Actions
Issue #3424
closedFileContent relative_path is not validated
Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Platform Release:
OS:
Triaged:
Yes
Groomed:
Yes
Sprint Candidate:
Tags:
Sprint:
Quarter:
Description
Ticket moved to GitHub: "pulp/pulp_file/607":https://github.com/pulp/pulp_file/issues/607
The relative_path field on file content units is not validated. This can be problematic when publishing the content. For instance, if the path contains a comma, the PULP_MANIFEST doesn't do any escaping.
Also, I was able to create a file content unit with path PULP_MANIFEST which was then served instead of the actual PULP_MANIFEST.
Relevant code for Manifest:
https://github.com/pulp/pulp_file/blob/master/pulp_file/app/tasks/publishing.py#L94
https://github.com/pulp/pulp_file/blob/master/pulp_file/manifest.py#L46-L57
Updated by daviddavis about 6 years ago
- Subject changed from Content unit path is not validated to ContentArtifact relative_path is not validated
- Description updated (diff)
Updated by daviddavis about 6 years ago
- Project changed from File Support to Pulp
Updated by daviddavis about 6 years ago
- Project changed from Pulp to File Support
- Subject changed from ContentArtifact relative_path is not validated to FileContent relative_path is not validated
- Description updated (diff)
Updated by dalley about 6 years ago
- Sprint/Milestone set to 56
- Triaged changed from No to Yes
Updated by jortel@redhat.com about 6 years ago
- Sprint Candidate changed from No to Yes
Updated by pulpbot about 2 years ago
- Description updated (diff)
- Status changed from NEW to CLOSED - DUPLICATE
Actions