feat: add lint to detect RLS policies that allow access to anonymous users#28
feat: add lint to detect RLS policies that allow access to anonymous users#28kangmingtay wants to merge 14 commits intomainfrom
Conversation
kangmingtay
force-pushed
the
km/add-lint-for-anonymous-users
branch
from
92fd399 to
172f6f2
Compare
kangmingtay
force-pushed
the
km/add-lint-for-anonymous-users
branch
from
f20e755 to
32a0738
Compare
olirice
left a comment
olirice
left a comment
There was a problem hiding this comment.
Is there a way to check if a user has enabled anonymous logins from within the database? Currently this lint will fire on almost every project and only a small fraction are likely to enable anonymous logins in the short term.
olirice
left a comment
olirice
left a comment
There was a problem hiding this comment.
Before we can merge this we need to get the FE integration updated to not run all lints by default.
Terry is back tomorrow and I'll discuss it with him then but this might get pushed out til the week after LW as everyone is starting to get crunched
| 'INFO' as level, | ||
| 'EXTERNAL' as facing, | ||
| 'Detects row level security (RLS) policies that allow access to anonymous users.' as description, | ||
| 'https://supabase.github.io/splinter/0012_auth_allow_anonymous_sign_ins' as remediation, |
There was a problem hiding this comment.
Could you change this to a main docs site link please? Following the pattern here: https://supabase.com/docs/guides/database/database-advisors
|
blocked on deciding how we can run lints conditionally on the platform - currently, there's no way to conditionally execute a lint from the |
This comment was marked as abuse.
This comment was marked as abuse.
11 participants
What kind of change does this PR introduce?
What is the current behavior?
What is the new behavior?
authenticated,public, or any other role membersauth.jwt()->>'is_anonymous'expression in the policy definitionAdditional context
Add any other context or screenshots.