File tree 1 file changed +8
-2
lines changed
1 file changed +8
-2
lines changed Original file line number Diff line number Diff line change @@ -319,7 +319,6 @@ fn check_graphql_and_perms<'a>(
319319 } ) ,
320320 _ => { }
321321 }
322- // TODO : Build out permission resolver here
323322
324323 operations
325324}
@@ -671,9 +670,16 @@ pub(crate) fn scan_directory<'a>(
671670 . collect :: < Vec < String > > ( )
672671 . join ( "\n " ) ;
673672
674- let mut final_perms: HashSet < & String > = perm_interp. permissions . iter ( ) . collect ( ) ;
673+ // excess Forge storage scopes should not increase the severity of an AuthZ vuln
674+ let mut final_perms: HashSet < & String > = perm_interp
675+ . permissions
676+ . iter ( )
677+ . filter ( |x| * * x != "report:personal-data" && * * x != "storage:app" )
678+ . collect ( ) ;
675679 let ast = parse_schema :: < & str > ( & joined_schema) ;
676680
681+ // Lack of coverage, since no apps use raw GraphQL currently.
682+ #[ cfg( any( ) ) ]
677683 if let std:: result:: Result :: Ok ( doc) = ast {
678684 let mut used_graphql_perms: Vec < & str > = definition_analysis_interp
679685 . value_manager
You can’t perform that action at this time.
0 commit comments