Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable list of commands from playground repositories #897

Closed
lucifercr07 opened this issue Oct 1, 2024 · 8 comments
Closed

Disable list of commands from playground repositories #897

lucifercr07 opened this issue Oct 1, 2024 · 8 comments
Assignees
@yashbudhia
Labels
difficulty-level -- easy feature -- playground good first issue Good for newcomers stack -- go

Comments

@lucifercr07
Copy link
Contributor

lucifercr07 commented Oct 1, 2024
edited
Loading

Description

DiceDB Playground is an interactive platform that allows users to experiment with DiceDB commands in a live environment, similar to the Go Playground. Users will be able to submit and execute commands directly through a web interface. The initial implementation will focus on enabling users to search for and trigger commands.
For more details about DiceDB playground you can check here.

To enhance the security of our application, we need to implement a blacklist for certain commands that could potentially lead to data loss or unauthorized access. This blacklist should be enforced in both the backend and frontend components of our application.
Add following commands for blacklisting:

  • FLUSHALL
  • FLUSHDB
  • DUMP
  • ABORT
  • AUTH
  • CONFIG
  • SAVE
  • BGSAVE
  • BGREWRITEAOF
  • RESTORE
  • MULTI
  • EXEC
  • DISCARD
  • QWATCH
  • QUNWATCH
  • LATENCY
  • CLIENT
  • SLEEP
  • PERSIST

Note: Implementation will be part of both DiceDB playground frontend repo and backend repo.

Tasks

  1. Backend Implementation:
    • Update service to restrict the blacklisted commands.
    • Implement middleware or a service layer to intercept and reject requests for blacklisted commands.
    • Ensure appropriate error responses are returned when blacklisted commands are attempted.
  2. Frontend Implementation:
    • Block blacklisted commands in frontend, with error message as below:
      - (error) ERR unknown command '<COMMAND_NAME>'
  3. Test the implementation to ensure that blacklisted commands are correctly rejected with appropriate error messages.
  4. Document the changes made in the README or relevant documentation files.
  5. Add sufficient unit and integration test for the same
@yashbudhia
Copy link

hey can you assign this to me?

@lucifercr07
Copy link
Contributor Author

@yashbudhia assigned, thanks for contributing. Please note the changes will be part of both DiceDB playground frontend repo and backend repo.

@yashbudhia
Copy link

Thanks for assigning, So i have to open pull requests in those repos right?

@lucifercr07
Copy link
Contributor Author

Thanks for assigning, So i have to open pull requests in those repos right?

Yes

@iRittikSharma
Copy link

@lucifercr07 I would like to work on this issue could you please assign it to me

@lucifercr07
Copy link
Contributor Author

Frontend changes merged as part of DiceDB/alloy#19

@amankumarsingh77 amankumarsingh77 mentioned this issue Oct 3, 2024
Closed
@yashbudhia
Copy link

I have also added blacklisted commands in the backend repo - DiceDB/playground-mono#23

@lucifercr07 lucifercr07 mentioned this issue Oct 6, 2024
Closed
@lucifercr07
Copy link
Contributor Author

Closing, merged as part of DiceDB/playground-mono#23

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yashbudhia yashbudhia

Labels
difficulty-level -- easy feature -- playground good first issue Good for newcomers stack -- go
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Disable list of commands from playground repositories amankumarsingh77/playground-mono
3 participants
@lucifercr07 @iRittikSharma @yashbudhia