihim added the sig-auth-acceptance issues created during review for sig-auth-acceptance label Dec 16, 2024
@ibihim
Copy link
Collaborator Author

ibihim commented Dec 17, 2024
edited
Loading

By @stlaz

Per our offline discussion, we should get rid of the query rewrites and stick with the header handling.

I'd suggest the switch for the handling logic to operate like a mode switch rather than the bool. We would have two modes:

1. TerminatingEvaluation
2. PassthroughEvaluation
or whatever names seem fitting, and document them properly, including the dangers of passthrough.

#346 (comment)

@ibihim ibihim changed the title (56) hide params pass-through behind a config param (56) handle "scary config" Dec 17, 2024
@ibihim
Copy link
Collaborator Author

ibihim commented Dec 17, 2024
edited
Loading

I wanted to make a step back to the discussion phase, this is why I closed the previous PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ibihim ibihim

Labels
sig-auth-acceptance issues created during review for sig-auth-acceptance
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ibihim