You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The endpoints /datanode/configured and /datanode/{nodeid} have no permission checks.
Please review whether that is required for bootstrap purposes or add a relevant permission annotation.
In a related PR (#18736), I'm adding checks for all resources, and these need your input.
If the omission of permission checks is on purpose, please let me know so I can add the correct annotation in that PR.
Thanks!
The text was updated successfully, but these errors were encountered:
kroepke
changed the title
Data node rest resource contains resources without permission checks
Data node rest resources contains endpoints without permission checks
Mar 29, 2024
The endpoints
/datanode/configured
and/datanode/{nodeid}
have no permission checks.Please review whether that is required for bootstrap purposes or add a relevant permission annotation.
graylog2-server/graylog2-server/src/main/java/org/graylog2/rest/resources/datanodes/DataNodeManagementResource.java
Lines 99 to 122 in d8e1aee
The endpoint
POST /datanode/provision/generate
does not seem to be used, at least I couldn't find any usages, but also has no permission checks.graylog2-server/graylog2-server/src/main/java/org/graylog2/bootstrap/preflight/web/resources/DataNodeProvisioningResource.java
Lines 50 to 56 in d884902
In a related PR (#18736), I'm adding checks for all resources, and these need your input.
If the omission of permission checks is on purpose, please let me know so I can add the correct annotation in that PR.
Thanks!
The text was updated successfully, but these errors were encountered: