Usergrid REST API issue

[Arun Ram <Ar...@spartasystems.com>]

Hi,

My name is Arun Ram and work for Sparta systems. We have discovered a potential security  issue with the usergrid REST API where a script could be injected into the response. I would like to propose and implement a fix.

Please let me know what is the appropriate forum to discuss my fix and find out the procedure to commit to the code base.

Thanks.

Arun
________________________________
NOTICE: This e-mail message and any attachments may contain confidential, proprietary, and/or privileged information which should be treated accordingly. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this message, and destroy all physical and electronic copies. Thank you.

RE: Usergrid REST API issue

[Arun Ram <Ar...@spartasystems.com>]

I just signed and sent a scanned copy of the ICLA to secretary@apache.org.

Arun

-----Original Message-----
From: Shawn Feldman [mailto:shawn.feldman@gmail.com]
Sent: Tuesday, July 07, 2015 11:26 AM
To: dev@usergrid.incubator.apache.org
Subject: Re: Usergrid REST API issue

have you signed an icla?  https://www.apache.org/licenses/icla.txt

On Tue, Jul 7, 2015 at 9:23 AM Arun Ram <Ar...@spartasystems.com> wrote:

> Thank you for the quick response. I have created a pull request.
>
> https://github.com/apache/incubator-usergrid/pull/300
>
> Arun
>
> -----Original Message-----
> From: Rod Simpson [mailto:rod@rodsimpson.com]
> Sent: Tuesday, July 07, 2015 10:49 AM
> To: dev@usergrid.incubator.apache.org
> Subject: Re: Usergrid REST API issue
>
> You are in the right place.
>
> Here is the website:
> http://usergrid.incubator.apache.org/
>
> Here is the github repo:
> https://github.com/apache/incubator-usergrid
>
> Just send a PR and the team will be happy to review it.
>
>
>
>
> Rod
>
>
>
> --
> Rod Simpson
>
>
> On July 7, 2015 at 7:57:06 AM, Arun Ram (arun.ram@spartasystems.com)
> wrote:
>
> Hi,
>
> My name is Arun Ram and work for Sparta systems. We have discovered a
> potential security issue with the usergrid REST API where a script
> could be injected into the response. I would like to propose and implement a fix.
>
> Please let me know what is the appropriate forum to discuss my fix and
> find out the procedure to commit to the code base.
>
> Thanks.
>
> Arun
> ________________________________
> NOTICE: This e-mail message and any attachments may contain
> confidential, proprietary, and/or privileged information which should
> be treated accordingly. If you are not the intended recipient, please
> notify the sender immediately by return e-mail, delete this message,
> and destroy all physical and electronic copies. Thank you.
> ________________________________
>  NOTICE: This e-mail message and any attachments may contain
> confidential, proprietary, and/or privileged information which should
> be treated accordingly. If you are not the intended recipient, please
> notify the sender immediately by return e-mail, delete this message,
> and destroy all physical and electronic copies. Thank you.
>
________________________________
 NOTICE: This e-mail message and any attachments may contain confidential, proprietary, and/or privileged information which should be treated accordingly. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this message, and destroy all physical and electronic copies. Thank you.

Re: Usergrid REST API issue

["John D. Ament" <jo...@apache.org>]

But don't worry, filling this out is rather painless.  I'll pull your
branch and test locally as well.  Thanks for the contrib Arunram!
On Jul 7, 2015 2:57 PM, "Rod Simpson" <ro...@rodsimpson.com> wrote:

