Bug #41358
closedmgr/dashboard: refactor SSO service
0%
Description
After unit test clean-up (https://github.com/ceph/ceph/pull/28696), it seems that SSO unit test is failing in FreeBSD: https://github.com/ceph/ceph/pull/29761.
The issue comes from the fact that a single Ceph command allows a parameter with 3 different semantics:
ceph dashboard sso setup saml2 <ceph_dashboard_base_url> <idp_metadata> ...
idp_metadata
can be: a HTTP URL, a file URL, or an XML payload.
While it's debatable whether having command-line overloading is practical, the real issue lies in the fact that no previous validation/sanitization is performed on that idp_metadata
argument. And that's also immediately used to access a remote URL or a local file (and XML is a constant source of security issues/Xpath injection: https://www.kb.cert.org/vuls/id/475445/).
That part of the code (services/sso.py) it's performing some several OS ops on unvalidated data which poses a serious risk:
Updated by Ernesto Puerta over 4 years ago
- Status changed from New to Fix Under Review
Updated by Volker Theile over 4 years ago
- Status changed from Fix Under Review to Resolved
Updated by Ernesto Puerta about 3 years ago
- Project changed from mgr to Dashboard
- Category changed from 145 to Security & Auth