Commit Graph

35545 Commits

Author SHA1 Message Date
Michael Drury 0107f2c40e
Merge pull request #14868 from Budibase/fix/openapi-security
Open API - security update
2024-10-25 11:16:47 +01:00
Michael Drury 207cf40504
Merge branch 'master' into fix/openapi-security 2024-10-25 11:01:40 +01:00
Sam Rose 28a7ab3991
Merge pull request #14861 from Budibase/sql-security
Add tests for SQL injection attacks on table/view creation and search.
2024-10-25 10:55:25 +01:00
mike12345567 f1fa0a3a6f Fixing tests, updating to typescript. 2024-10-25 10:41:20 +01:00
Sam Rose 2b1bf4d711
Fix lint. 2024-10-25 10:39:42 +01:00
mike12345567 c33f331904 Test fix. 2024-10-24 18:08:49 +01:00
Sam Rose dd6a0853a4
Fix tests (again) 2024-10-24 18:05:33 +01:00
mike12345567 68354cc50f Defaulting app ID to variable. 2024-10-24 17:48:25 +01:00
mike12345567 0863a1167c Updating OpenAPI definition to contain all required variables. 2024-10-24 17:41:34 +01:00
Sam Rose 226c8d4f8e
Fix SQL tests. 2024-10-24 17:33:16 +01:00
mike12345567 5a46e16b8d Adding some tests around the openAPI public APIs to make sure the security works the way we expect, do not redirect API requests. 2024-10-24 16:54:08 +01:00
Sam Rose 977826a0ca
Clean up table assertions in SQL injection tests. 2024-10-24 15:37:53 +01:00
Sam Rose 6e6e1368c1
Assert table is not deleted in SQL injection tests. 2024-10-24 15:32:08 +01:00
Sam Rose e54bb3fbdc
Uncomment view tests. 2024-10-24 12:33:32 +01:00
Sam Rose 478160c412
Fix all tests. 2024-10-24 12:28:23 +01:00
Sam Rose 0736812293
Add SQL injection tests. 2024-10-24 11:39:57 +01:00
Sam Rose e14918c105
Fix notContains tests again. 2024-10-24 11:20:31 +01:00
Sam Rose 4a42439647
Merge branch 'master' of github.com:budibase/budibase into sql-security 2024-10-24 11:04:16 +01:00
Sam Rose 0695888659
wip 2024-10-24 11:01:35 +01:00
Michael Drury 5f56d8b369
Merge pull request #14855 from Budibase/fix/mysql-forward-slashes
MySQL queries - forward slashes in bindings
2024-10-23 17:44:06 +01:00
Sam Rose ebcbadfd3a
remove all of the `fnc` variables 2024-10-23 17:21:14 +01:00
Sam Rose a120ce4e14
More refactoring. 2024-10-23 17:07:42 +01:00
Michael Drury 714afad2ad
Merge branch 'master' into fix/mysql-forward-slashes 2024-10-23 16:57:26 +01:00
Sam Rose aaf4022f25
Finally fix notContains tests. 2024-10-23 16:22:07 +01:00
Sam Rose 309506adab
wip 2024-10-23 15:05:41 +01:00
Sam Rose 26192515b3
Merge branch 'master' of github.com:budibase/budibase into sql-security 2024-10-23 14:45:51 +01:00
Sam Rose 56a68db1d4
Checkpoint EOD: fixed a bunch more raw cases, some test failures to fix tomorrow. 2024-10-22 18:33:44 +01:00
mike12345567 bd37698055 Switching away from regex to use custom formats. 2024-10-22 17:42:10 +01:00
mike12345567 bdac304551 Adding back test cases. 2024-10-22 17:20:27 +01:00
Adria Navarro 44fbe70740
Merge pull request #14845 from Budibase/chore/allow-serving-old-apps-locally
Allow serving old apps on local dev
2024-10-22 18:12:59 +02:00
Adria Navarro 91e3c87a9c Fix typo 2024-10-22 17:59:03 +02:00
Adria Navarro 7124a754f1
Merge branch 'master' into chore/allow-serving-old-apps-locally 2024-10-22 17:54:16 +02:00
Adria Navarro d73643f0b3 Allow serving old versions locally 2024-10-22 17:42:36 +02:00
Adria Navarro 06670ba549 Add local prerelease to version locally 2024-10-22 17:32:32 +02:00
Adria Navarro b7e34f7f83
Merge pull request #14842 from Budibase/BUDI-8723/new-automation-not-selected-upon-creation
Navigate to automation on creation
2024-10-22 16:48:34 +02:00
Adria Navarro 71538eb761
Merge branch 'master' into BUDI-8723/new-automation-not-selected-upon-creation 2024-10-22 16:44:50 +02:00
Peter Clement 6f3ee89895
Merge pull request #14825 from Budibase/feat/support-user-in-automation-context
Support user in automation context
2024-10-22 15:22:22 +01:00
Peter Clement 94ebd7c6ef update automation emitter 2024-10-22 14:36:15 +01:00
Peter Clement 75f17f5c12 update test to check for user id 2024-10-22 13:53:31 +01:00
Adria Navarro e67126e6b6 Navigate to automation on creation 2024-10-22 14:30:22 +02:00
Peter Clement bce430b57c pr comments 2024-10-22 12:03:16 +01:00
Sam Rose 4545493cd5
Checkpoint, more raws converted. 2024-10-22 11:48:38 +01:00
mike12345567 33ea5f09a7 Revert account portal ref. 2024-10-22 11:06:46 +01:00
Peter Clement 613e63ccbf remove update ref 2024-10-22 10:58:24 +01:00
Peter Clement 4a790a4fb9 Merge remote-tracking branch 'refs/remotes/origin/feat/support-user-in-automation-context' into feat/support-user-in-automation-context 2024-10-22 10:53:45 +01:00
Peter Clement abe725a3b9 Merge remote-tracking branch 'origin/master' into feat/support-user-in-automation-context 2024-10-22 10:53:17 +01:00
Peter Clement 09695fabd6 extract necessary user bindings and add types 2024-10-22 10:52:52 +01:00
Sam Rose 44bd00a0d7
Making progress on converting raw calls to use bindings. 2024-10-21 18:20:52 +01:00
mike12345567 e69bfc2d71 Adding a fix for mysql, stopping coercion to dates in some cases, attempting to make this less all catching. Likely an area of concern, but there is currently no way to search for dates without this. 2024-10-21 17:17:05 +01:00
Sam Rose 00bdd6fc00
Merge branch 'master' of github.com:budibase/budibase into sql-security 2024-10-21 16:39:58 +01:00