Bug #19458: Validate the hostname field - Rudder - Issue Tracker

Actions

Copy link

Bug #19458

closed

Validate the hostname field

Added by Alexis Mousset almost 3 years ago. Updated 9 months ago.

Status:

Rejected

Priority:

N/A

Assignee:

Category:

Security

Target version:

6.1.14

Pull Request:

Severity:

UX impact:

User visibility:

Effort required:

Priority:

Name check:

To do

Fix check:

To do

Regression:

Description

Currently toto " $ <b>tutu</b><script>alert(1);</script>@ is accepted as a valid hostname.

Given the hostname is used in several places, including command arguments, it could be a good thing to restrict its content to a reasonable char set to prevent various injections.

Related issues 2 (0 open — 2 closed)

History
Property changes

Actions

Copy link

Also available in: Atom PDF

	Related to Rudder - Bug #19456: Lack of HTML escaping in nodes list	Released	Nicolas CHARLES				Actions
	Is duplicate of Rudder - Bug #19457: Enforce stricter restriction on authorized node id and hostname	Released	Vincent MEMBRÉ				Actions

Project

General

Profile

Rudder

Custom queries

Bug #19458

Validate the hostname field

Updated by François ARMAND almost 3 years ago

Updated by François ARMAND almost 3 years ago

Updated by François ARMAND almost 3 years ago

Updated by Alexis Mousset 9 months ago