April 2013 - overlord-issues - Jboss List Archives

[JBoss JIRA] (SRAMP-178) Trusting MIME type sent from clients is dangerous

by Eric Wittmann (JIRA)

[ https://issues.jboss.org/browse/SRAMP-178?page=com.atlassian.jira.plugin.... ] Eric Wittmann commented on SRAMP-178: ------------------------------------- This has been resolved, yes? > Trusting MIME type sent from clients is dangerous > ------------------------------------------------- > > Key: SRAMP-178 > URL: https://issues.jboss.org/browse/SRAMP-178 > Project: S-RAMP > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: Client > Affects Versions: 0.1.1 > Reporter: Lukas Krejci > Assignee: Kurt Stam > Fix For: 0.2.0 - Milestone 4 > > > While uploading artifact to the repository, the S-RAMP server completely trusts the client with the supplied mime type and uses it from thereafter. > This also includes the time when the artifact is downloaded from S-RAMP server. > This is quite dangerous, IMHO, because it gives the potential attackers the means for making certain types of files look like something they aren't. This could be a nice vector to exploiting vulnerabilities in applications that then open such files. > For example, consider this command: > curl -H 'Content-Type: image/png' -H 'Slug: wha.pkg' --data-binary @tmp.pdf 'http://localhost:8080/s-ramp-server/s-ramp/core/Document' > This will create an artifact called "wha.pkg" in the repository, which will have the stored content type of "image/png" but the actual data will be a PDF. > IMHO, the mime type detection should be purely a server-side affair ignoring any hints of mimetype sent in by the clients. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

[JBoss JIRA] (SRAMP-166) Support both ExtendedArtifactType *and* the new ExtendedDocument types

by Eric Wittmann (JIRA)

[ https://issues.jboss.org/browse/SRAMP-166?page=com.atlassian.jira.plugin.... ] Eric Wittmann updated SRAMP-166: -------------------------------- Git Pull Request: https://github.com/Governance/s-ramp/pull/233 > Support both ExtendedArtifactType *and* the new ExtendedDocument types > ---------------------------------------------------------------------- > > Key: SRAMP-166 > URL: https://issues.jboss.org/browse/SRAMP-166 > Project: S-RAMP > Issue Type: Feature Request > Security Level: Public(Everyone can see) > Components: Atom Binding, Client, Core, Persistence, S-RAMP API > Reporter: Eric Wittmann > Assignee: Eric Wittmann > Fix For: 0.2.0 - Milestone 4 > > > We split the 'ext' model into two different types: ExtendedArtifactType and ExtendedDocument. Need to support both. Clients now should use the latter type if their custom artifact has content. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

[JBoss JIRA] (SRAMP-167) Add support for the logical models defined in the S-RAMP spec (SOA, ServiceImpl, etc)

by Eric Wittmann (JIRA)

[ https://issues.jboss.org/browse/SRAMP-167?page=com.atlassian.jira.plugin.... ] Eric Wittmann updated SRAMP-167: -------------------------------- Summary: Add support for the logical models defined in the S-RAMP spec (SOA, ServiceImpl, etc) (was: Add support for one of the non-Document artifact models (e.g. ServiceImplementation)) > Add support for the logical models defined in the S-RAMP spec (SOA, ServiceImpl, etc) > ------------------------------------------------------------------------------------- > > Key: SRAMP-167 > URL: https://issues.jboss.org/browse/SRAMP-167 > Project: S-RAMP > Issue Type: Feature Request > Security Level: Public(Everyone can see) > Reporter: Eric Wittmann > Assignee: Eric Wittmann > Fix For: 0.2.0 - Milestone 4 > > > We need to make sure that we can support the logical (non-document) artifact types. The mechanism for creating them is different (there's no POST of a document). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

[JBoss JIRA] (SRAMP-166) Support both ExtendedArtifactType *and* the new ExtendedDocument types

by Eric Wittmann (JIRA)

[ https://issues.jboss.org/browse/SRAMP-166?page=com.atlassian.jira.plugin.... ] Eric Wittmann resolved SRAMP-166. --------------------------------- Resolution: Done This was resolved as part of another issue fix. See the attached pull request link for details. > Support both ExtendedArtifactType *and* the new ExtendedDocument types > ---------------------------------------------------------------------- > > Key: SRAMP-166 > URL: https://issues.jboss.org/browse/SRAMP-166 > Project: S-RAMP > Issue Type: Feature Request > Security Level: Public(Everyone can see) > Components: Atom Binding, Client, Core, Persistence, S-RAMP API > Reporter: Eric Wittmann > Assignee: Eric Wittmann > Fix For: 0.2.0 - Milestone 4 > > > We split the 'ext' model into two different types: ExtendedArtifactType and ExtendedDocument. Need to support both. Clients now should use the latter type if their custom artifact has content. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

