cshannon commented on code in PR #2034: URL: https://github.com/apache/activemq/pull/2034#discussion_r3281882427
########## SECURITY.md: ########## @@ -70,3 +72,13 @@ Layers of security provide valuable options to prevent attacks, and to provide a 6. Add allow/deny lists to transport connectors to limit IP addresses 7. [Done] VM Transport creation blocks the XBean factory by default + +## Security vs Features + +AI code scanning tools often mistaken designed features as a security issue. + +1. JMS Selectors - An optional query parameter designed to filter messages on a queue or topic that is not security related + +2. ClientId - A non-secret unique identifier used to provide once-and-only-once delivery that are designed to be used between connections and be deleted Review Comment: ```suggestion 2. ClientId - A non-secret unique identifier used to provide once-and-only-once delivery that are designed to be used between connections and be deleted. The JMS spec specifically allows any authorized connection to use the same clientid as long as it isn't currently in use. Some protocols, such as MQTT, also allow link stealing and taking over if in use. 3. Durable Subscriptions - The JMS spec allows authorized connections to connect to any existing durable subscription (combination of client id and subscription name) as long as it is offline. Authorized clients are allowed to delete the durable subscriptions as well even if they didn't create it. ``` ########## SECURITY.md: ########## @@ -70,3 +72,13 @@ Layers of security provide valuable options to prevent attacks, and to provide a 6. Add allow/deny lists to transport connectors to limit IP addresses 7. [Done] VM Transport creation blocks the XBean factory by default + +## Security vs Features + +AI code scanning tools often mistaken designed features as a security issue. Review Comment: ```suggestion AI code scanning tools often mistaken designed features as a security issue. It is the responsibility of the reporter to review AI output and verify if it's a real issue. There has been a large number of invalid submissions that could be avoided by simply reviewing the JMS spec and the features of the broker itself. Some of the most common reported examples: ``` ########## SECURITY.md: ########## @@ -70,3 +72,13 @@ Layers of security provide valuable options to prevent attacks, and to provide a 6. Add allow/deny lists to transport connectors to limit IP addresses 7. [Done] VM Transport creation blocks the XBean factory by default + +## Security vs Features + +AI code scanning tools often mistaken designed features as a security issue. + +1. JMS Selectors - An optional query parameter designed to filter messages on a queue or topic that is not security related + +2. ClientId - A non-secret unique identifier used to provide once-and-only-once delivery that are designed to be used between connections and be deleted + +3. BlobMessages - Blob message support is a side-channel for moving large messages with the JMS API by routing the large message through a different endpoint such as http, sftp or scp. Clients using BlobMessages are responsible for validating the authenticity and validity of the uri provided by the broker. ActiveMQ recommends using SSL secured transports, with two-way SSL as the most preferred. Review Comment: ```suggestion 4. BlobMessages - Blob message support is a side-channel for moving large messages with the JMS API by routing the large message through a different endpoint such as http, sftp or scp. Clients using BlobMessages are responsible for validating the authenticity and validity of the uri provided by the received message before taking any action such as downloading or deleting the file. ActiveMQ recommends using SSL secured transports, with two-way SSL as the most preferred. ``` ########## SECURITY.md: ########## @@ -70,3 +72,13 @@ Layers of security provide valuable options to prevent attacks, and to provide a 6. Add allow/deny lists to transport connectors to limit IP addresses 7. [Done] VM Transport creation blocks the XBean factory by default + +## Security vs Features + +AI code scanning tools often mistaken designed features as a security issue. + +1. JMS Selectors - An optional query parameter designed to filter messages on a queue or topic that is not security related Review Comment: ```suggestion 1. JMS Selectors - An optional query parameter designed to filter messages on a queue or topic that is not security related. It is used by clients to consume a subset of messages on the destination instead of all messages. However, if a client is authorized for a destination it is always free to consume all the messages if it chooses so by simply not setting the selector. Therefore any reports showing issues with selectors allowing the consumption of extra messages would be considered a bug and not a security issue as long as it doesn't escape the destination the client is authorized for. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information, visit: https://activemq.apache.org/contact
