Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(store): Sanitize username and Agent Name in URLs #9096

Merged

Conversation

Swiftyos
Copy link
Contributor

@Swiftyos Swiftyos requested a review from a team as a code owner December 20, 2024 11:29
@Swiftyos Swiftyos requested review from Pwuts and Bentlybro and removed request for a team December 20, 2024 11:29
@github-actions github-actions bot added platform/frontend AutoGPT Platform - Front end platform/backend AutoGPT Platform - Back end labels Dec 20, 2024
Copy link

netlify bot commented Dec 20, 2024

Deploy Preview for auto-gpt-docs-dev canceled.

Name Link
🔨 Latest commit ac75cc6
🔍 Latest deploy log https://app.netlify.com/sites/auto-gpt-docs-dev/deploys/67655cca96fb7500080d0dff

Copy link

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
🧪 No relevant tests
🔒 Security concerns

URL Encoding Bypass:
The PR adds URL decoding for usernames and agent names, but without proper validation of the decoded values. An attacker could potentially bypass security controls by encoding malicious characters. Consider implementing strict validation rules for the decoded strings to ensure they only contain allowed characters and meet length requirements.

⚡ Recommended focus areas for review

Input Validation
The URL decoding is done without any input validation or sanitization. Consider adding validation for the decoded username and agent_name to prevent injection attacks.

Inconsistent Casing
Username is converted to lowercase only in get_creator function but not in other functions. This inconsistency could lead to duplicate entries or lookup issues.

Copy link

netlify bot commented Dec 20, 2024

Deploy Preview for auto-gpt-docs ready!

Name Link
🔨 Latest commit 28b86d4
🔍 Latest deploy log https://app.netlify.com/sites/auto-gpt-docs/deploys/6765551788a8ad000894deeb
😎 Deploy Preview https://deploy-preview-9096--auto-gpt-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

Copy link

netlify bot commented Dec 20, 2024

Deploy Preview for auto-gpt-docs canceled.

Name Link
🔨 Latest commit ac75cc6
🔍 Latest deploy log https://app.netlify.com/sites/auto-gpt-docs/deploys/67655cca3f538500080dafd4

…lace' into swiftyos/open-2260-sanitize-username-and-agent-name-in-urls
…urls' of github.com:Significant-Gravitas/AutoGPT into swiftyos/open-2260-sanitize-username-and-agent-name-in-urls
@github-actions github-actions bot added size/l and removed size/m labels Dec 20, 2024
@Swiftyos Swiftyos requested a review from Abhi1992002 December 20, 2024 11:56
@github-actions github-actions bot added the conflicts Automatically applied to PRs with merge conflicts label Dec 20, 2024
Copy link
Contributor

This pull request has conflicts with the base branch, please resolve those so we can evaluate the pull request.

@github-actions github-actions bot removed the conflicts Automatically applied to PRs with merge conflicts label Dec 20, 2024
Copy link
Contributor

Conflicts have been resolved! 🎉 A maintainer will review the pull request shortly.

@github-actions github-actions bot added size/m and removed size/l labels Dec 20, 2024
@Swiftyos Swiftyos merged commit a8339d0 into dev Dec 20, 2024
20 of 22 checks passed
@Swiftyos Swiftyos deleted the swiftyos/open-2260-sanitize-username-and-agent-name-in-urls branch December 20, 2024 13:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
platform/backend AutoGPT Platform - Back end platform/frontend AutoGPT Platform - Front end Review effort [1-5]: 2 size/m
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

2 participants