Sjoerd Langkemper

icon indicating a website link https://www.sjoerdlangkemper.nl/

icon location Haarlem, The Netherlands

Results 204 comments of Sjoerd Langkemper

Cheat sheet update/refactor proposal: [Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet]

[Rewrite IDOR cheat sheet by Sjord · Pull Request #1177 · OWASP/CheatSheetSeries](https://github.com/OWASP/CheatSheetSeries/pull/1177)

Move `src/parser.c` to git LFS

We could reconsider whether parser.c should be committed at all. It is auto-generated with tree-sitter generate, so I am not sure it should be in the repository.

ProjectMergeRequestApprovalRule.save() throws 404

Indeed the used identifier is incorrect. It would perform a call to /api/v4/projects/1/merge_requests/1/approval_rules/3 instead of /api/v4/projects/1/merge_requests/1/approval_rules/1 when saving. The unit test [here](https://github.com/python-gitlab/python-gitlab/blob/72e1aa7f2c2aad739db2f5dd4394165a5b5f2432/tests/unit/objects/test_project_merge_request_approvals.py#L13) does not catch that, since the project ID,...

ldap_group_links.list() not usable

`gitlab group-ldap-group-link list --group-id xxxxxx` performs a request to `/api/v4/groups/xxxxxx/ldap_group_links`, and the response looks like this: ``` [{"cn":"foo","group_access":10,"provider":"ldap"}] ```

ldap_group_links.list() not usable

Setting `_id_attr = None` would at least get rid of the exception, and then `--verbose` can be used to also display the `cn` or `filter` fields. Since `_id_attr` is a...

Available project integrations not callable from the CLI

[ProjectIntegration](https://github.com/python-gitlab/python-gitlab/blob/72e1aa7f2c2aad739db2f5dd4394165a5b5f2432/gitlab/v4/objects/integrations.py#L27-L28): ``` class ProjectIntegration(SaveMixin, ObjectDeleteMixin, RESTObject): _id_attr = "slug" ``` In [cli.py](https://github.com/python-gitlab/python-gitlab/blob/72e1aa7f2c2aad739db2f5dd4394165a5b5f2432/gitlab/v4/cli.py#L301-L305): ``` # We need to get the object somehow if not issubclass(cls, gitlab.mixins.GetWithoutIdMixin): if cls._id_attr is not None:...

fix(api): fix saving merge request approval rules

I at least changed the unit test to have different ids for different entities, so that a mixup in ids would become noticable.

fix(api): fix saving merge request approval rules

I consider this ready to be merged. @JohnVillalovos suggested adding functional tests, but I updated the unit tests instead to test this functionality. Is that sufficient? @david-vana-conrad, perhaps you can...

feat(job_token_scope): support job token access allowlist API

This currently assumes a job token scope as the parent of the allowlist, but I don't think that is correct. I would expect the allowlist to work without retrieving the...

lowercase vs uppercase grammar (original: 6.2.1 causes capitalization inconsistency)

> Padding Oracle I agree that this should be lower case, and also the following should be lower case: - libraries do not contain Easter eggs - This should prevent...