Skip to content

Placeholder injection mitigation unsafe placeholders #1235

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 10 commits into
base: main
Choose a base branch
from
Draft

Placeholder injection mitigation unsafe placeholders #1235

wants to merge 10 commits into from

Conversation

rparke
Copy link
Contributor

@rparke rparke commented May 16, 2025

No description provided.

rparke and others added 10 commits May 16, 2025 11:39
@rparke
Add type property to Placeholder and refactor checks for conditional …
1764663 
…placeholders to use this property

To prepare for extending the placeholder syntax to include unsafe placeholders, we are introducing a type property to manage and be the single source of truth about what type of placeholder is being used to make extensions to the syntax easier to maintain and write.

We are assuming that a placeholder can only ever be of one type, and that union types are forbidden (e.g. unsafe and conditional placeholders are not allowed)
@rparke
add unsafe placeholder type and formatting and replacement rules
fc9df30 
adds unsafe placeholder type for placeholders with the pattern  `((<value>::unsafe))` as well as a stub replacement rule to check that unsafe placeholders are parsed correctly. This is to ensure we are ready for the next ticket, adding specific logic to implement the sanitisation of markdown.
@rparke
updated placeholder_tag_unsafe to include new styling to ensure highl…
f6f65c8 
…ighting appears correct

we were incorrectly using the placeholder styling before. This styling was designed to ignore trailing parentheses when highlighting the placeholder's variable name. This new css class ensures the highlighting works correcly for unsafe placeholders where the variable doesn't have trailing parentheses
@rparke
Replaces the stub with a method for escaping markdown specific syntax
49b39f2 
Any of the following characters: `*_(){}[]<>#+-.!| are escaped with a / to ensure they aren't rendered by the markdown engine to links, headings etc
@rparke
formatting
56bcc89
@rparke
Extend sanitise_replacement_unsafe to return an empty string if a url…
4403e36 
… is found in a replacement value

For the first iteration the simplest way to sanitise values containing a link is to consider the entire link compromised and redact everything in the value.

This will require user testing as it may be more agressive sanitisation than users expect
@rparke
change name of escaped placeholder from to
6fbfb0c
@rparke
Merge pull request #1223 from alphagov/unsafe_placeholders_remove_links
5d01731 
Remove urls from unsafe placeholders
@rparke
Merge remote-tracking branch 'origin/main' into placeholder_injection…
3939ee2 
…_mitigation_unsafe_placeholders
@rparke
Revert "Merge pull request #1239 from alphagov/remove-overall-daily-l…
33a54e7 
…imit-cache-key"

This reverts commit 7dfafcb, reversing
changes made to a97b36f.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rparke