Skip to content

Add new allowlist only resolver for loading models, instances, and dynamic model generation #183

New issue
New issue
Open
Feature
#558
Open
Add new allowlist only resolver for loading models, instances, and dynamic model generation#183
Feature
#558
Assignees
david-waltermire
Labels
enhancementNew feature or requestjavaPull requests that update Java code
Milestone
v3.0.0 Milestone 4
@aj-stein-gsa

Description

@aj-stein-gsa
aj-stein-gsa
opened on Oct 10, 2024

User Story

As a developer of Metaschema-based tooling, in order to deploy a more robust service implemented with this library, I want a resolver subsystem that restricts access to an allowlist of certain directories and subdirectories relative to a configuration and/or allowlist for specific remote HTTP services (to prevent access to other local services on the host or local file inclusion attack vectors).

Goals

  • Establish a secure-by-default input resolver
  • Limit access to local filesystem resources that are not part of the use cases and threat model of this library
  • Limit access to HTTP resources that are not part of the use cases and threat model of this library

Dependencies

N/A

Acceptance Criteria

  • All website and readme documentation affected by the changes in this issue have been updated.
  • A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
  • The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.

Revisions

No response

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requestjavaPull requests that update Java code

Type

Feature

Projects

Spec and Tooling Work Board

Status

In progress

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions