fix: vars not sanitized in roles_query

This commit is contained in:
Vikram Rangnekar 2020-04-18 17:46:40 -04:00
parent 4cf7956ff5
commit e6934cda02
4 changed files with 18 additions and 16 deletions

View File

@ -15,10 +15,7 @@ Designed to 100x your developer productivity. Super Graph will instantly and wit
## Using it as a service
```console
git clone https://github.com/dosco/super-graph
cd ./super-graph
make install
get get https://github.com/dosco/super-graph
super-graph new <app_name>
```

View File

@ -116,18 +116,18 @@ database:
# database ping timeout is used for db health checking
ping_timeout: 1m
# Define additional variables here to be used with filters
variables:
admin_account_id: "5"
# Define additional variables here to be used with filters
variables:
admin_account_id: "5"
# Field and table names that you wish to block
blocklist:
- ar_internal_metadata
- schema_migrations
- secret
- password
- encrypted
- token
# Field and table names that you wish to block
blocklist:
- ar_internal_metadata
- schema_migrations
- secret
- password
- encrypted
- token
tables:
- name: customers

View File

@ -71,7 +71,7 @@ func (sg *SuperGraph) initConfig() error {
}
// Roles: validate and sanitize
c.RolesQuery = sanitize(c.RolesQuery)
c.RolesQuery = sanitizeVars(c.RolesQuery)
if len(c.RolesQuery) == 0 {
sg.log.Printf("WRN roles_query not defined: attribute based access control disabled")

View File

@ -3,6 +3,11 @@ services:
db:
image: postgres
tmpfs: /var/lib/postgresql/data
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
ports:
- "5432:5432"
rails_app:
image: dosco/super-graph-demo:latest