dice icon indicating copy to clipboard operation
dice copied to clipboard
verified publisher icon DiceDB

Disable list of commands from playground repositories

Open lucifercr07 opened this issue 1 year ago • 7 comments

Description

DiceDB Playground is an interactive platform that allows users to experiment with DiceDB commands in a live environment, similar to the Go Playground. Users will be able to submit and execute commands directly through a web interface. The initial implementation will focus on enabling users to search for and trigger commands.
For more details about DiceDB playground you can check here.

To enhance the security of our application, we need to implement a blacklist for certain commands that could potentially lead to data loss or unauthorized access. This blacklist should be enforced in both the backend and frontend components of our application. Add following commands for blacklisting:

  • FLUSHALL
  • FLUSHDB
  • DUMP
  • ABORT
  • AUTH
  • CONFIG
  • SAVE
  • BGSAVE
  • BGREWRITEAOF
  • RESTORE
  • MULTI
  • EXEC
  • DISCARD
  • QWATCH
  • QUNWATCH
  • LATENCY
  • CLIENT
  • SLEEP
  • PERSIST

Note: Implementation will be part of both DiceDB playground frontend repo and backend repo.

Tasks

  1. Backend Implementation:
    • Update service to restrict the blacklisted commands.
    • Implement middleware or a service layer to intercept and reject requests for blacklisted commands.
    • Ensure appropriate error responses are returned when blacklisted commands are attempted.
  2. Frontend Implementation:
    • Block blacklisted commands in frontend, with error message as below: - (error) ERR unknown command '<COMMAND_NAME>'
  3. Test the implementation to ensure that blacklisted commands are correctly rejected with appropriate error messages.
  4. Document the changes made in the README or relevant documentation files.
  5. Add sufficient unit and integration test for the same

lucifercr07 avatar Oct 01 '24 17:10 lucifercr07

hey can you assign this to me?

yashbudhia avatar Oct 01 '24 17:10 yashbudhia

@yashbudhia assigned, thanks for contributing. Please note the changes will be part of both DiceDB playground frontend repo and backend repo.

lucifercr07 avatar Oct 01 '24 17:10 lucifercr07

Thanks for assigning, So i have to open pull requests in those repos right?

yashbudhia avatar Oct 01 '24 17:10 yashbudhia

Thanks for assigning, So i have to open pull requests in those repos right?

Yes

lucifercr07 avatar Oct 01 '24 19:10 lucifercr07

@lucifercr07 I would like to work on this issue could you please assign it to me

iRittikSharma avatar Oct 01 '24 19:10 iRittikSharma

Frontend changes merged as part of https://github.com/DiceDB/playground-web/pull/19

lucifercr07 avatar Oct 02 '24 15:10 lucifercr07

I have also added blacklisted commands in the backend repo - https://github.com/DiceDB/playground-mono/pull/23

yashbudhia avatar Oct 04 '24 14:10 yashbudhia

Closing, merged as part of https://github.com/DiceDB/playground-mono/pull/23

lucifercr07 avatar Oct 06 '24 14:10 lucifercr07