Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 8.1.0-rc0
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Server Security
Backwards Compatibility:
Fully Compatible
Sprint:
Security 2024-01-22, Security 2024-02-05, Security 2024-02-19, Security 2024-03-04, Security 2024-09-02, Security 2024-09-16, Security 2024-09-30
Linked BF Score:
135
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Currently, we have a lot of calls to cc() hidden in our Authentication and Authorization subsystem. However, in this system we should always be operating within a client and operation context, which means we should have the pointer to it somewhere above in the stack. Calling cc() seems like a byproduct of poor design, so we should audit calls to cc() within authz/n and ensure that we are passing a client or opCtx down whenever necessary.

Assignee:: Shreyas Kalyan
Reporter:: Shreyas Kalyan
Participants:: Githook User, Shreyas Kalyan
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: Jan 10 2024 03:29:24 PM UTC
Updated:: Sep 25 2024 08:00:04 PM UTC
Resolved:: Sep 25 2024 08:00:04 PM UTC

Details

Description

Attachments

Activity

People

Dates