[PR #3214] [MERGED] Prevent cross-org site binding in target create/update #29064

Closed
opened 2026-06-11 00:45:29 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/fosrl/pangolin/pull/3214
Author: @marcschaeferger
Created: 6/4/2026
Status: Merged
Merged: 6/4/2026
Merged by: @oschwartz10612

Base: devHead: dev


📝 Commits (2)

  • 5162924 fix(middleware): prevent cross-org site binding in target create/update
  • f617f93 test(middleware): add regression tests for cross-org site binding prevention

📊 Changes

3 files changed (+336 additions, -5 deletions)

View changed files

server/middlewares/verifySiteAccess.test.ts (+322 -0)
📝 server/middlewares/verifySiteAccess.ts (+10 -4)
📝 server/routers/external.ts (+4 -1)

📄 Description

Description

This pull request strengthens cross-organization security checks for site access and adds comprehensive tests to prevent privilege escalation attacks when binding resources or targets to sites across different organizations. The main improvements include enforcing organization consistency in middleware, updating route stacks to ensure proper middleware order, and adding thorough tests for the new logic.

Security enforcement and middleware logic:

  • Added a check in verifySiteAccess to reject requests if the loaded site's orgId does not match req.userOrgId, preventing cross-organization binding attacks.
  • Updated route definitions for PUT /resource/:resourceId/target and POST /target/:targetId to ensure verifySiteAccess runs after verifyResourceAccess or verifyTargetAccess, respectively, enforcing the new org consistency check [1] [2].

Testing and validation:

  • Added a comprehensive test suite in verifySiteAccess.test.ts that covers org-matching logic, cross-org rejection, route stack ordering, and security scenarios to ensure the new protections work as intended.

Minor improvements:

  • Simplified code formatting in external.ts for rate limiting configuration.
  • Minor code cleanup in a database query for role-site validation in verifySiteAccess.ts.

Note:

PR Titel and Description generated by AI (Copilot)
Test File generated by AI but checked and slightly modified


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/fosrl/pangolin/pull/3214 **Author:** [@marcschaeferger](https://github.com/marcschaeferger) **Created:** 6/4/2026 **Status:** ✅ Merged **Merged:** 6/4/2026 **Merged by:** [@oschwartz10612](https://github.com/oschwartz10612) **Base:** `dev` ← **Head:** `dev` --- ### 📝 Commits (2) - [`5162924`](https://github.com/fosrl/pangolin/commit/51629247a51456325747dad493046031f90a1b06) fix(middleware): prevent cross-org site binding in target create/update - [`f617f93`](https://github.com/fosrl/pangolin/commit/f617f93a94874bb0bb5d4ffa8f4f47b4082cd21d) test(middleware): add regression tests for cross-org site binding prevention ### 📊 Changes **3 files changed** (+336 additions, -5 deletions) <details> <summary>View changed files</summary> ➕ `server/middlewares/verifySiteAccess.test.ts` (+322 -0) 📝 `server/middlewares/verifySiteAccess.ts` (+10 -4) 📝 `server/routers/external.ts` (+4 -1) </details> ### 📄 Description ## Description This pull request strengthens cross-organization security checks for site access and adds comprehensive tests to prevent privilege escalation attacks when binding resources or targets to sites across different organizations. The main improvements include enforcing organization consistency in middleware, updating route stacks to ensure proper middleware order, and adding thorough tests for the new logic. **Security enforcement and middleware logic:** * Added a check in `verifySiteAccess` to reject requests if the loaded site's `orgId` does not match `req.userOrgId`, preventing cross-organization binding attacks. * Updated route definitions for `PUT /resource/:resourceId/target` and `POST /target/:targetId` to ensure `verifySiteAccess` runs after `verifyResourceAccess` or `verifyTargetAccess`, respectively, enforcing the new org consistency check [[1]](diffhunk://#diff-26c7d25dd779ec436bad17cfea79b57a4cbdef1cae8fde1682e53e28e0da935bR564) [[2]](diffhunk://#diff-26c7d25dd779ec436bad17cfea79b57a4cbdef1cae8fde1682e53e28e0da935bR616). **Testing and validation:** * Added a comprehensive test suite in `verifySiteAccess.test.ts` that covers org-matching logic, cross-org rejection, route stack ordering, and security scenarios to ensure the new protections work as intended. **Minor improvements:** * Simplified code formatting in `external.ts` for rate limiting configuration. * Minor code cleanup in a database query for role-site validation in `verifySiteAccess.ts`. ## Note: PR Titel and Description generated by AI (Copilot) Test File generated by AI but checked and slightly modified --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-06-11 00:45:29 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#29064