Commit Graph

35599 Commits

Author SHA1 Message Date
Michael Drury 207cf40504
Merge branch 'master' into fix/openapi-security 2024-10-25 11:01:40 +01:00
Sam Rose 28a7ab3991
Merge pull request #14861 from Budibase/sql-security
Add tests for SQL injection attacks on table/view creation and search.
2024-10-25 10:55:25 +01:00
Sam Rose 0875ac817c
Merge branch 'master' into budi-8742-add-a-baseurl-binding-inside-automations 2024-10-25 10:51:29 +01:00
mike12345567 f1fa0a3a6f Fixing tests, updating to typescript. 2024-10-25 10:41:20 +01:00
Sam Rose 2b1bf4d711
Fix lint. 2024-10-25 10:39:42 +01:00
mike12345567 c33f331904 Test fix. 2024-10-24 18:08:49 +01:00
Sam Rose dd6a0853a4
Fix tests (again) 2024-10-24 18:05:33 +01:00
mike12345567 68354cc50f Defaulting app ID to variable. 2024-10-24 17:48:25 +01:00
mike12345567 0863a1167c Updating OpenAPI definition to contain all required variables. 2024-10-24 17:41:34 +01:00
Sam Rose 226c8d4f8e
Fix SQL tests. 2024-10-24 17:33:16 +01:00
mike12345567 5a46e16b8d Adding some tests around the openAPI public APIs to make sure the security works the way we expect, do not redirect API requests. 2024-10-24 16:54:08 +01:00
Sam Rose 977826a0ca
Clean up table assertions in SQL injection tests. 2024-10-24 15:37:53 +01:00
Sam Rose 6e6e1368c1
Assert table is not deleted in SQL injection tests. 2024-10-24 15:32:08 +01:00
Sam Rose e54bb3fbdc
Uncomment view tests. 2024-10-24 12:33:32 +01:00
Sam Rose 478160c412
Fix all tests. 2024-10-24 12:28:23 +01:00
Sam Rose 0736812293
Add SQL injection tests. 2024-10-24 11:39:57 +01:00
Sam Rose e14918c105
Fix notContains tests again. 2024-10-24 11:20:31 +01:00
Sam Rose 4a42439647
Merge branch 'master' of github.com:budibase/budibase into sql-security 2024-10-24 11:04:16 +01:00
Sam Rose 0695888659
wip 2024-10-24 11:01:35 +01:00
Michael Drury 5f56d8b369
Merge pull request #14855 from Budibase/fix/mysql-forward-slashes
MySQL queries - forward slashes in bindings
2024-10-23 17:44:06 +01:00
Sam Rose ebcbadfd3a
remove all of the `fnc` variables 2024-10-23 17:21:14 +01:00
Sam Rose a120ce4e14
More refactoring. 2024-10-23 17:07:42 +01:00
Michael Drury 714afad2ad
Merge branch 'master' into fix/mysql-forward-slashes 2024-10-23 16:57:26 +01:00
Sam Rose aaf4022f25
Finally fix notContains tests. 2024-10-23 16:22:07 +01:00
Sam Rose 309506adab
wip 2024-10-23 15:05:41 +01:00
Sam Rose 26192515b3
Merge branch 'master' of github.com:budibase/budibase into sql-security 2024-10-23 14:45:51 +01:00
Adria Navarro 67d2e0cf61 Port changes from PR #14846 2024-10-23 14:34:39 +02:00
Adria Navarro 71671ad62a Update pro submodule 2024-10-23 14:24:24 +02:00
Sam Rose 56a68db1d4
Checkpoint EOD: fixed a bunch more raw cases, some test failures to fix tomorrow. 2024-10-22 18:33:44 +01:00
mike12345567 bd37698055 Switching away from regex to use custom formats. 2024-10-22 17:42:10 +01:00
mike12345567 bdac304551 Adding back test cases. 2024-10-22 17:20:27 +01:00
Adria Navarro 44fbe70740
Merge pull request #14845 from Budibase/chore/allow-serving-old-apps-locally
Allow serving old apps on local dev
2024-10-22 18:12:59 +02:00
Adria Navarro 91e3c87a9c Fix typo 2024-10-22 17:59:03 +02:00
Adria Navarro 7124a754f1
Merge branch 'master' into chore/allow-serving-old-apps-locally 2024-10-22 17:54:16 +02:00
Adria Navarro d73643f0b3 Allow serving old versions locally 2024-10-22 17:42:36 +02:00
Adria Navarro 06670ba549 Add local prerelease to version locally 2024-10-22 17:32:32 +02:00
Adria Navarro b7e34f7f83
Merge pull request #14842 from Budibase/BUDI-8723/new-automation-not-selected-upon-creation
Navigate to automation on creation
2024-10-22 16:48:34 +02:00
Adria Navarro 71538eb761
Merge branch 'master' into BUDI-8723/new-automation-not-selected-upon-creation 2024-10-22 16:44:50 +02:00
Peter Clement 6f3ee89895
Merge pull request #14825 from Budibase/feat/support-user-in-automation-context
Support user in automation context
2024-10-22 15:22:22 +01:00
Peter Clement 94ebd7c6ef update automation emitter 2024-10-22 14:36:15 +01:00
Peter Clement 75f17f5c12 update test to check for user id 2024-10-22 13:53:31 +01:00
Adria Navarro e67126e6b6 Navigate to automation on creation 2024-10-22 14:30:22 +02:00
Peter Clement bce430b57c pr comments 2024-10-22 12:03:16 +01:00
Sam Rose 4545493cd5
Checkpoint, more raws converted. 2024-10-22 11:48:38 +01:00
mike12345567 33ea5f09a7 Revert account portal ref. 2024-10-22 11:06:46 +01:00
Peter Clement 613e63ccbf remove update ref 2024-10-22 10:58:24 +01:00
Peter Clement 4a790a4fb9 Merge remote-tracking branch 'refs/remotes/origin/feat/support-user-in-automation-context' into feat/support-user-in-automation-context 2024-10-22 10:53:45 +01:00
Peter Clement abe725a3b9 Merge remote-tracking branch 'origin/master' into feat/support-user-in-automation-context 2024-10-22 10:53:17 +01:00
Peter Clement 09695fabd6 extract necessary user bindings and add types 2024-10-22 10:52:52 +01:00
Sam Rose 44bd00a0d7
Making progress on converting raw calls to use bindings. 2024-10-21 18:20:52 +01:00