fix: vars not sanitized in roles_query

This commit is contained in:
Vikram Rangnekar 2020-04-18 17:46:40 -04:00
parent 4cf7956ff5
commit e6934cda02
4 changed files with 18 additions and 16 deletions

View File

@ -15,10 +15,7 @@ Designed to 100x your developer productivity. Super Graph will instantly and wit
## Using it as a service ## Using it as a service
```console ```console
git clone https://github.com/dosco/super-graph get get https://github.com/dosco/super-graph
cd ./super-graph
make install
super-graph new <app_name> super-graph new <app_name>
``` ```

View File

@ -116,18 +116,18 @@ database:
# database ping timeout is used for db health checking # database ping timeout is used for db health checking
ping_timeout: 1m ping_timeout: 1m
# Define additional variables here to be used with filters # Define additional variables here to be used with filters
variables: variables:
admin_account_id: "5" admin_account_id: "5"
# Field and table names that you wish to block # Field and table names that you wish to block
blocklist: blocklist:
- ar_internal_metadata - ar_internal_metadata
- schema_migrations - schema_migrations
- secret - secret
- password - password
- encrypted - encrypted
- token - token
tables: tables:
- name: customers - name: customers

View File

@ -71,7 +71,7 @@ func (sg *SuperGraph) initConfig() error {
} }
// Roles: validate and sanitize // Roles: validate and sanitize
c.RolesQuery = sanitize(c.RolesQuery) c.RolesQuery = sanitizeVars(c.RolesQuery)
if len(c.RolesQuery) == 0 { if len(c.RolesQuery) == 0 {
sg.log.Printf("WRN roles_query not defined: attribute based access control disabled") sg.log.Printf("WRN roles_query not defined: attribute based access control disabled")

View File

@ -3,6 +3,11 @@ services:
db: db:
image: postgres image: postgres
tmpfs: /var/lib/postgresql/data tmpfs: /var/lib/postgresql/data
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
ports:
- "5432:5432"
rails_app: rails_app:
image: dosco/super-graph-demo:latest image: dosco/super-graph-demo:latest