> Thank you, Shawn.  Yes, you must fill out an ICLA with the Apache Software
> Foundation.
>
>
>
> --
> Rod Simpson
> T @rockerston
> W rodsimpson.com
>
> On July 7, 2015 at 9:26:07 AM, Shawn Feldman (shawn.feldman@gmail.com)
> wrote:
>
> have you signed an icla? https://www.apache.org/licenses/icla.txt
>
> On Tue, Jul 7, 2015 at 9:23 AM Arun Ram <Ar...@spartasystems.com>
> wrote:
>
> > Thank you for the quick response. I have created a pull request.
> >
> > https://github.com/apache/incubator-usergrid/pull/300
> >
> > Arun
> >
> > -----Original Message-----
> > From: Rod Simpson [mailto:rod@rodsimpson.com]
> > Sent: Tuesday, July 07, 2015 10:49 AM
> > To: dev@usergrid.incubator.apache.org
> > Subject: Re: Usergrid REST API issue
> >
> > You are in the right place.
> >
> > Here is the website:
> > http://usergrid.incubator.apache.org/
> >
> > Here is the github repo:
> > https://github.com/apache/incubator-usergrid
> >
> > Just send a PR and the team will be happy to review it.
> >
> >
> >
> >
> > Rod
> >
> >
> >
> > --
> > Rod Simpson
> >
> >
> > On July 7, 2015 at 7:57:06 AM, Arun Ram (arun.ram@spartasystems.com)
> > wrote:
> >
> > Hi,
> >
> > My name is Arun Ram and work for Sparta systems. We have discovered a
> > potential security issue with the usergrid REST API where a script could
> be
> > injected into the response. I would like to propose and implement a fix.
> >
> > Please let me know what is the appropriate forum to discuss my fix and
> > find out the procedure to commit to the code base.
> >
> > Thanks.
> >
> > Arun
> > ________________________________
> > NOTICE: This e-mail message and any attachments may contain confidential,
> > proprietary, and/or privileged information which should be treated
> > accordingly. If you are not the intended recipient, please notify the
> > sender immediately by return e-mail, delete this message, and destroy all
> > physical and electronic copies. Thank you.
> > ________________________________
> > NOTICE: This e-mail message and any attachments may contain confidential,
> > proprietary, and/or privileged information which should be treated
> > accordingly. If you are not the intended recipient, please notify the
> > sender immediately by return e-mail, delete this message, and destroy all
> > physical and electronic copies. Thank you.
> >
>

Re: Usergrid REST API issue

[Rod Simpson <ro...@rodsimpson.com>]

Thank you, Shawn.  Yes, you must fill out an ICLA with the Apache Software Foundation. 



-- 
Rod Simpson
T @rockerston
W rodsimpson.com

On July 7, 2015 at 9:26:07 AM, Shawn Feldman (shawn.feldman@gmail.com) wrote:

have you signed an icla? https://www.apache.org/licenses/icla.txt  

On Tue, Jul 7, 2015 at 9:23 AM Arun Ram <Ar...@spartasystems.com> wrote:  

> Thank you for the quick response. I have created a pull request.  
>  
> https://github.com/apache/incubator-usergrid/pull/300  
>  
> Arun  
>  
> -----Original Message-----  
> From: Rod Simpson [mailto:rod@rodsimpson.com]  
> Sent: Tuesday, July 07, 2015 10:49 AM  
> To: dev@usergrid.incubator.apache.org  
> Subject: Re: Usergrid REST API issue  
>  
> You are in the right place.  
>  
> Here is the website:  
> http://usergrid.incubator.apache.org/  
>  
> Here is the github repo:  
> https://github.com/apache/incubator-usergrid  
>  
> Just send a PR and the team will be happy to review it.  
>  
>  
>  
>  
> Rod  
>  
>  
>  
> --  
> Rod Simpson  
>  
>  
> On July 7, 2015 at 7:57:06 AM, Arun Ram (arun.ram@spartasystems.com)  
> wrote:  
>  
> Hi,  
>  
> My name is Arun Ram and work for Sparta systems. We have discovered a  
> potential security issue with the usergrid REST API where a script could be  
> injected into the response. I would like to propose and implement a fix.  
>  
> Please let me know what is the appropriate forum to discuss my fix and  
> find out the procedure to commit to the code base.  
>  
> Thanks.  
>  
> Arun  
> ________________________________  
> NOTICE: This e-mail message and any attachments may contain confidential,  
> proprietary, and/or privileged information which should be treated  
> accordingly. If you are not the intended recipient, please notify the  
> sender immediately by return e-mail, delete this message, and destroy all  
> physical and electronic copies. Thank you.  
> ________________________________  
> NOTICE: This e-mail message and any attachments may contain confidential,  
> proprietary, and/or privileged information which should be treated  
> accordingly. If you are not the intended recipient, please notify the  
> sender immediately by return e-mail, delete this message, and destroy all  
> physical and electronic copies. Thank you.  
>  

Re: Usergrid REST API issue

[Shawn Feldman <sh...@gmail.com>]

have you signed an icla?  https://www.apache.org/licenses/icla.txt

On Tue, Jul 7, 2015 at 9:23 AM Arun Ram <Ar...@spartasystems.com> wrote:

