-
-
Notifications
You must be signed in to change notification settings - Fork 256
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[GSK-1623] Secure Giskard readonly demo space at Hugging Face Spaces #1355
Conversation
…-1623-secure-readonly-demo-space
Remove mutable static object to make SonarLint happy
Add feedback and reply creation APIs as deny exceptions. Fix fontend component state after failed submissions.
…-1623-secure-readonly-demo-space
since we're sending some POST requests like Instead I suggest we do it on a DB level (more precisely at JPA). for example, if you define a class like import jakarta.persistence.PrePersist;
import jakarta.persistence.PreRemove;
import jakarta.persistence.PreUpdate;
public class ReadOnlyListener {
private boolean isReadOnlyGiskardInstance() {
// TODO: implement this, probably in another class
return true;
}
@PrePersist
@PreUpdate
@PreRemove
void onCUD(Object o) {
if (isReadOnlyGiskardInstance()) {
throw new IllegalStateException("This is a read-only Giskard instance. You cannot modify entities.");
}
}
} Then you'll be able to use it at an @Entity(name = "api_keys")
@Getter
@NoArgsConstructor
@EntityListeners(ReadOnlyListener.class)
public class ApiKey extends AbstractAuditingEntity In this case we could even allow some modifications but not others, like writing |
…skard Gallery instance
Letting MLWorker in HF connect
…-1623-secure-readonly-demo-space
Kudos, SonarCloud Quality Gate passed! |
…-1623-secure-readonly-demo-space
…-1623-secure-readonly-demo-space
…-1623-secure-readonly-demo-space
…-1623-secure-readonly-demo-space
backend/src/main/java/ai/giskard/web/rest/errors/GalleryDemoSpaceException.java
Outdated
Show resolved
Hide resolved
backend/src/main/java/ai/giskard/web/rest/controllers/GalleryUnlockController.java
Show resolved
Hide resolved
…-1623-secure-readonly-demo-space
Co-authored-by: Kevin Messiaen <[email protected]>
…-1623-secure-readonly-demo-space
Kudos, SonarCloud Quality Gate passed! |
1 similar comment
Kudos, SonarCloud Quality Gate passed! |
Description
Preventing any requests with modifications (POST, PUT, DELETE) whengiskardai/giskard
detected.Preventing Create, Update, Delete operations in DB after initialization.
Related Issue
Type of Change
Checklist
CODE_OF_CONDUCT.md
document.CONTRIBUTING.md
guide.make codestyle
.