byteoverride opened a new issue, #4149:
URL: https://github.com/apache/hertzbeat/issues/4149
### Feature Request
Checked the docs and existing issues. The plugin upload endpoint
(/api/plugin) does not have role-based access control configured in
sureness.yml. Every other API path has explicit role mappings. Suggesting
this endpoint gets the same treatment for consistency and defense-in-depth
### Is your feature request related to a problem? Please describe
The POST /api/plugin endpoint is currently accessible to any authenticated
user including the guest role. Since plugin upload loads custom JAR code into
the JVM via ServiceLoader, having no role restriction
means any compromised low-privilege account has the same plugin management
access as an admin.
### Describe the solution you'd like
Add explicit role mappings for the plugin endpoint in sureness.yml,
restricting plugin management to admin users only:
- /api/plugin/**===get===[admin]
- /api/plugin/**===post===[admin]
- /api/plugin/**===put===[admin]
- /api/plugin/**===delete===[admin]
### Describe alternatives you've considered
An alternative would be adding a dedicated permission like plugin:manage
that can be assigned to specific roles, giving operators more flexibility over
who can upload plugins without granting full admin access.
### Additional context
This is a defense-in-depth suggestion. The current security model grants all
users management permissions, but as HertzBeat adoption grows, organizations
may want finer-grained control over who can upload
custom code into the runtime. Every other API path in sureness.yml has
explicit role mappings, so adding one for /api/plugin would make the
configuration consistent.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail:
[email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
