Michael Drury
|
0107f2c40e
|
Merge pull request #14868 from Budibase/fix/openapi-security
Open API - security update
|
2024-10-25 11:16:47 +01:00 |
Michael Drury
|
207cf40504
|
Merge branch 'master' into fix/openapi-security
|
2024-10-25 11:01:40 +01:00 |
Sam Rose
|
28a7ab3991
|
Merge pull request #14861 from Budibase/sql-security
Add tests for SQL injection attacks on table/view creation and search.
|
2024-10-25 10:55:25 +01:00 |
mike12345567
|
f1fa0a3a6f
|
Fixing tests, updating to typescript.
|
2024-10-25 10:41:20 +01:00 |
Sam Rose
|
2b1bf4d711
|
Fix lint.
|
2024-10-25 10:39:42 +01:00 |
mike12345567
|
c33f331904
|
Test fix.
|
2024-10-24 18:08:49 +01:00 |
Sam Rose
|
dd6a0853a4
|
Fix tests (again)
|
2024-10-24 18:05:33 +01:00 |
mike12345567
|
68354cc50f
|
Defaulting app ID to variable.
|
2024-10-24 17:48:25 +01:00 |
mike12345567
|
0863a1167c
|
Updating OpenAPI definition to contain all required variables.
|
2024-10-24 17:41:34 +01:00 |
Sam Rose
|
226c8d4f8e
|
Fix SQL tests.
|
2024-10-24 17:33:16 +01:00 |
mike12345567
|
5a46e16b8d
|
Adding some tests around the openAPI public APIs to make sure the security works the way we expect, do not redirect API requests.
|
2024-10-24 16:54:08 +01:00 |
Sam Rose
|
977826a0ca
|
Clean up table assertions in SQL injection tests.
|
2024-10-24 15:37:53 +01:00 |
Sam Rose
|
6e6e1368c1
|
Assert table is not deleted in SQL injection tests.
|
2024-10-24 15:32:08 +01:00 |
Sam Rose
|
e54bb3fbdc
|
Uncomment view tests.
|
2024-10-24 12:33:32 +01:00 |
Sam Rose
|
478160c412
|
Fix all tests.
|
2024-10-24 12:28:23 +01:00 |
Sam Rose
|
0736812293
|
Add SQL injection tests.
|
2024-10-24 11:39:57 +01:00 |
Sam Rose
|
e14918c105
|
Fix notContains tests again.
|
2024-10-24 11:20:31 +01:00 |
Sam Rose
|
4a42439647
|
Merge branch 'master' of github.com:budibase/budibase into sql-security
|
2024-10-24 11:04:16 +01:00 |
Sam Rose
|
0695888659
|
wip
|
2024-10-24 11:01:35 +01:00 |
Michael Drury
|
5f56d8b369
|
Merge pull request #14855 from Budibase/fix/mysql-forward-slashes
MySQL queries - forward slashes in bindings
|
2024-10-23 17:44:06 +01:00 |
Sam Rose
|
ebcbadfd3a
|
remove all of the `fnc` variables
|
2024-10-23 17:21:14 +01:00 |
Sam Rose
|
a120ce4e14
|
More refactoring.
|
2024-10-23 17:07:42 +01:00 |
Michael Drury
|
714afad2ad
|
Merge branch 'master' into fix/mysql-forward-slashes
|
2024-10-23 16:57:26 +01:00 |
Sam Rose
|
aaf4022f25
|
Finally fix notContains tests.
|
2024-10-23 16:22:07 +01:00 |
Sam Rose
|
309506adab
|
wip
|
2024-10-23 15:05:41 +01:00 |
Sam Rose
|
26192515b3
|
Merge branch 'master' of github.com:budibase/budibase into sql-security
|
2024-10-23 14:45:51 +01:00 |
Sam Rose
|
56a68db1d4
|
Checkpoint EOD: fixed a bunch more raw cases, some test failures to fix tomorrow.
|
2024-10-22 18:33:44 +01:00 |
mike12345567
|
bd37698055
|
Switching away from regex to use custom formats.
|
2024-10-22 17:42:10 +01:00 |
mike12345567
|
bdac304551
|
Adding back test cases.
|
2024-10-22 17:20:27 +01:00 |
Adria Navarro
|
44fbe70740
|
Merge pull request #14845 from Budibase/chore/allow-serving-old-apps-locally
Allow serving old apps on local dev
|
2024-10-22 18:12:59 +02:00 |
Adria Navarro
|
91e3c87a9c
|
Fix typo
|
2024-10-22 17:59:03 +02:00 |
Adria Navarro
|
7124a754f1
|
Merge branch 'master' into chore/allow-serving-old-apps-locally
|
2024-10-22 17:54:16 +02:00 |
Adria Navarro
|
d73643f0b3
|
Allow serving old versions locally
|
2024-10-22 17:42:36 +02:00 |
Adria Navarro
|
06670ba549
|
Add local prerelease to version locally
|
2024-10-22 17:32:32 +02:00 |
Adria Navarro
|
b7e34f7f83
|
Merge pull request #14842 from Budibase/BUDI-8723/new-automation-not-selected-upon-creation
Navigate to automation on creation
|
2024-10-22 16:48:34 +02:00 |
Adria Navarro
|
71538eb761
|
Merge branch 'master' into BUDI-8723/new-automation-not-selected-upon-creation
|
2024-10-22 16:44:50 +02:00 |
Peter Clement
|
6f3ee89895
|
Merge pull request #14825 from Budibase/feat/support-user-in-automation-context
Support user in automation context
|
2024-10-22 15:22:22 +01:00 |
Peter Clement
|
94ebd7c6ef
|
update automation emitter
|
2024-10-22 14:36:15 +01:00 |
Peter Clement
|
75f17f5c12
|
update test to check for user id
|
2024-10-22 13:53:31 +01:00 |
Adria Navarro
|
e67126e6b6
|
Navigate to automation on creation
|
2024-10-22 14:30:22 +02:00 |
Peter Clement
|
bce430b57c
|
pr comments
|
2024-10-22 12:03:16 +01:00 |
Sam Rose
|
4545493cd5
|
Checkpoint, more raws converted.
|
2024-10-22 11:48:38 +01:00 |
mike12345567
|
33ea5f09a7
|
Revert account portal ref.
|
2024-10-22 11:06:46 +01:00 |
Peter Clement
|
613e63ccbf
|
remove update ref
|
2024-10-22 10:58:24 +01:00 |
Peter Clement
|
4a790a4fb9
|
Merge remote-tracking branch 'refs/remotes/origin/feat/support-user-in-automation-context' into feat/support-user-in-automation-context
|
2024-10-22 10:53:45 +01:00 |
Peter Clement
|
abe725a3b9
|
Merge remote-tracking branch 'origin/master' into feat/support-user-in-automation-context
|
2024-10-22 10:53:17 +01:00 |
Peter Clement
|
09695fabd6
|
extract necessary user bindings and add types
|
2024-10-22 10:52:52 +01:00 |
Sam Rose
|
44bd00a0d7
|
Making progress on converting raw calls to use bindings.
|
2024-10-21 18:20:52 +01:00 |
mike12345567
|
e69bfc2d71
|
Adding a fix for mysql, stopping coercion to dates in some cases, attempting to make this less all catching. Likely an area of concern, but there is currently no way to search for dates without this.
|
2024-10-21 17:17:05 +01:00 |
Sam Rose
|
00bdd6fc00
|
Merge branch 'master' of github.com:budibase/budibase into sql-security
|
2024-10-21 16:39:58 +01:00 |