Skip to content

sec: fix s3 and gcs host checks #512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jan 14, 2025
Merged

sec: fix s3 and gcs host checks #512

merged 7 commits into from
Jan 14, 2025

Conversation

@dduzgun-security
Copy link
Collaborator

@dduzgun-security dduzgun-security commented Jan 7, 2025
edited by atlassian bot
Loading

Resolves potential incorrect host checks for S3 and GCS.

Ref: SECVULN-14562, SECVULN-14561, SECVULN-14564

nodyhub
nodyhub reviewed Jan 8, 2025
View reviewed changes
Copy link
Contributor

@nodyhub nodyhub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @dduzgun-security, great contribution. I have added added some comments and thoughts around the implementation, nothing special.

Looking forward to see this PR landing!

@dduzgun-security dduzgun-security marked this pull request as ready for review January 10, 2025 21:08
@dduzgun-security dduzgun-security requested a review from a team as a code owner January 10, 2025 21:08
mukeshjc
mukeshjc approved these changes Jan 13, 2025
View reviewed changes
Copy link
Contributor

@mukeshjc mukeshjc left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

edit: had a couple questions that I noticed late and posted them after this approval.

mukeshjc
mukeshjc suggested changes Jan 13, 2025
View reviewed changes
alanpchua
alanpchua approved these changes Jan 13, 2025
View reviewed changes
Copy link

@alanpchua alanpchua left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🔥

picatz
picatz reviewed Jan 13, 2025
View reviewed changes
mukeshjc
mukeshjc approved these changes Jan 14, 2025
View reviewed changes
Copy link
Contributor

@mukeshjc mukeshjc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dduzgun-security dduzgun-security merged commit f7836fb into main Jan 14, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nodyhub nodyhub Awaiting requested review from nodyhub

3 more reviewers

@picatz picatz picatz approved these changes

@mukeshjc mukeshjc mukeshjc approved these changes

@alanpchua alanpchua alanpchua approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@dduzgun-security @nodyhub @picatz @mukeshjc @alanpchua