frostfs-node/cmd/neofs-cli/modules
Leonard Lyubich e54b52ec03 [#1420] object/acl: Fix correlation of object session to request
In previous implementation of `neofs-node` app object session was not
checked for substitution of the object related to it. Also, for access
checks, the session object was substituted instead of the one from the
request. This, on the one hand, made it possible to inherit the session
from the parent object for authorization for certain actions. On the
other hand, it covered the mentioned object substitution, which is a
critical vulnerability.

Next changes are applied to processing of all Object service requests:
 - check if object session relates to the requested object
 - use requested object in access checks.

Disclosed problem of object context inheritance will be solved within

Signed-off-by: Leonard Lyubich <ctulhurider@gmail.com>
2022-10-07 10:34:38 +03:00
..
accounting [#1687] go.mod: Update neofs-sdk-go 2022-08-22 18:59:57 +03:00
acl [#1651] cli: Fix CID setting in eACL creation 2022-08-04 17:04:42 +04:00
bearer [#1684] *: Fix linter warnings 2022-08-15 10:57:31 +03:00
container [#1704] cli: Add force option to the command container create 2022-10-05 09:14:13 +03:00
control [#1806] neofs-cli: Add control flush-cache command 2022-09-28 09:28:01 +03:00
netmap [#1680] cli/netmap: Support MAINTENANCE mode 2022-10-05 11:41:49 +03:00
object [#1726] neofs-cli: Truncate file before writing the object 2022-08-23 18:07:12 +03:00
session [#1420] object/acl: Fix correlation of object session to request 2022-10-07 10:34:38 +03:00
storagegroup [#1706] cli: Do not duplicate payload on SG put 2022-08-19 09:49:47 +04:00
util [#1323] neofs-cli: Reuse JSON flag for multiple commands 2022-06-24 10:33:22 +03:00
completion.go [#1041] cmd/*: factor out autocomplet command generation 2022-01-12 18:33:48 +03:00
root.go [#1587] Do not print build time in version 2022-07-14 10:39:51 +03:00