admin-route-access-controls #47
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…port OWASP Top 10 Security Audit Reports and Documentation
…atch-fix-documentation Addressing CORS Vulnerability for OnTrack Application (Documentation)
…-access-control-clickjacking-vulnerability Addressing Broken Access Control (Clickjacking) Vulnerability (Documentation)
- Added compatibility for wordlists in the ssrf_mapper.sh script. - Added --max-timer option to the ssrf_mapper.sh script. - Added support for md formart for result logs - Added summary of the results in the ssrf_mapper.sh script. - Updated the ssrf_mapper.md file to include the new features and usage instructions.
Added detailed documentation for the frontend components related to the tutor-times feature. This includes descriptions of props, usage examples, and behavior across different views.
Re-added the 'Frontend Documentation' link that was mistakenly removed in a previous commit. This restores access to the relevant frontend documentation page from the navigation structure.
- new requirements and design documentation for tutor times redesign
…ious code excecution vulnerability
This reverts commit c25b7f3.
-Injection Test report
-Added API endpoints text file to the BAC audit folder -Added API URL configuration to the test script
Added command-line options for easier customization Changed all hardcoded URLs to use the variables defined at the top of the script - Updated curl commands to use `$TARGET_URL` instead of hardcoded URLs
…-times Documentation/tutor times
…rol-audit Doc/Broken-access-control Audit
Doc/Injection Test Audit
Documentation proposal for colour vision feat
Add OnTrack Dev Environment Setup Guide (linked to doubtfire-web PR #358)
Docs/ssrfaudit
…ution-fix Docs/malicious code execution fix
Doccumentation on findings of CORS misconfiguration
…bility-reports Upload JavaScript Source Map Remediation
…-http-remediation Upload Insecure Token HTTP Remediation
fix: replace index logo with transparent background version
…backend-docs Docs/Backend - Redesign Tutor Time Feature
…-times-backend-docs Revert "Docs/Backend - Redesign Tutor Time Feature"
…-tutor_times Docs/Backend - New Redesign for Tutor Times
❌ Deploy Preview for ontrackdocumentation failed.
|
MillicentAmolo
force-pushed
the
main
branch
from
616380d to
3e91081
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Regular users can currently access admin pages through the frontend (e.g., /#/admin/units). Implement proper route protection in the frontend application to prevent unauthorised access.
Priority: High
Acceptance Criteria:
Fixes # (issue)
Type of change
Testing Checklist
Checklist