phoenix-oss/llama-stack-mirror
0
0
Fork 1
mirror of https://github.com/meta-llama/llama-stack.git synced 2025-12-03 01:48:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
llama-stack-mirror/tests/unit/server
History
Derek Higgins 61f6bd78d0 fix: RBAC bypass vulnerabilities in model access 
Closes security gaps where RBAC checks could be bypassed:

o Inference router: Added RBAC enforcement in the fallback
  path to ensure access control is applied consistently.

o Model listing: Dynamic models fetched via provider_data were returned
  without RBAC checks. Added filtering to ensure users only see models
  they have permission to access.

Both fixes create temporary ModelWithOwner objects for RBAC validation,
maintaining security through consistent access control enforcement.

Closes: #4269

Signed-off-by: Derek Higgins <derekh@redhat.com>
2025-12-02 14:24:20 +00:00
..
test_access_control.py fix: RBAC bypass vulnerabilities in model access 2025-12-02 14:24:20 +00:00
test_auth.py test: Update JWKS tests to properly mock authentication (#4257) 2025-12-01 09:57:44 -08:00
test_auth_github.py test: suppress expected error logs in SSE test (#3886) 2025-10-22 14:34:32 -07:00
test_cors.py feat: Add CORS configuration support for server (#3201) 2025-08-21 14:23:27 -07:00
test_quota.py refactor(storage): make { kvstore, sqlstore } as llama stack "internal" APIs (#4181) 2025-11-18 13:15:16 -08:00
test_replace_env_vars.py fix(env): env var replacement preserve types (#3270) 2025-08-28 17:07:18 +02:00
test_resolver.py refactor(storage): make { kvstore, sqlstore } as llama stack "internal" APIs (#4181) 2025-11-18 13:15:16 -08:00
test_schema_registry.py feat(openapi): switch to fastapi-based generator (#3944) 2025-11-14 15:53:53 -08:00
test_server.py fix: remove_disabled_providers filtering models with None fields (#4132) 2025-11-13 07:24:05 -08:00
test_sse.py fix: rename llama_stack_api dir (#4155) 2025-11-13 15:04:36 -08:00