Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issue response header Marketo change from text/csv to text/csv;charset=UTF-8 #127

Merged
merged 1 commit into from
Jun 13, 2024
Merged

Fix issue response header Marketo change from text/csv to text/csv;charset=UTF-8 #127

merged 1 commit into from
Jun 13, 2024

Conversation

vietnguyen-td
Copy link
Contributor

@vietnguyen-td vietnguyen-td commented Jun 13, 2024
edited by minidragon88
Loading

Are all connections created by the plugin secure?

  • Does it opt secure communication standard? Such as HTTPS, SSH, SFTP, SMTP STARTTLS. If not check with CISO to decide we can deploy the plugin.
  • Does support both authentication and encryption appropriately? Such as: "just encrypting without authentication" that is insecure.

Does the plugin connect only to its expected external site which the customer explicitly set in their config file?

  • Does NOT connect unexpected external site and our internal endpoints? Such as: “v3/job/:id/set_started” callback endpoint.

Does NOT the plugin persist any customers' private information? Identify the private information beforehand.

  • Does NOT include them in (temporary) files?
  • Does NOT include them in log messages and exception messages?

What kind of environments does the plugin interact with?

  • Does NOT execute any shell command?
  • Does NOT read any files on the running instance? Such as: "/etc/passwords". It’s ok to read temporary files that the plugin wrote.
  • Does use to create temporary files by spi.TempFileSpace utility to avoid the conflict of the file names.
  • Does NOT get environment variables or JVM system properties at runtime? Such as AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in environment variables

Does NOT the plugin use insecure libraries?

  • Line up all depending library so that we can identify the impact of security incident of those library if any.
  • Check libraries usage of the plugin; all security check list must apply to the library usages. Such as "Are all connections created by the library secure?"

Does NOT the plugin source code repository contain kinds of credentials

  • API keys
  • Passwords

Make sure to free up all resources allocated during Embulk transaction “committing” or “rolling back”or before.

  • Network (connections, pooled connections)
  • Memory (cache in static variables)
  • File (temporary files)
  • CPU (threads, processes)

@vietnguyen-td vietnguyen-td requested a review from a team as a code owner June 13, 2024 02:12
minidragon88
minidragon88 approved these changes Jun 13, 2024
View reviewed changes
Copy link
Contributor

@minidragon88 minidragon88 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

kietdo360
kietdo360 approved these changes Jun 13, 2024
View reviewed changes
Copy link
Contributor

@kietdo360 kietdo360 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@minidragon88 minidragon88 requested a review from a team June 13, 2024 02:31
@vietnguyen-td
Copy link
Contributor Author

@treasure-data/integrations-code-review , i merge this to prepare hotfix, please help to CMA later, Thanks

@vietnguyen-td vietnguyen-td merged commit 51fbb8e into master Jun 13, 2024
1 check passed
@vietnguyen-td vietnguyen-td deleted the fix-response-header branch June 13, 2024 02:49
nmpennypacker
nmpennypacker reviewed Jun 13, 2024
View reviewed changes
Copy link

@nmpennypacker nmpennypacker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed for data exfiltrations

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nmpennypacker nmpennypacker nmpennypacker left review comments

@kietdo360 kietdo360 kietdo360 approved these changes

@minidragon88 minidragon88 minidragon88 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@vietnguyen-td @nmpennypacker @kietdo360 @minidragon88