github: issue_comments: 4 rows where author_association = "OWNER", issue = 675724951 and user = 9599 sorted by updated

4 rows where author_association = "OWNER", issue = 675724951 and user = 9599 sorted by updated_at descending

Search:

✖

descending

id	html_url	issue_url	node_id	user	created_at	updated_at ▲	author_association	body	reactions	issue
671075764	https://github.com/simonw/datasette/issues/918#issuecomment-671075764	https://api.github.com/repos/simonw/datasette/issues/918	MDEyOklzc3VlQ29tbWVudDY3MTA3NTc2NA==	simonw 9599	2020-08-09T16:56:48Z	2020-08-09T16:56:48Z	OWNER	GitHub security advisory: https://github.com/simonw/datasette/security/advisories/GHSA-q6j3-c4wc-63vw	{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 }	Security issue: read-only canned queries leak CSRF token in URL 675724951
671071710	https://github.com/simonw/datasette/issues/918#issuecomment-671071710	https://api.github.com/repos/simonw/datasette/issues/918	MDEyOklzc3VlQ29tbWVudDY3MTA3MTcxMA==	simonw 9599	2020-08-09T16:21:41Z	2020-08-09T16:21:41Z	OWNER	Submitting the form on https://latest.datasette.io/fixtures/neighborhood_search demonstrates that this is fixed.	{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 }	Security issue: read-only canned queries leak CSRF token in URL 675724951
671070528	https://github.com/simonw/datasette/issues/918#issuecomment-671070528	https://api.github.com/repos/simonw/datasette/issues/918	MDEyOklzc3VlQ29tbWVudDY3MTA3MDUyOA==	simonw 9599	2020-08-09T16:12:16Z	2020-08-09T16:12:16Z	OWNER	It's worth noting that in order to exploit this issue the following would all need to be true: A user is running a copy of Datasette protected by a cookie-based authentication plugin AND configured with at least one writable canned query An attacker is in control of a URL that could concievably be returned on a page that is displayed as the result of submitting a read-only canned query An authenticated user of that Datasette instance, who is running a browser that doesn't support the `SameSite=lax` cookie parameter (which is widely supported by modern browsers), submits the read-only canned query form and then clicks a link to the attacker's off-site page, exposing their CSRFToken in the attacker's HTTP referer logs The attacker then tricks that user into visiting their own malicious web page which includes a POST form that auto-submits against the writable canned query that the attacker wishes to exploit, including the CSRF token as a hidden field The attacker would need full knowledge of the URL and form layout of the Datasette instance that they are exploiting.	{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 }	Security issue: read-only canned queries leak CSRF token in URL 675724951
671070486	https://github.com/simonw/datasette/issues/918#issuecomment-671070486	https://api.github.com/repos/simonw/datasette/issues/918	MDEyOklzc3VlQ29tbWVudDY3MTA3MDQ4Ng==	simonw 9599	2020-08-09T16:11:59Z	2020-08-09T16:11:59Z	OWNER	Fix has been released in Datasette 0.46: https://datasette.readthedocs.io/en/latest/changelog.html#v0-46	{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 }	Security issue: read-only canned queries leak CSRF token in URL 675724951

Advanced export

JSON shape: default, array, newline-delimited, object

CREATE TABLE [issue_comments] (
   [html_url] TEXT,
   [issue_url] TEXT,
   [id] INTEGER PRIMARY KEY,
   [node_id] TEXT,
   [user] INTEGER REFERENCES [users]([id]),
   [created_at] TEXT,
   [updated_at] TEXT,
   [author_association] TEXT,
   [body] TEXT,
   [reactions] TEXT,
   [issue] INTEGER REFERENCES [issues]([id])
, [performed_via_github_app] TEXT);
CREATE INDEX [idx_issue_comments_issue]
                ON [issue_comments] ([issue]);
CREATE INDEX [idx_issue_comments_user]
                ON [issue_comments] ([user]);