Bug #24011
closed
Archiving allows to read inconsistent active technique category ids
Description
When importing an archive from git, the id of the active technique category is never sanitized and it could lead to inconsistent behavior like creating other directories outside /var/rudder/configuration-repository when restoring the archive e.g. when an id contains relative file paths characters.
Updated by Clark ANDRIANASOLO 4 months ago
- Status changed from New to In progress
Updated by Clark ANDRIANASOLO 4 months ago
- Status changed from In progress to Pending technical review
- Assignee changed from Clark ANDRIANASOLO to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder/pull/5314
Updated by Vincent MEMBRÉ 3 months ago
- Target version changed from 7.3.11 to 7.3.12
Updated by Clark ANDRIANASOLO 3 months ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|574a23da6621bf40d111880a5c834db5ee74cbb9.
Updated by Clark ANDRIANASOLO 2 months ago
- Fix check changed from To do to Checked
It does no longer create additional files when hacking the xml content in the configuration-repository : /home/user/test.xml file is no longer created when I edit a directive to have an id ../../../../../../home/user/test, and I archive and then re-import the archive.
(not sure though why the error is silent)
Updated by Vincent MEMBRÉ 2 months ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 7.3.12 and 8.0.6 which were released today.