Skip to content
GitLab
Explore
Sign in
Severin Kliegl
bac-django
Repository
Branches
Overview
Active
Stale
All
main
default
c970bd19
·
feat(admin): add basic admin interface
·
Feb 24, 2023
pitfall-a01-misconfiguration-of-settings
c593aba8
·
remove permission classes for UserViewSet
·
Feb 24, 2023
mitigation-a01-misconfiguration-of-settings
2f380231
·
feat(UserViewSet): add CustomDjangoModelPermission to enforce object level permissions
·
Feb 24, 2023
pitfall-a01-inproper-filtering-list-view
4cc065ef
·
feat(UserViewSet): add ineffective admin permission
·
Feb 24, 2023
mitigation-a01-inproper-filtering-list-view
6e101ce1
·
feat(UserViewSet): filter get_queryset
·
Feb 25, 2023
pitfall-a01-missing-olp-at-creation
a324ecae
·
feat(UserViewSet): add unsafe UserAdministrationPermission
·
Feb 25, 2023
mitigation-a01-missing-olp-at-creation
9f2a54eb
·
fix(UserViewSet): override perform_create
·
Feb 25, 2023
pitfall-a04-misuse-throttling-against-dos
cb09707f
·
feat(throttling): throttle requests
·
Feb 26, 2023
pitfall-a04-missing-pagination
0e7c0b36
·
feat(UserSerializer): reduce serializer fields for better show casing
·
Feb 26, 2023
mitigation-a04-missing-pagination
047773f4
·
feat(pagination): secure users and groups pagination
·
Feb 26, 2023
pitfall-a02-missing-authentication-classes
db7cdc03
·
feat(authentication_classes): unsafe implemenations for user and groups view set
·
Apr 02, 2023
mitigation-a02-missing-authentication-classes
089d9da2
·
feat(authentication_classes): harden user and group view set
·
Apr 02, 2023
pitfall-a01-nested-objects-missing-olp-check
9d53479f
·
feat(GroupSerializer): add insecure implementation of user group viewset
·
Apr 29, 2023
mitigation-a01-nested-objects-missing-olp-check
f4513da6
·
fix(GroupViewSet): harden endpoint, add second serializer
·
Apr 29, 2023
pitfall-a02-unsafe-password-recovery
c29a30d9
·
feat(password): showcase reset pw functionality
·
May 01, 2023
pitfall-a03-different-user-different-serializer
4cd08636
·
feat(UserSerializer): extend fields for showcasing, add details to user
·
May 05, 2023
mitigation-a03-different-user-different-serializer
e8aab5e9
·
feat(UserViewSet): harden view set
·
May 05, 2023
pitfall-a03-excluding-instead-of-filtering
9ce41722
·
feat(User): extend User model by address
·
May 06, 2023
mitigation-a03-excluding-instead-of-filtering
d8e79ad3
·
fix(UserSerializer): replace exclision with fields
·
May 06, 2023
pitfall-a03-error-message-includes-sensitive-data
46e92c35
·
feat(UserViewSet): check object level permission
·
May 06, 2023
Prev
1
2
Next