[JBoss JIRA] (RTGOV-169) App/Service deployment/undeployment activity events

by Gary Brown (JIRA)

Gary Brown created RTGOV-169: -------------------------------- Summary: App/Service deployment/undeployment activity events Key: RTGOV-169 URL: https://issues.jboss.org/browse/RTGOV-169 Project: RTGov (Run Time Governance) Issue Type: Feature Request Reporter: Gary Brown Assignee: Gary Brown Fix For: 1.0.0.M5 Activity events to indicate when a service has been deployed/undeployed on a particular host. With switchyard, services are deployed within an 'app' - so need to record the app details in properties on the event. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

[JBoss JIRA] (RTGOV-57) Pluggable solution for colour coding service dependency graph

by Gary Brown (JIRA)

[ https://issues.jboss.org/browse/RTGOV-57?page=com.atlassian.jira.plugin.s... ] Gary Brown updated RTGOV-57: ---------------------------- Fix Version/s: 1.0.0.M5 (was: 1.1) > Pluggable solution for colour coding service dependency graph > ------------------------------------------------------------- > > Key: RTGOV-57 > URL: https://issues.jboss.org/browse/RTGOV-57 > Project: RTGov (Run Time Governance) > Issue Type: Feature Request > Reporter: Gary Brown > Assignee: Gary Brown > Fix For: 1.0.0.M5 > > > Currently need to modify mvel script embedded in war. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

[JBoss JIRA] (RTGOV-168) Supply message header values to information processor

by Gary Brown (JIRA)

Gary Brown created RTGOV-168: -------------------------------- Summary: Supply message header values to information processor Key: RTGOV-168 URL: https://issues.jboss.org/browse/RTGOV-168 Project: RTGov (Run Time Governance) Issue Type: Feature Request Reporter: Gary Brown Assignee: Gary Brown Fix For: 1.0.0.M5 Enable message header values to be provided along side content, and for the information processor to be able to selectively transfer (and potentially transform) the header values into the activity event properties. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

[JBoss JIRA] (SRAMP-183) Add Project Life Cycle support

by Kurt Stam (JIRA)

[ https://issues.jboss.org/browse/SRAMP-183?page=com.atlassian.jira.plugin.... ] Kurt Stam updated SRAMP-183: ---------------------------- Git Pull Request: https://github.com/Governance/s-ramp-distro/pull/27 > Add Project Life Cycle support > ------------------------------ > > Key: SRAMP-183 > URL: https://issues.jboss.org/browse/SRAMP-183 > Project: S-RAMP > Issue Type: Feature Request > Security Level: Public(Everyone can see) > Components: Governance > Reporter: Kurt Stam > Assignee: Kurt Stam > Fix For: 0.2.0 - Milestone 4 > > > Add support to kick off a project lifecycle workflow -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

[JBoss JIRA] (SRAMP-183) Add Project Life Cycle support

by Kurt Stam (JIRA)

Kurt Stam created SRAMP-183: ------------------------------- Summary: Add Project Life Cycle support Key: SRAMP-183 URL: https://issues.jboss.org/browse/SRAMP-183 Project: S-RAMP Issue Type: Feature Request Security Level: Public (Everyone can see) Components: Governance Reporter: Kurt Stam Assignee: Kurt Stam Fix For: 0.2.0 - Milestone 4 Add support to kick off a project lifecycle workflow -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

[JBoss JIRA] (RTGOV-167) Add fault count to InvocationMetrics

by Gary Brown (JIRA)

Gary Brown created RTGOV-167: -------------------------------- Summary: Add fault count to InvocationMetrics Key: RTGOV-167 URL: https://issues.jboss.org/browse/RTGOV-167 Project: RTGov (Run Time Governance) Issue Type: Enhancement Reporter: Gary Brown Assignee: Gary Brown Priority: Critical Fix For: 1.0.0.M5 Represent the number of invocations that resulted in a fault response, and include this information in the service overview. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

overlord-issues April 2013