Issue #3424: FileContent relative_path is not validated - File Support

Issue #3424

The relative_path field on file content units unit artifacts is not validated. This can be problematic when publishing the content. For instance, if the path contains a comma, the PULP_MANIFEST doesn't do any escaping. 

 Also, I was able to create a file content unit with path PULP_MANIFEST which was then served instead of the actual PULP_MANIFEST. 

 Relevant code for Manifest: See: 

 https://github.com/pulp/pulp_file/blob/master/pulp_file/app/tasks/publishing.py#L94 
 https://github.com/pulp/pulp_file/blob/master/pulp_file/manifest.py#L46-L57

Back

Project

Profile

Help

File Support

Issue #3424