cozystack/pkg
IvanHunters 82fb7990d5 fix(api): prevent IDOR in TenantNamespace Get and Watch handlers
Fixed two IDOR vulnerabilities allowing authenticated users to access
metadata of any tenant namespace without proper authorization.

Changes:
- Added hasAccessToNamespace() for efficient single-namespace access checks
- Get() now verifies access before returning namespace metadata
- Watch() filters events per-namespace with proper authorization
- Returns NotFound (not Forbidden) to prevent tenant enumeration

Performance optimization:
- hasAccessToNamespace() lists RoleBindings only in target namespace
  instead of listing all cluster RoleBindings (order of magnitude faster)
- Watch handler logs authorization errors for security audit

Additional fixes:
- Handle ServiceAccount subjects with empty namespace correctly
- Add klog error logging for failed authorization checks

Signed-off-by: IvanHunters <xorokhotnikov@gmail.com>
(cherry picked from commit 64a3edff01)
2026-04-28 14:07:29 +00:00
..
apis test(api): address review round 4 findings 2026-04-12 14:17:12 +03:00
apiserver feat(application): add WorkloadsReady condition and Events tab 2026-04-15 17:20:45 +03:00
cmd/server [docs] Updated app go types 2026-03-25 15:57:25 +05:00
config refactor(api): remove rootHost-based name length validation 2026-02-12 13:52:37 +03:00
generated fix(codegen): add gen_client to update-codegen.sh and regenerate applyconfiguration 2026-02-16 23:01:38 +03:00
lineage feat(api): add chartRef to CozystackResourceDefinition 2026-01-14 16:09:43 +01:00
ovnstatus [kubeovn] Implement the KubeOVN plunger 2025-09-11 02:11:58 +03:00
registry fix(api): prevent IDOR in TenantNamespace Get and Watch handlers 2026-04-28 14:07:29 +00:00
version refactor(telemetry): split telemetry between operator and controller 2026-01-19 13:52:15 +01:00