You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Migrate embeddable hosts from site settings to database model
Add admin UI for managing embeddable hosts and categories
Replace string-based host validation with database queries
Update embed controller to use new EmbeddableHost model
Diagram Walkthrough
flowchart LR
A["SiteSetting<br/>embeddable_hosts"] -->|migrate| B["EmbeddableHost<br/>Model"]
B -->|admin CRUD| C["Admin UI<br/>Controllers"]
C -->|serialize| D["EmbeddableHostSerializer"]
E["EmbedController"] -->|validate| B
F["TopicEmbed"] -->|lookup category| B
Below is a summary of compliance checks for this PR:
Security Compliance
⚪
SQL injection
Description: Raw SQL string interpolation inserts host values directly into an INSERT statement without sanitization, enabling SQL injection if site settings contain malicious input. 20150818190757_create_embeddable_hosts.rb [24-26]
Follow the guide to enable codebase context checks.
Custom Compliance
🟢
Generic: Meaningful Naming and Self-Documenting Code
Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting
Status: Passed
Generic: Secure Error Handling
Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging.
Status: Passed
Generic: Secure Logging Practices
Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data.
Status: Passed
🔴
Generic: Security-First Input Validation and Data Handling
Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities
Status: SQL injection risk: User-controlled host values from site settings are interpolated directly into SQL INSERT without parameterization, introducing potential SQL injection during migration.
Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance.
Status: Missing auditing: Creation, update, and deletion of embeddable hosts are not explicitly logged with user, action, and outcome details, which may hinder audit trail requirements.
Generic: Robust Error Handling and Edge Case Management
Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation
Status: Edge case handling: The URL parsing in record_for_host returns false on invalid inputs but lacks logging/context and may not handle uppercase or trailing-dot hosts comprehensively.
Use a temporary ActiveRecord model for data insertion in the migration to prevent a potential SQL injection vulnerability from raw SQL string interpolation.
-records.each do |h|- execute "INSERT INTO embeddable_hosts (host, category_id, created_at, updated_at) VALUES ('#{h}', #{category_id}, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP)"+class TempEmbeddableHost < ActiveRecord::Base+ self.table_name = :embeddable_hosts
end
+records.each do |h|+ TempEmbeddableHost.create!(host: h, category_id: category_id)+end+
Apply / Chat
Suggestion importance[1-10]: 9
__
Why: The suggestion correctly identifies a SQL injection vulnerability in the database migration and proposes a robust solution using a temporary ActiveRecord model, which is a Rails best practice for security.
High
High-level
Refactor data hydration for embedded arrays
The data hydration logic for _ids arrays in store.js.es6 is too broad and risks causing unintended side effects. It should be refactored to be more specific or opt-in for models that require it.
// app/assets/javascripts/discourse/models/store.js.es6_hydrateEmbedded(type,obj,root){constself=this;Object.keys(obj).forEach(function(k){// Regex only matches properties ending in `_id`constm=/(.+)\_id(s?)$/.exec(k);if(m){if(m[2]){// if it ends in `_ids`// ... logic to hydrate an array of IDsobj[self.pluralize(subType)]=hydrated||[];}else{// if it ends in `_id`// ... logic to hydrate a single ID}}});}
After:
// app/assets/javascripts/discourse/models/store.js.es6_hydrateEmbedded(type,obj,root){constself=this;Object.keys(obj).forEach(function(k){// Only hydrate `_ids` for models that have opted inif(/_ids$/.test(k)&&self.modelFor(type).hasHydratableIds(k)){// ... logic to hydrate an array of IDs}elseif(/_id$/.test(k)){// ... logic to hydrate a single ID}});}// In a model definition (e.g., embedding.js.es6)exportdefaultEmber.Object.extend({// Opt-in mechanismhasHydratableIds(key){returnkey==='embeddable_host_ids';}});
Suggestion importance[1-10]: 8
__
Why: This suggestion correctly identifies a significant potential issue in store.js.es6, where a generic change to handle _ids properties could unintentionally affect other parts of the application, making it a valid and high-impact concern.
Medium
Possible issue
Filter out missing embedded records
Add .filter(Boolean) after mapping embedded records to remove any null or undefined values that could cause runtime errors.
Why: The suggestion correctly identifies that _lookupSubType can return null, leading to arrays with empty values, and proposes adding .filter(Boolean) to prevent potential runtime errors.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
PR #10
PR Type
Enhancement
Description
Migrate embeddable hosts from site settings to database model
Add admin UI for managing embeddable hosts and categories
Replace string-based host validation with database queries
Update embed controller to use new EmbeddableHost model
Diagram Walkthrough
File Walkthrough
20 files
New model for managing embeddable hostsAdmin controller for CRUD operationsAdmin controller for embedding settingsSerializer for embeddable host API responsesSerializer for embedding configurationUpdate host validation to use modelRemove embeddable host validation methodSimplify expandable_first_post checkUse EmbeddableHost for category lookupUpdate to use EmbeddableHost validationEmber controller for embedding admin UIEmber route for embedding admin pageEmber component for host row editingREST adapter for embedding resourceTemplate for embedding admin interfaceTemplate for embeddable host row componentAdd embedding nav item to customize menuAdd embedding route to admin route mapAdd embeddable-host to admin models listSupport hydrating embedded arrays with IDs3 files
Migration to create embeddable_hosts tableAdd routes for embedding admin pagesRemove embeddable_hosts and embed_category settings2 files
Add i18n strings for embedding UIRemove deprecated site settings descriptions11 files
Tests for EmbeddableHost modelTests for embeddable hosts controllerTests for embedding controllerUpdate tests to use EmbeddableHost modelRemove embeddable host validation testsUpdate tests for category lookupUpdate expandable_first_post testsMove category fabricator to separate fileAdd embeddable host fabricatorAdd test data for embedded arraysAdd tests for embedded array hydration