Penpot/penpot
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-01-24 23:49:45 -05:00
Code Issues Activity

Merge pull request #4665 from penpot/niwinz-sanitize-audit

Browse source 
 Add stricter validation for audit events
This commit is contained in:
Alejandro 2024-06-04 10:12:27 +02:00 committed by GitHub
commit 5fef0b64f4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
backend/src/app/rpc/commands/audit.clj
View file

@ -77,10 +77,19 @@
(when (seq events) (when (seq events)
(db/insert-many! pool :audit-log event-columns events)))) (db/insert-many! pool :audit-log event-columns events))))
(def valid-event-types
#{"action" "identify"})
(def schema:event (def schema:event
[:map {:title "Event"} [:map {:title "Event"}
[:name [:string {:max 250}]] [:name
[:type [:string {:max 250}]] [:and {:gen/elements ["update-file", "get-profile"]}
[:string {:max 250}]
[:re #"[\d\w-]{1,50}"]]]
[:type
[:and {:gen/elements valid-event-types}
[:string {:max 250}]
[::sm/one-of {:format "string"} valid-event-types]]]
[:props [:props
[:map-of :keyword :any]] [:map-of :keyword :any]]
[:context {:optional true} [:context {:optional true}