Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider alternatives for reading OpenAPI and metadata dependencies #1053

Open
zengin opened this issue Jun 27, 2022 · 2 comments
Open

Consider alternatives for reading OpenAPI and metadata dependencies #1053

zengin opened this issue Jun 27, 2022 · 2 comments
Labels
type: security
Milestone
Backlog

Comments

@zengin
Copy link
Contributor

zengin commented Jun 27, 2022

Describe the bug
Currently DevX API reads metadata and OpenAPI documents directly from msgraph-metadata GitHub repo, which makes it susceptible to issues like: microsoftgraph/msgraph-metadata#172

Expected behavior
Production sources should be guarded with additional checks than a mere write access to a GitHub repo, especially when an automated pipeline has direct write access (as in the case of generation process).
@ddyett
Copy link
Contributor

ddyett commented Jun 27, 2022

agreed with this, there isn't sufficient access control.

@adhiambovivian adhiambovivian added this to the Backlog milestone Aug 19, 2022
@darrelmiller
Copy link
Contributor

If we change the production of clean metadata to be based on the schemas folder, we will have the schemas update PR as a gate. Currently we are pulling from $metadata without a gate. Moving to the schemas will address a range of different issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: security
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
4 participants
@darrelmiller @zengin @adhiambovivian @ddyett