Skip to content

fix : guard export endpoint lacks admin-only authorization #1479

Description

@tmdeveloper007

Summary of What Needs to be Done:
The GET /api/v1/guard/logs/export endpoint allows any authenticated user to export guard scan logs. The endpoint should be restricted to admin users only since scan logs may contain sensitive information about blocked prompts across all users.

Changes that Need to be Made:

  • backend/app/api/v1/guard.py (export_guard_scan_logs function): Add an admin role check at the start of the endpoint. If the current user does not have role=admin, return HTTP 403 Forbidden with a clear message.

Impact that it would Provide:

  • Prevents unauthorized data exposure of guard scan logs
  • Follows principle of least privilege
  • Aligns with enterprise security requirements

Note: Please assign this issue to the tmdeveloper007 account.

Metadata

Metadata

Labels

No labels
No labels

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions