mirror of https://github.com/scylladb/scylladb.git synced 2026-04-20 00:20:47 +00:00

Files

Botond Dénes cb9c65af43 Merge 'auth: sanitize {USER} substitution in LDAP URL template' from Piotr Smaron

`LDAPRoleManager` interpolated usernames directly into `ldap_url_template`,
allowing LDAP filter injection and URL structure manipulation via crafted
usernames.

This PR adds two layers of encoding when substituting `{USER}`:
1. **RFC 4515 filter escaping** — neutralises `*`, `(`, `)`, `\`, NUL
2. **URL percent-encoding** — prevents `%`, `?`, `#` from breaking
   `ldap_url_parse`'s component splitting or undoing the filter escaping
It also adds `validate_query_template()` at startup to reject templates
that place `{USER}` outside the filter component (e.g. in the host or
base DN), where filter escaping would be the wrong defense.
Fixes: SCYLLADB-1309

Compatibility note:
Templates with `{USER}` in the host, base DN, attributes, or extensions
were previously silently accepted. They are now rejected at startup with
a descriptive error. Only templates with `{USER}` in the filter component
(after the third `?`) are valid.

Fixes: SCYLLADB-1309

Due to severeness, should be backported to all maintained versions.

Closes scylladb/scylladb#29388

* github.com:scylladb/scylladb:
  auth: sanitize {USER} substitution in LDAP URL templates
  test/ldap: add LDAP filter-injection reproducers

(cherry picked from commit aecb6b1d76)

Closes scylladb/scylladb#29495

2026-04-17 11:45:50 +02:00

_ext

docs: fix local build

2025-12-14 11:48:48 +02:00

_static

doc: add OS support for version 2025.4

2025-10-28 13:29:40 +03:00

_templates

docs: do not show any version warning for upgrade guide pages

2025-08-22 09:49:27 +03:00

_utils

doc: remove the troubleshooting section on upgrades from OSS

2026-01-26 19:17:28 +02:00

alternator

doc: Fix malformed markdown link in alternator network docs

2026-04-10 10:19:51 +03:00

architecture

docs: describe upgrade to enforce_rack_list option

2026-02-23 20:58:23 +00:00

cql

docs: update vector search filtering to reflect primary key support only

2026-03-19 11:19:53 +01:00

dev

Merge 'Extend snapshot manifest.json with tablet-aware metadata' from Benny Halevy

2026-01-22 15:19:11 +03:00

features

doc: fix the links on the repair-related pages

2026-02-18 12:39:07 +02:00

getting-started

Merge 'doc: fix the installation section' from Anna Stuchlik

2026-03-20 10:23:55 +02:00

doc: remove an outdated KB

2026-01-22 18:27:14 +01:00

operating-scylla

Merge 'auth: sanitize {USER} substitution in LDAP URL template' from Piotr Smaron

2026-04-17 11:45:50 +02:00

reference

docs: make the glossary more tablet inclusive

2026-01-19 11:50:13 +03:00

rst_include

doc: remove the redundant raw:: html directive

2024-10-17 13:41:15 +03:00

troubleshooting

doc: remove the troubleshooting section on upgrades from OSS

2026-01-26 19:17:28 +02:00

upgrade

doc: add the 2026.x patch release upgrade guide-from-2025

2026-04-12 14:35:07 +03:00

using-scylla

doc: remove references to Open Source

2026-01-13 08:43:26 +02:00

.gitignore

docs: enable tooltips

2024-11-06 14:09:28 +02:00

conf.py

docs: add metrics generation validation

2025-11-25 15:39:52 +03:00

faq.rst

doc: remove references to Enterprise

2025-02-20 11:24:34 +02:00

index.rst

replace the Driver pages with a link to the new Drivers pages

2025-12-04 10:07:27 +02:00

Makefile

docs: update Sphinx configuration for unified repository publishing

2025-01-07 12:54:51 +02:00

poetry.lock

docs: fix multiversion build

2025-12-16 19:41:03 +03:00

pyproject.toml

docs: fix multiversion build

2025-12-16 19:41:03 +03:00

README-metrics.md

docs: add metrics generation validation

2025-11-25 15:39:52 +03:00

README.md

Clarify documentation build instructions

2025-12-16 06:56:00 +02:00

robots.txt

…

README.md

ScyllaDB Documentation

This repository contains the source files for ScyllaDB documentation.

The dev folder contains developer-oriented documentation related to the ScyllaDB code base. It is not published and is only available via GitHub.
All other folders and files contain user-oriented documentation related to ScyllaDB and are sources for docs.scylladb.com/manual.

To report a documentation bug or suggest an improvement, open an issue in GitHub issues for this project.

To contribute to the documentation, open a GitHub pull request.

Key Guidelines for Contributors

The user documentation is written in reStructuredText (RST) - a plaintext markup language similar to Markdown. If you're not familiar with RST, see ScyllaDB RST Examples.
The developer documentation is written in Markdown. See Basic Markdown Syntax for reference.
Follow the ScyllaDB Style Guide.

To prevent the build from failing:

If you add a new file, ensure it's added to an appropriate toctree, for example:

 .. toctree::
    :maxdepth: 2
    :hidden:

    Page X </folder1/article1>
    Page Y </folder1/article2>
    Your New Page </folder1/your-new-article>

Make sure the link syntax is correct. See the guidelines on creating links
Make sure the section headings are correct. See the guidelines on creating headings Note that the markup must be at least as long as the text in the heading. For example:
```
----------------------
Prerequisites
----------------------
```

Building User Documentation

Prerequisites

Python
poetry
make

See the ScyllaDB Sphinx Theme prerequisites to check which versions of the above are currently required.

Mac OS X

You must have a working Homebrew in order to install the needed tools.

You also need the standard utility make.

Check if you have these two items with the following commands:

brew help
make -h

Linux Distributions

Building the user docs should work out of the box on most Linux distributions.

Windows

Use "Bash on Ubuntu on Windows" for the same tools and capabilities as on Linux distributions.

Building the Docs

Run make preview in the docs/ directory to build the documentation.
Preview the built documentation locally at http://127.0.0.1:5500/.

Cleanup

You can clean up all the build products and auto-installed Python stuff with:

make pristine

Information for Contributors

If you are interested in contributing to Scylla docs, please read the Scylla open source page at http://www.scylladb.com/opensource/ and complete a Scylla contributor agreement if needed. We can only accept documentation pull requests if we have a contributor agreement on file for you.

Third-party Documentation

Do any copying as a separate commit. Always commit an unmodified version first and then do any editing in a separate commit.
We already have a copy of the Apache license in our tree, so you do not need to commit a copy of the license.
Include the copyright header from the source file in the edited version. If you are copying an Apache Cassandra document with no copyright header, use:

This document includes material from Apache Cassandra.
Apache Cassandra is Copyright 2009-2014 The Apache Software Foundation.