Allow importing ZIP-archives from URL in Dolos API

Question

Allow importing ZIP-archives from URL in Dolos API

rien opened this issue a year ago · 1 comments

As mentioned in dodona-edu/dodona#5338, the Dodona integration would send a POST request with an URL to the ZIP-archive instead of the archive itself.

This would include adding an allowlist for allowed URL's, as we want to avoid doing arbitrary server side requests.

Answer 1 · 2024-03-11T10:14:54.000Z

Since this would introduce potential for SSRF-attacks, we've opted to not implement this approach.

Instead, Dodona will POST the archive to Dolos.