> Thank you for the quick response. I have created a pull request.
>
> https://github.com/apache/incubator-usergrid/pull/300
>
> Arun
>
> -----Original Message-----
> From: Rod Simpson [mailto:rod@rodsimpson.com]
> Sent: Tuesday, July 07, 2015 10:49 AM
> To: dev@usergrid.incubator.apache.org
> Subject: Re: Usergrid REST API issue
>
> You are in the right place.
>
> Here is the website:
> http://usergrid.incubator.apache.org/
>
> Here is the github repo:
> https://github.com/apache/incubator-usergrid
>
> Just send a PR and the team will be happy to review it.
>
>
>
>
> Rod
>
>
>
> --
> Rod Simpson
>
>
> On July 7, 2015 at 7:57:06 AM, Arun Ram (arun.ram@spartasystems.com)
> wrote:
>
> Hi,
>
> My name is Arun Ram and work for Sparta systems. We have discovered a
> potential security issue with the usergrid REST API where a script could be
> injected into the response. I would like to propose and implement a fix.
>
> Please let me know what is the appropriate forum to discuss my fix and
> find out the procedure to commit to the code base.
>
> Thanks.
>
> Arun
> ________________________________
> NOTICE: This e-mail message and any attachments may contain confidential,
> proprietary, and/or privileged information which should be treated
> accordingly. If you are not the intended recipient, please notify the
> sender immediately by return e-mail, delete this message, and destroy all
> physical and electronic copies. Thank you.
> ________________________________
>  NOTICE: This e-mail message and any attachments may contain confidential,
> proprietary, and/or privileged information which should be treated
> accordingly. If you are not the intended recipient, please notify the
> sender immediately by return e-mail, delete this message, and destroy all
> physical and electronic copies. Thank you.
>

RE: Usergrid REST API issue

[Arun Ram <Ar...@spartasystems.com>]

Thank you for the quick response. I have created a pull request.

https://github.com/apache/incubator-usergrid/pull/300

Arun

-----Original Message-----
From: Rod Simpson [mailto:rod@rodsimpson.com]
Sent: Tuesday, July 07, 2015 10:49 AM
To: dev@usergrid.incubator.apache.org
Subject: Re: Usergrid REST API issue

You are in the right place.

Here is the website:
http://usergrid.incubator.apache.org/

Here is the github repo:
https://github.com/apache/incubator-usergrid

Just send a PR and the team will be happy to review it.




Rod



--
Rod Simpson


On July 7, 2015 at 7:57:06 AM, Arun Ram (arun.ram@spartasystems.com) wrote:

Hi,

My name is Arun Ram and work for Sparta systems. We have discovered a potential security issue with the usergrid REST API where a script could be injected into the response. I would like to propose and implement a fix.

Please let me know what is the appropriate forum to discuss my fix and find out the procedure to commit to the code base.

Thanks.

Arun
________________________________
NOTICE: This e-mail message and any attachments may contain confidential, proprietary, and/or privileged information which should be treated accordingly. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this message, and destroy all physical and electronic copies. Thank you.
________________________________
 NOTICE: This e-mail message and any attachments may contain confidential, proprietary, and/or privileged information which should be treated accordingly. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this message, and destroy all physical and electronic copies. Thank you.

Re: Usergrid REST API issue

[Rod Simpson <ro...@rodsimpson.com>]

You are in the right place.

Here is the website:
http://usergrid.incubator.apache.org/

Here is the github repo:
https://github.com/apache/incubator-usergrid

Just send a PR and the team will be happy to review it.




Rod



-- 
Rod Simpson


On July 7, 2015 at 7:57:06 AM, Arun Ram (arun.ram@spartasystems.com) wrote:

Hi,  

My name is Arun Ram and work for Sparta systems. We have discovered a potential security issue with the usergrid REST API where a script could be injected into the response. I would like to propose and implement a fix.  

Please let me know what is the appropriate forum to discuss my fix and find out the procedure to commit to the code base.  

Thanks.  

Arun  
________________________________  
NOTICE: This e-mail message and any attachments may contain confidential, proprietary, and/or privileged information which should be treated accordingly. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this message, and destroy all physical and electronic copies. Thank you.