Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-24 15:59:41 +02:00
Code Issues Releases Activity

fix(service): webhook vulnerability for passing an invalid image tag EE-2121 (#6269)

Browse source 
* fix(service): webhook vulnerability for passing an invalid image tag
This commit is contained in:
Hao Zhang 2022-01-27 08:38:29 +08:00 committed by GitHub
parent dfb0ba9efe
commit a9406764ee
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 115 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

9
api/http/handler/webhooks/webhook_list.go
View file

@ -1,6 +1,7 @@
package webhooks
import (
"github.com/portainer/portainer/api/http/security"
"net/http"
httperror "github.com/portainer/libhttp/error"
@ -33,6 +34,14 @@ func (handler *Handler) webhookList(w http.ResponseWriter, r *http.Request) *htt
return &httperror.HandlerError{http.StatusBadRequest, "Invalid query parameter: filters", err}
}
securityContext, err := security.RetrieveRestrictedRequestContext(r)
if err != nil {
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to retrieve user info from request context", Err: err}
}
if !securityContext.IsAdmin {
return response.JSON(w, []portainer.Webhook{})
}
webhooks, err := handler.DataStore.Webhook().Webhooks()
webhooks = filterWebhooks(webhooks, &filters)
if err != nil {